| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50€-Trojaner: auch mich hat es erwischt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.01.2012, 17:44
| #1 |
 |  50€-Trojaner: auch mich hat es erwischt. OK, here we go: Code:
ATTFilter 18:41:29.0531 6080 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
18:41:29.0859 6080 ============================================================
18:41:29.0859 6080 Current date / time: 2012/01/14 18:41:29.0859
18:41:29.0859 6080 SystemInfo:
18:41:29.0859 6080
18:41:29.0859 6080 OS Version: 5.1.2600 ServicePack: 3.0
18:41:29.0859 6080 Product type: Workstation
18:41:29.0859 6080 ComputerName: ***1
18:41:29.0859 6080 UserName: ***
18:41:29.0859 6080 Windows directory: C:\WINDOWS
18:41:29.0859 6080 System windows directory: C:\WINDOWS
18:41:29.0859 6080 Processor architecture: Intel x86
18:41:29.0859 6080 Number of processors: 4
18:41:29.0859 6080 Page size: 0x1000
18:41:29.0859 6080 Boot type: Normal boot
18:41:29.0859 6080 ============================================================
18:41:30.0312 6080 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
18:41:30.0312 6080 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'W'
18:41:30.0406 6080 Initialize success
18:41:50.0281 0384 ============================================================
18:41:50.0281 0384 Scan started
18:41:50.0281 0384 Mode: Manual; SigCheck; TDLFS;
18:41:50.0281 0384 ============================================================
18:41:50.0609 0384 Abiosdsk - ok
18:41:50.0625 0384 abp480n5 - ok
18:41:50.0640 0384 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:41:50.0890 0384 ACPI - ok
18:41:50.0921 0384 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:41:51.0000 0384 ACPIEC - ok
18:41:51.0062 0384 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
18:41:51.0078 0384 adfs - ok
18:41:51.0078 0384 adpu160m - ok
18:41:51.0140 0384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:41:51.0218 0384 aec - ok
18:41:51.0437 0384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:41:51.0937 0384 AFD - ok
18:41:51.0953 0384 Aha154x - ok
18:41:51.0953 0384 aic78u2 - ok
18:41:51.0968 0384 aic78xx - ok
18:41:51.0984 0384 AliIde - ok
18:41:52.0031 0384 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
18:41:52.0109 0384 Ambfilt - ok
18:41:52.0265 0384 amsint - ok
18:41:52.0296 0384 ApfiltrService (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:41:52.0312 0384 ApfiltrService - ok
18:41:52.0312 0384 asc - ok
18:41:52.0328 0384 asc3350p - ok
18:41:52.0328 0384 asc3550 - ok
18:41:52.0359 0384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:41:52.0437 0384 AsyncMac - ok
18:41:52.0468 0384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
18:41:52.0531 0384 atapi - ok
18:41:52.0531 0384 Atdisk - ok
18:41:52.0546 0384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:41:52.0625 0384 Atmarpc - ok
18:41:52.0687 0384 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
18:41:52.0718 0384 ATSwpWDF - ok
18:41:52.0828 0384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:41:52.0906 0384 audstub - ok
18:41:52.0953 0384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:41:53.0062 0384 Beep - ok
18:41:53.0078 0384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:41:53.0140 0384 cbidf2k - ok
18:41:53.0156 0384 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:41:53.0203 0384 CCDECODE - ok
18:41:53.0218 0384 cd20xrnt - ok
18:41:53.0218 0384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:41:53.0281 0384 Cdaudio - ok
18:41:53.0312 0384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:41:53.0390 0384 Cdfs - ok
18:41:53.0406 0384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:41:53.0468 0384 Cdrom - ok
18:41:53.0484 0384 Changer - ok
18:41:53.0515 0384 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:41:53.0562 0384 CmBatt - ok
18:41:53.0578 0384 CmdIde - ok
18:41:53.0593 0384 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:41:53.0640 0384 Compbatt - ok
18:41:53.0656 0384 Cpqarray - ok
18:41:53.0671 0384 dac2w2k - ok
18:41:53.0671 0384 dac960nt - ok
18:41:53.0687 0384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:41:53.0781 0384 Disk - ok
18:41:53.0812 0384 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:41:53.0937 0384 dmboot - ok
18:41:53.0968 0384 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:41:54.0031 0384 dmio - ok
18:41:54.0046 0384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:41:54.0125 0384 dmload - ok
18:41:54.0171 0384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:41:54.0234 0384 DMusic - ok
18:41:54.0343 0384 dpti2o - ok
18:41:54.0406 0384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:41:54.0468 0384 drmkaud - ok
18:41:54.0515 0384 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
18:41:54.0531 0384 e1kexpress - ok
18:41:54.0546 0384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:41:54.0640 0384 Fastfat - ok
18:41:54.0656 0384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:41:54.0812 0384 Fdc - ok
18:41:54.0828 0384 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:41:54.0921 0384 Fips - ok
18:41:54.0937 0384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:41:55.0015 0384 Flpydisk - ok
18:41:55.0015 0384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:41:55.0078 0384 FltMgr - ok
18:41:55.0093 0384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:41:55.0156 0384 Fs_Rec - ok
18:41:55.0156 0384 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:41:55.0218 0384 Ftdisk - ok
18:41:55.0234 0384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:41:55.0328 0384 Gpc - ok
18:41:55.0375 0384 guardian2 (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
18:41:55.0390 0384 guardian2 - ok
18:41:55.0421 0384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:41:55.0484 0384 HDAudBus - ok
18:41:55.0656 0384 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
18:41:55.0687 0384 HECI - ok
18:41:55.0718 0384 hpn - ok
18:41:55.0750 0384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:41:55.0765 0384 HTTP - ok
18:41:55.0781 0384 i2omgmt - ok
18:41:55.0781 0384 i2omp - ok
18:41:55.0812 0384 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:41:55.0937 0384 i8042prt - ok
18:41:56.0000 0384 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
18:41:56.0015 0384 iaStor - ok
18:41:56.0031 0384 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
18:41:56.0046 0384 IFXTPM - ok
18:41:56.0234 0384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:41:56.0296 0384 Imapi - ok
18:41:56.0359 0384 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
18:41:56.0390 0384 Impcd - ok
18:41:56.0406 0384 ini910u - ok
18:41:56.0593 0384 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:41:56.0796 0384 IntcAzAudAddService - ok
18:41:56.0953 0384 IntelIde - ok
18:41:56.0984 0384 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:41:57.0109 0384 intelppm - ok
18:41:57.0140 0384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:41:57.0265 0384 Ip6Fw - ok
18:41:57.0281 0384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:41:57.0406 0384 IpFilterDriver - ok
18:41:57.0421 0384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:41:57.0546 0384 IpInIp - ok
18:41:57.0578 0384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:41:57.0718 0384 IpNat - ok
18:41:57.0750 0384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:41:57.0890 0384 IPSec - ok
18:41:57.0906 0384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:41:57.0984 0384 IRENUM - ok
18:41:58.0015 0384 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:41:58.0140 0384 isapnp - ok
18:41:58.0343 0384 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:41:58.0468 0384 Kbdclass - ok
18:41:58.0515 0384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:41:58.0609 0384 kmixer - ok
18:41:58.0609 0384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:41:58.0625 0384 KSecDD - ok
18:41:58.0640 0384 lbrtfdc - ok
18:41:58.0687 0384 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:41:58.0703 0384 MBAMProtector - ok
18:41:58.0796 0384 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:41:58.0812 0384 mfeavfk - ok
18:41:58.0875 0384 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
18:41:58.0890 0384 mfebopk - ok
18:41:58.0968 0384 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
18:41:59.0000 0384 mfehidk - ok
18:41:59.0000 0384 mferkdk - ok
18:41:59.0015 0384 mfesmfk - ok
18:41:59.0031 0384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:41:59.0140 0384 mnmdd - ok
18:41:59.0203 0384 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:41:59.0281 0384 Modem - ok
18:41:59.0406 0384 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
18:41:59.0500 0384 Monfilt - ok
18:41:59.0562 0384 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:41:59.0640 0384 Mouclass - ok
18:41:59.0750 0384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:41:59.0875 0384 MountMgr - ok
18:41:59.0921 0384 MPFP - ok
18:41:59.0937 0384 mraid35x - ok
18:41:59.0953 0384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:42:00.0031 0384 MRxDAV - ok
18:42:00.0093 0384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:42:00.0125 0384 MRxSmb - ok
18:42:00.0203 0384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:42:00.0265 0384 Msfs - ok
18:42:00.0343 0384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:42:00.0453 0384 MSKSSRV - ok
18:42:00.0453 0384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:42:00.0546 0384 MSPCLOCK - ok
18:42:00.0562 0384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:42:00.0656 0384 MSPQM - ok
18:42:00.0703 0384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:42:00.0765 0384 mssmbios - ok
18:42:00.0796 0384 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:42:00.0906 0384 MSTEE - ok
18:42:01.0046 0384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:42:01.0046 0384 Mup - ok
18:42:01.0140 0384 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:42:01.0281 0384 NABTSFEC - ok
18:42:01.0312 0384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:42:01.0375 0384 NDIS - ok
18:42:01.0421 0384 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:42:01.0500 0384 NdisIP - ok
18:42:01.0531 0384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:42:01.0562 0384 NdisTapi - ok
18:42:01.0671 0384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:42:01.0750 0384 Ndisuio - ok
18:42:01.0828 0384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:42:01.0906 0384 NdisWan - ok
18:42:01.0937 0384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:42:01.0968 0384 NDProxy - ok
18:42:02.0000 0384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:42:02.0078 0384 NetBIOS - ok
18:42:02.0265 0384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:42:02.0390 0384 NetBT - ok
18:42:02.0531 0384 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
18:42:02.0531 0384 Netdevio ( UnsignedFile.Multi.Generic ) - warning
18:42:02.0531 0384 Netdevio - detected UnsignedFile.Multi.Generic (1)
18:42:02.0703 0384 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:42:02.0875 0384 NETw5x32 - ok
18:42:03.0078 0384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:42:03.0203 0384 Npfs - ok
18:42:03.0250 0384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:42:03.0359 0384 Ntfs - ok
18:42:03.0390 0384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:42:03.0484 0384 Null - ok
18:42:03.0703 0384 nv (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:42:03.0906 0384 nv - ok
18:42:04.0109 0384 NVHDA (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
18:42:04.0125 0384 NVHDA - ok
18:42:04.0156 0384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:42:04.0296 0384 NwlnkFlt - ok
18:42:04.0328 0384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:42:04.0390 0384 NwlnkFwd - ok
18:42:04.0421 0384 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
18:42:04.0484 0384 Parport - ok
18:42:04.0500 0384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:42:04.0562 0384 PartMgr - ok
18:42:04.0593 0384 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:42:04.0671 0384 ParVdm - ok
18:42:04.0703 0384 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:42:04.0718 0384 pccsmcfd - ok
18:42:04.0890 0384 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:42:04.0968 0384 PCI - ok
18:42:04.0984 0384 PCIDump - ok
18:42:04.0984 0384 PCIIde - ok
18:42:05.0015 0384 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:42:05.0078 0384 Pcmcia - ok
18:42:05.0093 0384 PDCOMP - ok
18:42:05.0093 0384 PDFRAME - ok
18:42:05.0109 0384 PDRELI - ok
18:42:05.0109 0384 PDRFRAME - ok
18:42:05.0125 0384 perc2 - ok
18:42:05.0140 0384 perc2hib - ok
18:42:05.0171 0384 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
18:42:05.0187 0384 PGEffect - ok
18:42:05.0218 0384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:42:05.0312 0384 PptpMiniport - ok
18:42:05.0343 0384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:42:05.0421 0384 PSched - ok
18:42:05.0437 0384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:42:05.0500 0384 Ptilink - ok
18:42:05.0515 0384 ql1080 - ok
18:42:05.0531 0384 Ql10wnt - ok
18:42:05.0531 0384 ql12160 - ok
18:42:05.0531 0384 ql1240 - ok
18:42:05.0546 0384 ql1280 - ok
18:42:05.0578 0384 QsFsFltr (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
18:42:05.0609 0384 QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
18:42:05.0609 0384 QsFsFltr - detected UnsignedFile.Multi.Generic (1)
18:42:05.0796 0384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:42:05.0906 0384 RasAcd - ok
18:42:05.0921 0384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:42:06.0000 0384 Rasl2tp - ok
18:42:06.0000 0384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:42:06.0078 0384 RasPppoe - ok
18:42:06.0109 0384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:42:06.0171 0384 Raspti - ok
18:42:06.0203 0384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:42:06.0265 0384 Rdbss - ok
18:42:06.0296 0384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:42:06.0375 0384 RDPCDD - ok
18:42:06.0593 0384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:42:06.0671 0384 rdpdr - ok
18:42:06.0718 0384 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:42:06.0734 0384 RDPWD - ok
18:42:06.0765 0384 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:42:06.0843 0384 redbook - ok
18:42:06.0875 0384 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
18:42:06.0890 0384 rimspci - ok
18:42:06.0890 0384 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
18:42:06.0906 0384 risdpcie - ok
18:42:06.0921 0384 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
18:42:06.0921 0384 rixdpcie - ok
18:42:07.0140 0384 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:42:07.0250 0384 sdbus - ok
18:42:07.0265 0384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:42:07.0312 0384 Secdrv - ok
18:42:07.0343 0384 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
18:42:07.0421 0384 Serial - ok
18:42:07.0453 0384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:42:07.0546 0384 Sfloppy - ok
18:42:07.0562 0384 Simbad - ok
18:42:07.0562 0384 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:42:07.0656 0384 SLIP - ok
18:42:07.0671 0384 Sparrow - ok
18:42:07.0703 0384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:42:07.0796 0384 splitter - ok
18:42:07.0812 0384 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:42:07.0859 0384 sr - ok
18:42:07.0890 0384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:42:07.0906 0384 Srv - ok
18:42:07.0921 0384 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:42:08.0000 0384 streamip - ok
18:42:08.0171 0384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:42:08.0265 0384 swenum - ok
18:42:08.0296 0384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:42:08.0406 0384 swmidi - ok
18:42:08.0421 0384 symc810 - ok
18:42:08.0437 0384 symc8xx - ok
18:42:08.0437 0384 sym_hi - ok
18:42:08.0453 0384 sym_u3 - ok
18:42:08.0468 0384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:42:08.0531 0384 sysaudio - ok
18:42:08.0562 0384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:42:08.0578 0384 Tcpip - ok
18:42:08.0593 0384 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
18:42:08.0625 0384 tdcmdpst - ok
18:42:08.0656 0384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:42:08.0781 0384 TDPIPE - ok
18:42:08.0875 0384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:42:08.0953 0384 TDTCP - ok
18:42:09.0031 0384 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
18:42:09.0031 0384 tdudf - ok
18:42:09.0062 0384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:42:09.0125 0384 TermDD - ok
18:42:09.0156 0384 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
18:42:09.0156 0384 Thpdrv - ok
18:42:09.0171 0384 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
18:42:09.0171 0384 Thpevm - ok
18:42:09.0203 0384 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
18:42:09.0218 0384 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
18:42:09.0218 0384 TMEI3E - detected UnsignedFile.Multi.Generic (1)
18:42:09.0234 0384 TosIde - ok
18:42:09.0281 0384 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
18:42:09.0296 0384 Tosrfcom - ok
18:42:09.0328 0384 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
18:42:09.0343 0384 tosrfec - ok
18:42:09.0359 0384 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
18:42:09.0375 0384 tos_sps32 - ok
18:42:09.0390 0384 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
18:42:09.0390 0384 trudf - ok
18:42:09.0406 0384 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
18:42:09.0421 0384 TVALZ - ok
18:42:09.0437 0384 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
18:42:09.0453 0384 TVALZFL ( UnsignedFile.Multi.Generic ) - warning
18:42:09.0453 0384 TVALZFL - detected UnsignedFile.Multi.Generic (1)
18:42:09.0593 0384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:42:09.0703 0384 Udfs - ok
18:42:09.0750 0384 ultra - ok
18:42:09.0781 0384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:42:09.0875 0384 Update - ok
18:42:09.0890 0384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:42:10.0015 0384 usbccgp - ok
18:42:10.0031 0384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:42:10.0109 0384 usbehci - ok
18:42:10.0125 0384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:42:10.0234 0384 usbhub - ok
18:42:10.0281 0384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:42:10.0375 0384 USBSTOR - ok
18:42:10.0375 0384 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:42:10.0500 0384 usbvideo - ok
18:42:10.0531 0384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:42:10.0609 0384 VgaSave - ok
18:42:10.0625 0384 ViaIde - ok
18:42:10.0656 0384 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:42:10.0750 0384 VolSnap - ok
18:42:10.0765 0384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:42:10.0859 0384 Wanarp - ok
18:42:10.0890 0384 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:42:10.0921 0384 Wdf01000 - ok
18:42:11.0015 0384 WDICA - ok
18:42:11.0125 0384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:42:11.0234 0384 wdmaud - ok
18:42:11.0312 0384 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:42:11.0375 0384 WSTCODEC - ok
18:42:11.0421 0384 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:42:11.0437 0384 WudfPf - ok
18:42:11.0500 0384 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:42:11.0531 0384 WudfRd - ok
18:42:11.0531 0384 xcpip - ok
18:42:11.0546 0384 xpsec - ok
18:42:11.0562 0384 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
18:42:11.0562 0384 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
18:42:11.0562 0384 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
18:42:11.0593 0384 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:42:11.0593 0384 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:42:11.0593 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
18:42:11.0750 0384 \Device\Harddisk1\DR2 - ok
18:42:11.0750 0384 Boot (0x1200) (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
18:42:11.0750 0384 \Device\Harddisk0\DR0\Partition0 - ok
18:42:11.0750 0384 Boot (0x1200) (da5def75bb81028110fdb12e54669dc1) \Device\Harddisk1\DR2\Partition0
18:42:11.0750 0384 \Device\Harddisk1\DR2\Partition0 - ok
18:42:11.0750 0384 ============================================================
18:42:11.0750 0384 Scan finished
18:42:11.0750 0384 ============================================================
18:42:11.0859 2744 Detected object count: 6
18:42:11.0859 2744 Actual detected object count: 6
18:42:37.0765 2744 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:37.0765 2744 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:42:37.0765 2744 QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:37.0765 2744 QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:42:37.0765 2744 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:37.0765 2744 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:42:37.0781 2744 TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
18:42:37.0781 2744 TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:42:37.0781 2744 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
18:42:37.0781 2744 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
18:42:37.0781 2744 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:42:37.0781 2744 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:45:51.0828 4012 Deinitialize success
|
|
15.01.2012, 18:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 50€-Trojaner: auch mich hat es erwischt.Zitat:
__________________ |
|
15.01.2012, 22:04
| #3 |
| | 50€-Trojaner: auch mich hat es erwischt. So, hier ist der nächste log:
__________________Code:
ATTFilter 21:57:14.0078 5928 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
21:57:14.0093 5928 ============================================================
21:57:14.0093 5928 Current date / time: 2012/01/15 21:57:14.0093
21:57:14.0093 5928 SystemInfo:
21:57:14.0093 5928
21:57:14.0093 5928 OS Version: 5.1.2600 ServicePack: 3.0
21:57:14.0093 5928 Product type: Workstation
21:57:14.0093 5928 ComputerName: ***1
21:57:14.0093 5928 UserName: ***
21:57:14.0093 5928 Windows directory: C:\WINDOWS
21:57:14.0093 5928 System windows directory: C:\WINDOWS
21:57:14.0093 5928 Processor architecture: Intel x86
21:57:14.0093 5928 Number of processors: 4
21:57:14.0093 5928 Page size: 0x1000
21:57:14.0093 5928 Boot type: Normal boot
21:57:14.0093 5928 ============================================================
21:57:14.0453 5928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
21:57:14.0515 5928 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:57:14.0578 5928 Initialize success
21:57:21.0406 4692 ============================================================
21:57:21.0406 4692 Scan started
21:57:21.0406 4692 Mode: Manual; SigCheck; TDLFS;
21:57:21.0406 4692 ============================================================
21:57:22.0453 4692 Abiosdsk - ok
21:57:22.0453 4692 abp480n5 - ok
21:57:22.0500 4692 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:57:24.0140 4692 ACPI - ok
21:57:24.0234 4692 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:57:24.0437 4692 ACPIEC - ok
21:57:24.0531 4692 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
21:57:24.0531 4692 adfs - ok
21:57:24.0546 4692 adpu160m - ok
21:57:24.0593 4692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:57:24.0703 4692 aec - ok
21:57:24.0750 4692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:57:24.0781 4692 AFD - ok
21:57:24.0796 4692 Aha154x - ok
21:57:24.0812 4692 aic78u2 - ok
21:57:24.0812 4692 aic78xx - ok
21:57:24.0828 4692 AliIde - ok
21:57:24.0890 4692 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:57:25.0078 4692 Ambfilt - ok
21:57:25.0156 4692 amsint - ok
21:57:25.0187 4692 ApfiltrService (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:57:25.0203 4692 ApfiltrService - ok
21:57:25.0218 4692 asc - ok
21:57:25.0218 4692 asc3350p - ok
21:57:25.0234 4692 asc3550 - ok
21:57:25.0250 4692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:57:25.0390 4692 AsyncMac - ok
21:57:25.0421 4692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
21:57:25.0515 4692 atapi - ok
21:57:25.0531 4692 Atdisk - ok
21:57:25.0546 4692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:57:25.0656 4692 Atmarpc - ok
21:57:25.0718 4692 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
21:57:25.0734 4692 ATSwpWDF - ok
21:57:25.0828 4692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:57:25.0937 4692 audstub - ok
21:57:25.0953 4692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:57:26.0062 4692 Beep - ok
21:57:26.0078 4692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:57:26.0171 4692 cbidf2k - ok
21:57:26.0171 4692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:57:26.0265 4692 CCDECODE - ok
21:57:26.0265 4692 cd20xrnt - ok
21:57:26.0265 4692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:57:26.0375 4692 Cdaudio - ok
21:57:26.0406 4692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:57:26.0515 4692 Cdfs - ok
21:57:26.0531 4692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:57:26.0625 4692 Cdrom - ok
21:57:26.0625 4692 Changer - ok
21:57:26.0656 4692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:57:26.0781 4692 CmBatt - ok
21:57:26.0796 4692 CmdIde - ok
21:57:26.0812 4692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:57:26.0921 4692 Compbatt - ok
21:57:26.0937 4692 Cpqarray - ok
21:57:26.0937 4692 dac2w2k - ok
21:57:26.0953 4692 dac960nt - ok
21:57:26.0984 4692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:57:27.0062 4692 Disk - ok
21:57:27.0109 4692 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:57:27.0234 4692 dmboot - ok
21:57:27.0328 4692 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:57:27.0406 4692 dmio - ok
21:57:27.0421 4692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:57:27.0484 4692 dmload - ok
21:57:27.0531 4692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:57:27.0593 4692 DMusic - ok
21:57:27.0609 4692 dpti2o - ok
21:57:27.0640 4692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:57:27.0734 4692 drmkaud - ok
21:57:27.0781 4692 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
21:57:27.0796 4692 e1kexpress - ok
21:57:27.0828 4692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:57:27.0890 4692 Fastfat - ok
21:57:27.0906 4692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:57:27.0968 4692 Fdc - ok
21:57:27.0968 4692 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:57:28.0062 4692 Fips - ok
21:57:28.0171 4692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:57:28.0234 4692 Flpydisk - ok
21:57:28.0265 4692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:57:28.0343 4692 FltMgr - ok
21:57:28.0359 4692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:57:28.0421 4692 Fs_Rec - ok
21:57:28.0437 4692 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:57:28.0500 4692 Ftdisk - ok
21:57:28.0515 4692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:57:28.0593 4692 Gpc - ok
21:57:28.0671 4692 guardian2 (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
21:57:28.0671 4692 guardian2 - ok
21:57:28.0718 4692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:57:28.0843 4692 HDAudBus - ok
21:57:28.0890 4692 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:57:28.0921 4692 HECI - ok
21:57:28.0953 4692 hpn - ok
21:57:28.0984 4692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:57:29.0046 4692 HTTP - ok
21:57:29.0093 4692 i2omgmt - ok
21:57:29.0125 4692 i2omp - ok
21:57:29.0140 4692 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:57:29.0234 4692 i8042prt - ok
21:57:29.0265 4692 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
21:57:29.0296 4692 iaStor - ok
21:57:29.0312 4692 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:57:29.0359 4692 IFXTPM - ok
21:57:29.0421 4692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:57:29.0484 4692 Imapi - ok
21:57:29.0531 4692 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
21:57:29.0562 4692 Impcd - ok
21:57:29.0562 4692 ini910u - ok
21:57:29.0734 4692 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:57:29.0921 4692 IntcAzAudAddService - ok
21:57:30.0000 4692 IntelIde - ok
21:57:30.0031 4692 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:57:30.0125 4692 intelppm - ok
21:57:30.0140 4692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:57:30.0234 4692 Ip6Fw - ok
21:57:30.0234 4692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:57:30.0296 4692 IpFilterDriver - ok
21:57:30.0312 4692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:57:30.0421 4692 IpInIp - ok
21:57:30.0453 4692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:57:30.0531 4692 IpNat - ok
21:57:30.0593 4692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:57:30.0687 4692 IPSec - ok
21:57:30.0718 4692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:57:30.0750 4692 IRENUM - ok
21:57:30.0828 4692 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:57:30.0906 4692 isapnp - ok
21:57:30.0937 4692 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:57:31.0015 4692 Kbdclass - ok
21:57:31.0062 4692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:57:31.0156 4692 kmixer - ok
21:57:31.0156 4692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:57:31.0234 4692 KSecDD - ok
21:57:31.0250 4692 lbrtfdc - ok
21:57:31.0296 4692 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:57:31.0296 4692 MBAMProtector - ok
21:57:31.0359 4692 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:57:31.0359 4692 mfeavfk - ok
21:57:31.0468 4692 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
21:57:31.0468 4692 mfebopk - ok
21:57:31.0500 4692 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
21:57:31.0531 4692 mfehidk - ok
21:57:31.0531 4692 mferkdk - ok
21:57:31.0546 4692 mfesmfk - ok
21:57:31.0562 4692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:57:31.0640 4692 mnmdd - ok
21:57:31.0671 4692 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:57:31.0750 4692 Modem - ok
21:57:31.0890 4692 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:57:31.0968 4692 Monfilt - ok
21:57:31.0984 4692 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:57:32.0078 4692 Mouclass - ok
21:57:32.0109 4692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:57:32.0171 4692 MountMgr - ok
21:57:32.0250 4692 MPFP - ok
21:57:32.0250 4692 mraid35x - ok
21:57:32.0265 4692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:57:32.0343 4692 MRxDAV - ok
21:57:32.0390 4692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:57:32.0437 4692 MRxSmb - ok
21:57:32.0515 4692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:57:32.0578 4692 Msfs - ok
21:57:32.0609 4692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:57:32.0687 4692 MSKSSRV - ok
21:57:32.0703 4692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:57:32.0765 4692 MSPCLOCK - ok
21:57:32.0796 4692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:57:32.0875 4692 MSPQM - ok
21:57:32.0890 4692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:57:32.0953 4692 mssmbios - ok
21:57:32.0968 4692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:57:33.0078 4692 MSTEE - ok
21:57:33.0187 4692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:57:33.0218 4692 Mup - ok
21:57:33.0250 4692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:57:33.0343 4692 NABTSFEC - ok
21:57:33.0375 4692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:57:33.0500 4692 NDIS - ok
21:57:33.0531 4692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:57:33.0609 4692 NdisIP - ok
21:57:33.0640 4692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:57:33.0671 4692 NdisTapi - ok
21:57:33.0765 4692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:57:33.0875 4692 Ndisuio - ok
21:57:33.0906 4692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:57:33.0968 4692 NdisWan - ok
21:57:33.0984 4692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:57:34.0031 4692 NDProxy - ok
21:57:34.0046 4692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:57:34.0156 4692 NetBIOS - ok
21:57:34.0203 4692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:57:34.0312 4692 NetBT - ok
21:57:34.0406 4692 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:57:34.0421 4692 Netdevio ( UnsignedFile.Multi.Generic ) - warning
21:57:34.0421 4692 Netdevio - detected UnsignedFile.Multi.Generic (1)
21:57:34.0546 4692 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:57:34.0812 4692 NETw5x32 - ok
21:57:34.0906 4692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:57:34.0968 4692 Npfs - ok
21:57:34.0984 4692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:57:35.0062 4692 Ntfs - ok
21:57:35.0078 4692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:57:35.0156 4692 Null - ok
21:57:35.0375 4692 nv (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:57:35.0796 4692 nv - ok
21:57:35.0906 4692 NVHDA (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
21:57:35.0906 4692 NVHDA - ok
21:57:35.0921 4692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:57:36.0015 4692 NwlnkFlt - ok
21:57:36.0031 4692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:57:36.0109 4692 NwlnkFwd - ok
21:57:36.0140 4692 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:57:36.0203 4692 Parport - ok
21:57:36.0234 4692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:57:36.0296 4692 PartMgr - ok
21:57:36.0312 4692 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:57:36.0390 4692 ParVdm - ok
21:57:36.0500 4692 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:57:36.0531 4692 pccsmcfd - ok
21:57:36.0546 4692 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:57:36.0609 4692 PCI - ok
21:57:36.0625 4692 PCIDump - ok
21:57:36.0640 4692 PCIIde - ok
21:57:36.0656 4692 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:57:36.0718 4692 Pcmcia - ok
21:57:36.0734 4692 PDCOMP - ok
21:57:36.0734 4692 PDFRAME - ok
21:57:36.0750 4692 PDRELI - ok
21:57:36.0750 4692 PDRFRAME - ok
21:57:36.0765 4692 perc2 - ok
21:57:36.0765 4692 perc2hib - ok
21:57:36.0796 4692 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
21:57:36.0843 4692 PGEffect - ok
21:57:36.0875 4692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:57:37.0015 4692 PptpMiniport - ok
21:57:37.0062 4692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:57:37.0140 4692 PSched - ok
21:57:37.0187 4692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:57:37.0281 4692 Ptilink - ok
21:57:37.0281 4692 ql1080 - ok
21:57:37.0296 4692 Ql10wnt - ok
21:57:37.0296 4692 ql12160 - ok
21:57:37.0312 4692 ql1240 - ok
21:57:37.0312 4692 ql1280 - ok
21:57:37.0359 4692 QsFsFltr (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
21:57:37.0375 4692 QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
21:57:37.0375 4692 QsFsFltr - detected UnsignedFile.Multi.Generic (1)
21:57:37.0390 4692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:57:37.0484 4692 RasAcd - ok
21:57:37.0484 4692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:57:37.0562 4692 Rasl2tp - ok
21:57:37.0640 4692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:57:37.0718 4692 RasPppoe - ok
21:57:37.0765 4692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:57:37.0843 4692 Raspti - ok
21:57:37.0859 4692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:57:37.0937 4692 Rdbss - ok
21:57:37.0953 4692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:57:38.0000 4692 RDPCDD - ok
21:57:38.0046 4692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:57:38.0125 4692 rdpdr - ok
21:57:38.0203 4692 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:57:38.0234 4692 RDPWD - ok
21:57:38.0312 4692 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:57:38.0406 4692 redbook - ok
21:57:38.0453 4692 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
21:57:38.0468 4692 rimspci - ok
21:57:38.0468 4692 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
21:57:38.0484 4692 risdpcie - ok
21:57:38.0500 4692 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
21:57:38.0531 4692 rixdpcie - ok
21:57:38.0578 4692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:57:38.0640 4692 sdbus - ok
21:57:38.0656 4692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:57:38.0687 4692 Secdrv - ok
21:57:38.0734 4692 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:57:38.0796 4692 Serial - ok
21:57:38.0812 4692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:57:38.0906 4692 Sfloppy - ok
21:57:38.0921 4692 Simbad - ok
21:57:38.0937 4692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:57:39.0000 4692 SLIP - ok
21:57:39.0000 4692 Sparrow - ok
21:57:39.0031 4692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:57:39.0109 4692 splitter - ok
21:57:39.0140 4692 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:57:39.0171 4692 sr - ok
21:57:39.0187 4692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:57:39.0218 4692 Srv - ok
21:57:39.0281 4692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:57:39.0359 4692 streamip - ok
21:57:39.0390 4692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:57:39.0468 4692 swenum - ok
21:57:39.0500 4692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:57:39.0562 4692 swmidi - ok
21:57:39.0562 4692 symc810 - ok
21:57:39.0578 4692 symc8xx - ok
21:57:39.0578 4692 sym_hi - ok
21:57:39.0593 4692 sym_u3 - ok
21:57:39.0625 4692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:57:39.0687 4692 sysaudio - ok
21:57:39.0734 4692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:57:39.0812 4692 Tcpip - ok
21:57:39.0828 4692 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
21:57:39.0875 4692 tdcmdpst - ok
21:57:39.0953 4692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:57:40.0031 4692 TDPIPE - ok
21:57:40.0078 4692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:57:40.0140 4692 TDTCP - ok
21:57:40.0171 4692 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
21:57:40.0187 4692 tdudf - ok
21:57:40.0203 4692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:57:40.0265 4692 TermDD - ok
21:57:40.0296 4692 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
21:57:40.0296 4692 Thpdrv - ok
21:57:40.0312 4692 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
21:57:40.0359 4692 Thpevm - ok
21:57:40.0375 4692 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
21:57:40.0390 4692 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0390 4692 TMEI3E - detected UnsignedFile.Multi.Generic (1)
21:57:40.0453 4692 TosIde - ok
21:57:40.0500 4692 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
21:57:40.0515 4692 Tosrfcom - ok
21:57:40.0546 4692 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:57:40.0546 4692 tosrfec - ok
21:57:40.0578 4692 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
21:57:40.0593 4692 tos_sps32 - ok
21:57:40.0609 4692 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
21:57:40.0640 4692 trudf - ok
21:57:40.0656 4692 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
21:57:40.0671 4692 TVALZ - ok
21:57:40.0703 4692 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
21:57:40.0718 4692 TVALZFL ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0718 4692 TVALZFL - detected UnsignedFile.Multi.Generic (1)
21:57:40.0750 4692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:57:40.0828 4692 Udfs - ok
21:57:40.0859 4692 ultra - ok
21:57:40.0890 4692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:57:41.0000 4692 Update - ok
21:57:41.0031 4692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:57:41.0093 4692 usbccgp - ok
21:57:41.0125 4692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:57:41.0187 4692 usbehci - ok
21:57:41.0187 4692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:57:41.0250 4692 usbhub - ok
21:57:41.0296 4692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:57:41.0390 4692 USBSTOR - ok
21:57:41.0406 4692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:57:41.0468 4692 usbvideo - ok
21:57:41.0484 4692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:57:41.0546 4692 VgaSave - ok
21:57:41.0562 4692 ViaIde - ok
21:57:41.0578 4692 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:57:41.0640 4692 VolSnap - ok
21:57:41.0656 4692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:57:41.0734 4692 Wanarp - ok
21:57:41.0750 4692 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:57:41.0765 4692 Wdf01000 - ok
21:57:41.0781 4692 WDICA - ok
21:57:41.0812 4692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:57:41.0890 4692 wdmaud - ok
21:57:41.0984 4692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:57:42.0062 4692 WSTCODEC - ok
21:57:42.0109 4692 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:57:42.0187 4692 WudfPf - ok
21:57:42.0250 4692 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:57:42.0281 4692 WudfRd - ok
21:57:42.0281 4692 xcpip - ok
21:57:42.0296 4692 xpsec - ok
21:57:42.0312 4692 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
21:57:42.0312 4692 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
21:57:42.0312 4692 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
21:57:42.0343 4692 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:57:42.0343 4692 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:57:42.0343 4692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
21:57:42.0515 4692 \Device\Harddisk1\DR2 - ok
21:57:42.0515 4692 Boot (0x1200) (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
21:57:42.0531 4692 \Device\Harddisk0\DR0\Partition0 - ok
21:57:42.0531 4692 Boot (0x1200) (da5def75bb81028110fdb12e54669dc1) \Device\Harddisk1\DR2\Partition0
21:57:42.0531 4692 \Device\Harddisk1\DR2\Partition0 - ok
21:57:42.0531 4692 ============================================================
21:57:42.0531 4692 Scan finished
21:57:42.0531 4692 ============================================================
21:57:42.0640 2992 Detected object count: 6
21:57:42.0640 2992 Actual detected object count: 6
21:58:10.0140 2992 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0156 2992 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
21:58:10.0187 2992 \Device\Harddisk0\DR0 - ok
21:58:10.0187 2992 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
21:58:10.0187 2992 \Device\Harddisk0\DR0\TDLFS - deleted
21:58:10.0187 2992 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:58:14.0765 4616 Deinitialize success
|
|
16.01.2012, 13:56
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Du solltest neu starten und ein neues Log machen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.01.2012, 17:07
| #5 |
| | 50€-Trojaner: auch mich hat es erwischt. So, nun der log nach Neustart! Code:
ATTFilter 17:05:47.0703 7104 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
17:05:47.0718 7104 ============================================================
17:05:47.0718 7104 Current date / time: 2012/01/17 17:05:47.0718
17:05:47.0718 7104 SystemInfo:
17:05:47.0718 7104
17:05:47.0718 7104 OS Version: 5.1.2600 ServicePack: 3.0
17:05:47.0718 7104 Product type: Workstation
17:05:47.0718 7104 ComputerName: ***1
17:05:47.0718 7104 UserName: ***
17:05:47.0718 7104 Windows directory: C:\WINDOWS
17:05:47.0718 7104 System windows directory: C:\WINDOWS
17:05:47.0718 7104 Processor architecture: Intel x86
17:05:47.0718 7104 Number of processors: 4
17:05:47.0718 7104 Page size: 0x1000
17:05:47.0718 7104 Boot type: Normal boot
17:05:47.0718 7104 ============================================================
17:05:48.0078 7104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
17:05:48.0109 7104 Initialize success
17:05:54.0687 1860 ============================================================
17:05:54.0687 1860 Scan started
17:05:54.0687 1860 Mode: Manual; SigCheck; TDLFS;
17:05:54.0687 1860 ============================================================
17:05:54.0984 1860 Abiosdsk - ok
17:05:55.0000 1860 abp480n5 - ok
17:05:55.0062 1860 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:55.0406 1860 ACPI - ok
17:05:55.0437 1860 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:05:55.0531 1860 ACPIEC - ok
17:05:55.0578 1860 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
17:05:55.0593 1860 adfs - ok
17:05:55.0593 1860 adpu160m - ok
17:05:55.0640 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:05:55.0765 1860 aec - ok
17:05:55.0859 1860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:05:55.0921 1860 AFD - ok
17:05:55.0921 1860 Aha154x - ok
17:05:55.0937 1860 aic78u2 - ok
17:05:55.0937 1860 aic78xx - ok
17:05:55.0953 1860 AliIde - ok
17:05:56.0031 1860 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:05:56.0218 1860 Ambfilt - ok
17:05:56.0281 1860 amsint - ok
17:05:56.0328 1860 ApfiltrService (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:05:56.0359 1860 ApfiltrService - ok
17:05:56.0375 1860 asc - ok
17:05:56.0375 1860 asc3350p - ok
17:05:56.0390 1860 asc3550 - ok
17:05:56.0406 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:05:56.0546 1860 AsyncMac - ok
17:05:56.0578 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
17:05:56.0718 1860 atapi - ok
17:05:56.0718 1860 Atdisk - ok
17:05:56.0734 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:05:56.0906 1860 Atmarpc - ok
17:05:56.0984 1860 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
17:05:57.0031 1860 ATSwpWDF - ok
17:05:57.0125 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:05:57.0187 1860 audstub - ok
17:05:57.0203 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:05:57.0296 1860 Beep - ok
17:05:57.0312 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:05:57.0375 1860 cbidf2k - ok
17:05:57.0375 1860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:05:57.0515 1860 CCDECODE - ok
17:05:57.0515 1860 cd20xrnt - ok
17:05:57.0531 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:05:57.0593 1860 Cdaudio - ok
17:05:57.0625 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:05:57.0718 1860 Cdfs - ok
17:05:57.0718 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:05:57.0796 1860 Cdrom - ok
17:05:57.0812 1860 Changer - ok
17:05:57.0843 1860 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:05:58.0000 1860 CmBatt - ok
17:05:58.0000 1860 CmdIde - ok
17:05:58.0015 1860 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:05:58.0093 1860 Compbatt - ok
17:05:58.0093 1860 Cpqarray - ok
17:05:58.0109 1860 dac2w2k - ok
17:05:58.0109 1860 dac960nt - ok
17:05:58.0140 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:05:58.0203 1860 Disk - ok
17:05:58.0250 1860 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:05:58.0328 1860 dmboot - ok
17:05:58.0406 1860 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:05:58.0500 1860 dmio - ok
17:05:58.0515 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:05:58.0593 1860 dmload - ok
17:05:58.0640 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:05:58.0781 1860 DMusic - ok
17:05:58.0796 1860 dpti2o - ok
17:05:58.0843 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:05:58.0968 1860 drmkaud - ok
17:05:59.0015 1860 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
17:05:59.0031 1860 e1kexpress - ok
17:05:59.0062 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:05:59.0187 1860 Fastfat - ok
17:05:59.0203 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:05:59.0328 1860 Fdc - ok
17:05:59.0343 1860 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:05:59.0500 1860 Fips - ok
17:05:59.0609 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:05:59.0734 1860 Flpydisk - ok
17:05:59.0750 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:05:59.0906 1860 FltMgr - ok
17:05:59.0921 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:00.0046 1860 Fs_Rec - ok
17:06:00.0062 1860 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:00.0187 1860 Ftdisk - ok
17:06:00.0218 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:00.0359 1860 Gpc - ok
17:06:00.0406 1860 guardian2 (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
17:06:00.0421 1860 guardian2 - ok
17:06:00.0515 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:00.0671 1860 HDAudBus - ok
17:06:00.0703 1860 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
17:06:00.0734 1860 HECI - ok
17:06:00.0796 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:00.0921 1860 HidUsb - ok
17:06:00.0921 1860 hpn - ok
17:06:00.0968 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:01.0031 1860 HTTP - ok
17:06:01.0109 1860 i2omgmt - ok
17:06:01.0125 1860 i2omp - ok
17:06:01.0140 1860 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:01.0296 1860 i8042prt - ok
17:06:01.0328 1860 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
17:06:01.0343 1860 iaStor - ok
17:06:01.0375 1860 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:06:01.0437 1860 IFXTPM - ok
17:06:01.0500 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:01.0593 1860 Imapi - ok
17:06:01.0640 1860 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
17:06:01.0671 1860 Impcd - ok
17:06:01.0687 1860 ini910u - ok
17:06:01.0875 1860 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:02.0156 1860 IntcAzAudAddService - ok
17:06:02.0234 1860 IntelIde - ok
17:06:02.0265 1860 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:02.0406 1860 intelppm - ok
17:06:02.0437 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:02.0562 1860 Ip6Fw - ok
17:06:02.0562 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:02.0703 1860 IpFilterDriver - ok
17:06:02.0703 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:02.0796 1860 IpInIp - ok
17:06:02.0828 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:02.0890 1860 IpNat - ok
17:06:02.0937 1860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:03.0015 1860 IPSec - ok
17:06:03.0031 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:03.0062 1860 IRENUM - ok
17:06:03.0093 1860 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:03.0171 1860 isapnp - ok
17:06:03.0265 1860 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:03.0406 1860 Kbdclass - ok
17:06:03.0453 1860 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:03.0593 1860 kbdhid - ok
17:06:03.0671 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:03.0812 1860 kmixer - ok
17:06:03.0828 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:03.0906 1860 KSecDD - ok
17:06:03.0921 1860 lbrtfdc - ok
17:06:03.0968 1860 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:06:03.0984 1860 MBAMProtector - ok
17:06:04.0109 1860 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
17:06:04.0125 1860 mfeavfk - ok
17:06:04.0187 1860 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
17:06:04.0187 1860 mfebopk - ok
17:06:04.0250 1860 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
17:06:04.0265 1860 mfehidk - ok
17:06:04.0281 1860 mferkdk - ok
17:06:04.0281 1860 mfesmfk - ok
17:06:04.0328 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:04.0468 1860 mnmdd - ok
17:06:04.0546 1860 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:06:04.0687 1860 Modem - ok
17:06:04.0812 1860 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:06:04.0906 1860 Monfilt - ok
17:06:04.0937 1860 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:05.0078 1860 Mouclass - ok
17:06:05.0171 1860 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:05.0312 1860 mouhid - ok
17:06:05.0343 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:05.0468 1860 MountMgr - ok
17:06:05.0468 1860 MPFP - ok
17:06:05.0484 1860 mraid35x - ok
17:06:05.0484 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:05.0593 1860 MRxDAV - ok
17:06:05.0640 1860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:05.0671 1860 MRxSmb - ok
17:06:05.0687 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:05.0796 1860 Msfs - ok
17:06:05.0812 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:05.0968 1860 MSKSSRV - ok
17:06:06.0031 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:06.0093 1860 MSPCLOCK - ok
17:06:06.0125 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:06.0203 1860 MSPQM - ok
17:06:06.0218 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:06.0281 1860 mssmbios - ok
17:06:06.0312 1860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:06:06.0390 1860 MSTEE - ok
17:06:06.0421 1860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:06:06.0453 1860 Mup - ok
17:06:06.0531 1860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:06:06.0687 1860 NABTSFEC - ok
17:06:06.0718 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:06.0843 1860 NDIS - ok
17:06:06.0875 1860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:06:07.0015 1860 NdisIP - ok
17:06:07.0046 1860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:07.0093 1860 NdisTapi - ok
17:06:07.0171 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:07.0296 1860 Ndisuio - ok
17:06:07.0343 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:07.0406 1860 NdisWan - ok
17:06:07.0437 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:07.0500 1860 NDProxy - ok
17:06:07.0515 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:07.0578 1860 NetBIOS - ok
17:06:07.0625 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:07.0703 1860 NetBT - ok
17:06:07.0781 1860 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:06:07.0796 1860 Netdevio ( UnsignedFile.Multi.Generic ) - warning
17:06:07.0796 1860 Netdevio - detected UnsignedFile.Multi.Generic (1)
17:06:07.0953 1860 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:06:08.0171 1860 NETw5x32 - ok
17:06:08.0281 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:08.0421 1860 Npfs - ok
17:06:08.0437 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:08.0625 1860 Ntfs - ok
17:06:08.0656 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:08.0781 1860 Null - ok
17:06:09.0046 1860 nv (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:09.0578 1860 nv - ok
17:06:09.0687 1860 NVHDA (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
17:06:09.0703 1860 NVHDA - ok
17:06:09.0718 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:09.0843 1860 NwlnkFlt - ok
17:06:09.0875 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:10.0000 1860 NwlnkFwd - ok
17:06:10.0046 1860 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:06:10.0187 1860 Parport - ok
17:06:10.0203 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:10.0328 1860 PartMgr - ok
17:06:10.0359 1860 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:10.0500 1860 ParVdm - ok
17:06:10.0593 1860 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:06:10.0656 1860 pccsmcfd - ok
17:06:10.0671 1860 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:10.0796 1860 PCI - ok
17:06:10.0796 1860 PCIDump - ok
17:06:10.0812 1860 PCIIde - ok
17:06:10.0843 1860 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:10.0937 1860 Pcmcia - ok
17:06:10.0937 1860 PDCOMP - ok
17:06:10.0953 1860 PDFRAME - ok
17:06:10.0968 1860 PDRELI - ok
17:06:10.0968 1860 PDRFRAME - ok
17:06:10.0984 1860 perc2 - ok
17:06:10.0984 1860 perc2hib - ok
17:06:11.0015 1860 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
17:06:11.0062 1860 PGEffect - ok
17:06:11.0109 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:11.0234 1860 PptpMiniport - ok
17:06:11.0265 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:11.0328 1860 PSched - ok
17:06:11.0343 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:11.0421 1860 Ptilink - ok
17:06:11.0500 1860 ql1080 - ok
17:06:11.0515 1860 Ql10wnt - ok
17:06:11.0531 1860 ql12160 - ok
17:06:11.0531 1860 ql1240 - ok
17:06:11.0546 1860 ql1280 - ok
17:06:11.0562 1860 QsFsFltr (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
17:06:11.0593 1860 QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
17:06:11.0593 1860 QsFsFltr - detected UnsignedFile.Multi.Generic (1)
17:06:11.0593 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:11.0750 1860 RasAcd - ok
17:06:11.0781 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:11.0890 1860 Rasl2tp - ok
17:06:11.0906 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:12.0015 1860 RasPppoe - ok
17:06:12.0031 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:12.0093 1860 Raspti - ok
17:06:12.0187 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:12.0265 1860 Rdbss - ok
17:06:12.0296 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:12.0359 1860 RDPCDD - ok
17:06:12.0390 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:06:12.0468 1860 rdpdr - ok
17:06:12.0515 1860 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:12.0546 1860 RDPWD - ok
17:06:12.0671 1860 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:12.0796 1860 redbook - ok
17:06:12.0843 1860 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
17:06:12.0859 1860 rimspci - ok
17:06:12.0875 1860 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
17:06:12.0890 1860 risdpcie - ok
17:06:12.0906 1860 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
17:06:12.0921 1860 rixdpcie - ok
17:06:12.0953 1860 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:06:13.0109 1860 sdbus - ok
17:06:13.0187 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:13.0218 1860 Secdrv - ok
17:06:13.0250 1860 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:06:13.0375 1860 Serial - ok
17:06:13.0390 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:13.0531 1860 Sfloppy - ok
17:06:13.0546 1860 Simbad - ok
17:06:13.0546 1860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:06:13.0671 1860 SLIP - ok
17:06:13.0687 1860 Sparrow - ok
17:06:13.0718 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:13.0828 1860 splitter - ok
17:06:13.0859 1860 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:13.0921 1860 sr - ok
17:06:14.0015 1860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:14.0093 1860 Srv - ok
17:06:14.0125 1860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:06:14.0265 1860 streamip - ok
17:06:14.0265 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:14.0343 1860 swenum - ok
17:06:14.0375 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:14.0437 1860 swmidi - ok
17:06:14.0437 1860 symc810 - ok
17:06:14.0453 1860 symc8xx - ok
17:06:14.0453 1860 sym_hi - ok
17:06:14.0468 1860 sym_u3 - ok
17:06:14.0484 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:14.0546 1860 sysaudio - ok
17:06:14.0656 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:14.0750 1860 Tcpip - ok
17:06:14.0765 1860 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
17:06:14.0828 1860 tdcmdpst - ok
17:06:14.0859 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:15.0000 1860 TDPIPE - ok
17:06:15.0046 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:15.0187 1860 TDTCP - ok
17:06:15.0218 1860 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
17:06:15.0234 1860 tdudf - ok
17:06:15.0250 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:15.0390 1860 TermDD - ok
17:06:15.0421 1860 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
17:06:15.0421 1860 Thpdrv - ok
17:06:15.0437 1860 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
17:06:15.0453 1860 Thpevm - ok
17:06:15.0484 1860 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
17:06:15.0515 1860 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0515 1860 TMEI3E - detected UnsignedFile.Multi.Generic (1)
17:06:15.0546 1860 TosIde - ok
17:06:15.0578 1860 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
17:06:15.0593 1860 Tosrfcom - ok
17:06:15.0625 1860 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:06:15.0625 1860 tosrfec - ok
17:06:15.0640 1860 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
17:06:15.0656 1860 tos_sps32 - ok
17:06:15.0671 1860 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
17:06:15.0703 1860 trudf - ok
17:06:15.0734 1860 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
17:06:15.0765 1860 TVALZ - ok
17:06:15.0796 1860 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
17:06:15.0828 1860 TVALZFL ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0828 1860 TVALZFL - detected UnsignedFile.Multi.Generic (1)
17:06:15.0859 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:15.0968 1860 Udfs - ok
17:06:15.0984 1860 ultra - ok
17:06:16.0015 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:16.0093 1860 Update - ok
17:06:16.0156 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:16.0218 1860 usbccgp - ok
17:06:16.0234 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:16.0312 1860 usbehci - ok
17:06:16.0328 1860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:16.0390 1860 usbhub - ok
17:06:16.0421 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:16.0500 1860 usbprint - ok
17:06:16.0546 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:16.0593 1860 USBSTOR - ok
17:06:16.0609 1860 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:06:16.0671 1860 usbvideo - ok
17:06:16.0687 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:16.0750 1860 VgaSave - ok
17:06:16.0750 1860 ViaIde - ok
17:06:16.0781 1860 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:16.0843 1860 VolSnap - ok
17:06:16.0859 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:16.0937 1860 Wanarp - ok
17:06:16.0984 1860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:06:17.0015 1860 Wdf01000 - ok
17:06:17.0078 1860 WDICA - ok
17:06:17.0125 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:17.0203 1860 wdmaud - ok
17:06:17.0281 1860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:06:17.0343 1860 WSTCODEC - ok
17:06:17.0390 1860 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:17.0437 1860 WudfPf - ok
17:06:17.0484 1860 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:17.0515 1860 WudfRd - ok
17:06:17.0546 1860 xcpip - ok
17:06:17.0578 1860 xpsec - ok
17:06:17.0609 1860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:06:17.0843 1860 \Device\Harddisk0\DR0 - ok
17:06:17.0859 1860 Boot (0x1200) (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
17:06:17.0859 1860 \Device\Harddisk0\DR0\Partition0 - ok
17:06:17.0859 1860 ============================================================
17:06:17.0859 1860 Scan finished
17:06:17.0859 1860 ============================================================
17:06:17.0968 5936 Detected object count: 4
17:06:17.0968 5936 Actual detected object count: 4
17:06:22.0203 5936 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:24.0531 0304 Deinitialize success
|
|
17.01.2012, 21:25
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> 50€-Trojaner: auch mich hat es erwischt. |
|
19.01.2012, 14:28
| #7 |
| | 50€-Trojaner: auch mich hat es erwischt. Hallo Arne, ich habe Probleme, McAfee Internet Security (Toshiba-Lizensierung) abzuschalten. Recherche hierzu brachte nichts zu Tage. Kann ich ComboFix auch im abgesicherten Modus laufen lassen? Besten Dank, Jens |
|
19.01.2012, 16:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Ja geht notfalls auch. Ich würde dir aber eh empfehlen diese Suite nicht zu nutzen und daher zu deinstallieren. Reiner Virenscanner plus Windows-Firefall ist sinnvoller
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 10:11
| #9 |
| | 50€-Trojaner: auch mich hat es erwischt. So, hier ist nun der log von ComboFix: Code:
ATTFilter ComboFix 12-01-18.04 - 20.01.2012 7:21.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2741 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-20 bis 2012-01-20 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 07:25
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
Zeit der Fertigstellung: 2012-01-20 07:26:50
ComboFix-quarantined-files.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.232.851.456 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.384.272.384 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CB4AEE3B60B1C63760C96011003490CE
|
|
20.01.2012, 12:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
"5353:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
File::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys
Driver::
xcpip
xpsec
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 14:43
| #11 |
| | 50€-Trojaner: auch mich hat es erwischt. Und der nächste log (auch im abgesichterten Modus lief McAfee): Code:
ATTFilter ComboFix 12-01-18.04 - 20.01.2012 12:47:18.2.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2750 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-20 bis 2012-01-20 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 11:55 . 2012-01-20 11:55 53248 c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25 53248 c:\windows\temp\catchme.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
- - - - - - - > 'Explorer.exe'(1948)
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
Zeit der Fertigstellung: 2012-01-20 12:56:09
ComboFix-quarantined-files.txt 2012-01-20 11:56
ComboFix2.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.319.555.584 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.303.568.896 Bytes frei
.
- - End Of File - - C68F55B1E045E3079112AF6BA2CE746B
|
|
20.01.2012, 21:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Also irgendwie war das nichts  Hast du alles so in die CFScript.txt kopiert wie es sollte? Wiederhol das bitte. Wenn's geht im normalen Modus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2012, 12:35
| #13 |
| | 50€-Trojaner: auch mich hat es erwischt. Hallo Arne, habe wahrscheinlich wieder den gleichen log. Ich schaffe es nicht, McAfee abzuschalten. Soll ich die Suite deinstallieren und dann noch einmal alles laufen lassen? Anbei der log: Code:
ATTFilter ComboFix 12-01-19.02 - 21.01.2012 12:21:46.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2085 [GMT 1:00]
ausgeführt von:: c:\combofix\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-21 bis 2012-01-21 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 13:37 . 2012-01-20 13:37 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2012-01-21 11:29 . 2012-01-21 11:29 53248 c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25 53248 c:\windows\temp\catchme.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-21 12:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
.
- - - - - - - > 'Explorer.exe'(7492)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
c:\programme\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Zeit der Fertigstellung: 2012-01-21 12:30:46
ComboFix-quarantined-files.txt 2012-01-21 11:30
ComboFix2.txt 2012-01-20 13:44
ComboFix3.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.161.080.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.150.959.616 Bytes frei
.
- - End Of File - - 594632290B91DBAB65FC304C7455E03E
Jens |
|
23.01.2012, 11:32
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2012, 07:24
| #15 |
| | 50€-Trojaner: auch mich hat es erwischt. So, nach Deistallation und Neustart meledete ComboFix wieder McAfee. Lief aber weiter. Allerdings mit "eingeschränkter Funktionalität", da es "abgelaufen" sei. Hier ist ist der log: Code:
ATTFilter ComboFix 12-01-18.04 - 24.01.2012 21:56:50.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2226 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-24 bis 2012-01-24 ))))))))))))))))))))))))))))))
.
.
2012-01-24 12:23 . 2012-01-24 12:24 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:24 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:23 -------- d-----w- c:\programme\iSaver
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\temp\catchme.dll
+ 2012-01-24 20:52 . 2012-01-24 20:52 16384 c:\windows\temp\Perflib_Perfdata_6a8.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2008-07-07 1142784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-McAfee Update - c:\windows\TEMP\mcupdate_1327437487.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-24 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
.
Zeit der Fertigstellung: 2012-01-24 22:00:51
ComboFix-quarantined-files.txt 2012-01-24 21:00
ComboFix2.txt 2012-01-21 11:30
ComboFix3.txt 2012-01-20 13:44
ComboFix4.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.346.019.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.350.361.088 Bytes frei
.
- - End Of File - - D62154094CBAD19B2A9F92F427039887
Jens p.s.: welche Antivirus-Software empfiehlst Du anstelle von McAfee? |
|
| Themen zu 50€-Trojaner: auch mich hat es erwischt. |
| 50€-trojaner, 50€-virus, erwischt, folge, folgende, forum, gmer, log, malwarebytes, maßnahme, maßnahmen, troja, trojaner, windows |
Hybrid-Darstellung
