| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50€-Trojaner: auch mich hat es erwischt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2012, 18:39
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  50€-Trojaner: auch mich hat es erwischt.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.01.2012, 22:04
| #17 |
 | 50€-Trojaner: auch mich hat es erwischt. So, hier ist der nächste log:
__________________Code:
ATTFilter 21:57:14.0078 5928 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
21:57:14.0093 5928 ============================================================
21:57:14.0093 5928 Current date / time: 2012/01/15 21:57:14.0093
21:57:14.0093 5928 SystemInfo:
21:57:14.0093 5928
21:57:14.0093 5928 OS Version: 5.1.2600 ServicePack: 3.0
21:57:14.0093 5928 Product type: Workstation
21:57:14.0093 5928 ComputerName: ***1
21:57:14.0093 5928 UserName: ***
21:57:14.0093 5928 Windows directory: C:\WINDOWS
21:57:14.0093 5928 System windows directory: C:\WINDOWS
21:57:14.0093 5928 Processor architecture: Intel x86
21:57:14.0093 5928 Number of processors: 4
21:57:14.0093 5928 Page size: 0x1000
21:57:14.0093 5928 Boot type: Normal boot
21:57:14.0093 5928 ============================================================
21:57:14.0453 5928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
21:57:14.0515 5928 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:57:14.0578 5928 Initialize success
21:57:21.0406 4692 ============================================================
21:57:21.0406 4692 Scan started
21:57:21.0406 4692 Mode: Manual; SigCheck; TDLFS;
21:57:21.0406 4692 ============================================================
21:57:22.0453 4692 Abiosdsk - ok
21:57:22.0453 4692 abp480n5 - ok
21:57:22.0500 4692 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:57:24.0140 4692 ACPI - ok
21:57:24.0234 4692 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:57:24.0437 4692 ACPIEC - ok
21:57:24.0531 4692 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
21:57:24.0531 4692 adfs - ok
21:57:24.0546 4692 adpu160m - ok
21:57:24.0593 4692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:57:24.0703 4692 aec - ok
21:57:24.0750 4692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:57:24.0781 4692 AFD - ok
21:57:24.0796 4692 Aha154x - ok
21:57:24.0812 4692 aic78u2 - ok
21:57:24.0812 4692 aic78xx - ok
21:57:24.0828 4692 AliIde - ok
21:57:24.0890 4692 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:57:25.0078 4692 Ambfilt - ok
21:57:25.0156 4692 amsint - ok
21:57:25.0187 4692 ApfiltrService (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:57:25.0203 4692 ApfiltrService - ok
21:57:25.0218 4692 asc - ok
21:57:25.0218 4692 asc3350p - ok
21:57:25.0234 4692 asc3550 - ok
21:57:25.0250 4692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:57:25.0390 4692 AsyncMac - ok
21:57:25.0421 4692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
21:57:25.0515 4692 atapi - ok
21:57:25.0531 4692 Atdisk - ok
21:57:25.0546 4692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:57:25.0656 4692 Atmarpc - ok
21:57:25.0718 4692 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
21:57:25.0734 4692 ATSwpWDF - ok
21:57:25.0828 4692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:57:25.0937 4692 audstub - ok
21:57:25.0953 4692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:57:26.0062 4692 Beep - ok
21:57:26.0078 4692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:57:26.0171 4692 cbidf2k - ok
21:57:26.0171 4692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:57:26.0265 4692 CCDECODE - ok
21:57:26.0265 4692 cd20xrnt - ok
21:57:26.0265 4692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:57:26.0375 4692 Cdaudio - ok
21:57:26.0406 4692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:57:26.0515 4692 Cdfs - ok
21:57:26.0531 4692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:57:26.0625 4692 Cdrom - ok
21:57:26.0625 4692 Changer - ok
21:57:26.0656 4692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:57:26.0781 4692 CmBatt - ok
21:57:26.0796 4692 CmdIde - ok
21:57:26.0812 4692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:57:26.0921 4692 Compbatt - ok
21:57:26.0937 4692 Cpqarray - ok
21:57:26.0937 4692 dac2w2k - ok
21:57:26.0953 4692 dac960nt - ok
21:57:26.0984 4692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:57:27.0062 4692 Disk - ok
21:57:27.0109 4692 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:57:27.0234 4692 dmboot - ok
21:57:27.0328 4692 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:57:27.0406 4692 dmio - ok
21:57:27.0421 4692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:57:27.0484 4692 dmload - ok
21:57:27.0531 4692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:57:27.0593 4692 DMusic - ok
21:57:27.0609 4692 dpti2o - ok
21:57:27.0640 4692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:57:27.0734 4692 drmkaud - ok
21:57:27.0781 4692 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
21:57:27.0796 4692 e1kexpress - ok
21:57:27.0828 4692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:57:27.0890 4692 Fastfat - ok
21:57:27.0906 4692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:57:27.0968 4692 Fdc - ok
21:57:27.0968 4692 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:57:28.0062 4692 Fips - ok
21:57:28.0171 4692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:57:28.0234 4692 Flpydisk - ok
21:57:28.0265 4692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:57:28.0343 4692 FltMgr - ok
21:57:28.0359 4692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:57:28.0421 4692 Fs_Rec - ok
21:57:28.0437 4692 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:57:28.0500 4692 Ftdisk - ok
21:57:28.0515 4692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:57:28.0593 4692 Gpc - ok
21:57:28.0671 4692 guardian2 (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
21:57:28.0671 4692 guardian2 - ok
21:57:28.0718 4692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:57:28.0843 4692 HDAudBus - ok
21:57:28.0890 4692 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:57:28.0921 4692 HECI - ok
21:57:28.0953 4692 hpn - ok
21:57:28.0984 4692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:57:29.0046 4692 HTTP - ok
21:57:29.0093 4692 i2omgmt - ok
21:57:29.0125 4692 i2omp - ok
21:57:29.0140 4692 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:57:29.0234 4692 i8042prt - ok
21:57:29.0265 4692 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
21:57:29.0296 4692 iaStor - ok
21:57:29.0312 4692 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:57:29.0359 4692 IFXTPM - ok
21:57:29.0421 4692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:57:29.0484 4692 Imapi - ok
21:57:29.0531 4692 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
21:57:29.0562 4692 Impcd - ok
21:57:29.0562 4692 ini910u - ok
21:57:29.0734 4692 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:57:29.0921 4692 IntcAzAudAddService - ok
21:57:30.0000 4692 IntelIde - ok
21:57:30.0031 4692 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:57:30.0125 4692 intelppm - ok
21:57:30.0140 4692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:57:30.0234 4692 Ip6Fw - ok
21:57:30.0234 4692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:57:30.0296 4692 IpFilterDriver - ok
21:57:30.0312 4692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:57:30.0421 4692 IpInIp - ok
21:57:30.0453 4692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:57:30.0531 4692 IpNat - ok
21:57:30.0593 4692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:57:30.0687 4692 IPSec - ok
21:57:30.0718 4692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:57:30.0750 4692 IRENUM - ok
21:57:30.0828 4692 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:57:30.0906 4692 isapnp - ok
21:57:30.0937 4692 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:57:31.0015 4692 Kbdclass - ok
21:57:31.0062 4692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:57:31.0156 4692 kmixer - ok
21:57:31.0156 4692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:57:31.0234 4692 KSecDD - ok
21:57:31.0250 4692 lbrtfdc - ok
21:57:31.0296 4692 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:57:31.0296 4692 MBAMProtector - ok
21:57:31.0359 4692 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:57:31.0359 4692 mfeavfk - ok
21:57:31.0468 4692 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
21:57:31.0468 4692 mfebopk - ok
21:57:31.0500 4692 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
21:57:31.0531 4692 mfehidk - ok
21:57:31.0531 4692 mferkdk - ok
21:57:31.0546 4692 mfesmfk - ok
21:57:31.0562 4692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:57:31.0640 4692 mnmdd - ok
21:57:31.0671 4692 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:57:31.0750 4692 Modem - ok
21:57:31.0890 4692 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:57:31.0968 4692 Monfilt - ok
21:57:31.0984 4692 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:57:32.0078 4692 Mouclass - ok
21:57:32.0109 4692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:57:32.0171 4692 MountMgr - ok
21:57:32.0250 4692 MPFP - ok
21:57:32.0250 4692 mraid35x - ok
21:57:32.0265 4692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:57:32.0343 4692 MRxDAV - ok
21:57:32.0390 4692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:57:32.0437 4692 MRxSmb - ok
21:57:32.0515 4692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:57:32.0578 4692 Msfs - ok
21:57:32.0609 4692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:57:32.0687 4692 MSKSSRV - ok
21:57:32.0703 4692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:57:32.0765 4692 MSPCLOCK - ok
21:57:32.0796 4692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:57:32.0875 4692 MSPQM - ok
21:57:32.0890 4692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:57:32.0953 4692 mssmbios - ok
21:57:32.0968 4692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:57:33.0078 4692 MSTEE - ok
21:57:33.0187 4692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:57:33.0218 4692 Mup - ok
21:57:33.0250 4692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:57:33.0343 4692 NABTSFEC - ok
21:57:33.0375 4692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:57:33.0500 4692 NDIS - ok
21:57:33.0531 4692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:57:33.0609 4692 NdisIP - ok
21:57:33.0640 4692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:57:33.0671 4692 NdisTapi - ok
21:57:33.0765 4692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:57:33.0875 4692 Ndisuio - ok
21:57:33.0906 4692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:57:33.0968 4692 NdisWan - ok
21:57:33.0984 4692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:57:34.0031 4692 NDProxy - ok
21:57:34.0046 4692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:57:34.0156 4692 NetBIOS - ok
21:57:34.0203 4692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:57:34.0312 4692 NetBT - ok
21:57:34.0406 4692 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:57:34.0421 4692 Netdevio ( UnsignedFile.Multi.Generic ) - warning
21:57:34.0421 4692 Netdevio - detected UnsignedFile.Multi.Generic (1)
21:57:34.0546 4692 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:57:34.0812 4692 NETw5x32 - ok
21:57:34.0906 4692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:57:34.0968 4692 Npfs - ok
21:57:34.0984 4692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:57:35.0062 4692 Ntfs - ok
21:57:35.0078 4692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:57:35.0156 4692 Null - ok
21:57:35.0375 4692 nv (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:57:35.0796 4692 nv - ok
21:57:35.0906 4692 NVHDA (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
21:57:35.0906 4692 NVHDA - ok
21:57:35.0921 4692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:57:36.0015 4692 NwlnkFlt - ok
21:57:36.0031 4692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:57:36.0109 4692 NwlnkFwd - ok
21:57:36.0140 4692 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:57:36.0203 4692 Parport - ok
21:57:36.0234 4692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:57:36.0296 4692 PartMgr - ok
21:57:36.0312 4692 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:57:36.0390 4692 ParVdm - ok
21:57:36.0500 4692 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:57:36.0531 4692 pccsmcfd - ok
21:57:36.0546 4692 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:57:36.0609 4692 PCI - ok
21:57:36.0625 4692 PCIDump - ok
21:57:36.0640 4692 PCIIde - ok
21:57:36.0656 4692 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:57:36.0718 4692 Pcmcia - ok
21:57:36.0734 4692 PDCOMP - ok
21:57:36.0734 4692 PDFRAME - ok
21:57:36.0750 4692 PDRELI - ok
21:57:36.0750 4692 PDRFRAME - ok
21:57:36.0765 4692 perc2 - ok
21:57:36.0765 4692 perc2hib - ok
21:57:36.0796 4692 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
21:57:36.0843 4692 PGEffect - ok
21:57:36.0875 4692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:57:37.0015 4692 PptpMiniport - ok
21:57:37.0062 4692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:57:37.0140 4692 PSched - ok
21:57:37.0187 4692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:57:37.0281 4692 Ptilink - ok
21:57:37.0281 4692 ql1080 - ok
21:57:37.0296 4692 Ql10wnt - ok
21:57:37.0296 4692 ql12160 - ok
21:57:37.0312 4692 ql1240 - ok
21:57:37.0312 4692 ql1280 - ok
21:57:37.0359 4692 QsFsFltr (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
21:57:37.0375 4692 QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
21:57:37.0375 4692 QsFsFltr - detected UnsignedFile.Multi.Generic (1)
21:57:37.0390 4692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:57:37.0484 4692 RasAcd - ok
21:57:37.0484 4692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:57:37.0562 4692 Rasl2tp - ok
21:57:37.0640 4692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:57:37.0718 4692 RasPppoe - ok
21:57:37.0765 4692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:57:37.0843 4692 Raspti - ok
21:57:37.0859 4692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:57:37.0937 4692 Rdbss - ok
21:57:37.0953 4692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:57:38.0000 4692 RDPCDD - ok
21:57:38.0046 4692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:57:38.0125 4692 rdpdr - ok
21:57:38.0203 4692 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:57:38.0234 4692 RDPWD - ok
21:57:38.0312 4692 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:57:38.0406 4692 redbook - ok
21:57:38.0453 4692 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
21:57:38.0468 4692 rimspci - ok
21:57:38.0468 4692 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
21:57:38.0484 4692 risdpcie - ok
21:57:38.0500 4692 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
21:57:38.0531 4692 rixdpcie - ok
21:57:38.0578 4692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:57:38.0640 4692 sdbus - ok
21:57:38.0656 4692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:57:38.0687 4692 Secdrv - ok
21:57:38.0734 4692 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:57:38.0796 4692 Serial - ok
21:57:38.0812 4692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:57:38.0906 4692 Sfloppy - ok
21:57:38.0921 4692 Simbad - ok
21:57:38.0937 4692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:57:39.0000 4692 SLIP - ok
21:57:39.0000 4692 Sparrow - ok
21:57:39.0031 4692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:57:39.0109 4692 splitter - ok
21:57:39.0140 4692 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:57:39.0171 4692 sr - ok
21:57:39.0187 4692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:57:39.0218 4692 Srv - ok
21:57:39.0281 4692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:57:39.0359 4692 streamip - ok
21:57:39.0390 4692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:57:39.0468 4692 swenum - ok
21:57:39.0500 4692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:57:39.0562 4692 swmidi - ok
21:57:39.0562 4692 symc810 - ok
21:57:39.0578 4692 symc8xx - ok
21:57:39.0578 4692 sym_hi - ok
21:57:39.0593 4692 sym_u3 - ok
21:57:39.0625 4692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:57:39.0687 4692 sysaudio - ok
21:57:39.0734 4692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:57:39.0812 4692 Tcpip - ok
21:57:39.0828 4692 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
21:57:39.0875 4692 tdcmdpst - ok
21:57:39.0953 4692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:57:40.0031 4692 TDPIPE - ok
21:57:40.0078 4692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:57:40.0140 4692 TDTCP - ok
21:57:40.0171 4692 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
21:57:40.0187 4692 tdudf - ok
21:57:40.0203 4692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:57:40.0265 4692 TermDD - ok
21:57:40.0296 4692 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
21:57:40.0296 4692 Thpdrv - ok
21:57:40.0312 4692 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
21:57:40.0359 4692 Thpevm - ok
21:57:40.0375 4692 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
21:57:40.0390 4692 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0390 4692 TMEI3E - detected UnsignedFile.Multi.Generic (1)
21:57:40.0453 4692 TosIde - ok
21:57:40.0500 4692 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
21:57:40.0515 4692 Tosrfcom - ok
21:57:40.0546 4692 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:57:40.0546 4692 tosrfec - ok
21:57:40.0578 4692 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
21:57:40.0593 4692 tos_sps32 - ok
21:57:40.0609 4692 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
21:57:40.0640 4692 trudf - ok
21:57:40.0656 4692 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
21:57:40.0671 4692 TVALZ - ok
21:57:40.0703 4692 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
21:57:40.0718 4692 TVALZFL ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0718 4692 TVALZFL - detected UnsignedFile.Multi.Generic (1)
21:57:40.0750 4692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:57:40.0828 4692 Udfs - ok
21:57:40.0859 4692 ultra - ok
21:57:40.0890 4692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:57:41.0000 4692 Update - ok
21:57:41.0031 4692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:57:41.0093 4692 usbccgp - ok
21:57:41.0125 4692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:57:41.0187 4692 usbehci - ok
21:57:41.0187 4692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:57:41.0250 4692 usbhub - ok
21:57:41.0296 4692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:57:41.0390 4692 USBSTOR - ok
21:57:41.0406 4692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:57:41.0468 4692 usbvideo - ok
21:57:41.0484 4692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:57:41.0546 4692 VgaSave - ok
21:57:41.0562 4692 ViaIde - ok
21:57:41.0578 4692 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:57:41.0640 4692 VolSnap - ok
21:57:41.0656 4692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:57:41.0734 4692 Wanarp - ok
21:57:41.0750 4692 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:57:41.0765 4692 Wdf01000 - ok
21:57:41.0781 4692 WDICA - ok
21:57:41.0812 4692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:57:41.0890 4692 wdmaud - ok
21:57:41.0984 4692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:57:42.0062 4692 WSTCODEC - ok
21:57:42.0109 4692 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:57:42.0187 4692 WudfPf - ok
21:57:42.0250 4692 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:57:42.0281 4692 WudfRd - ok
21:57:42.0281 4692 xcpip - ok
21:57:42.0296 4692 xpsec - ok
21:57:42.0312 4692 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
21:57:42.0312 4692 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
21:57:42.0312 4692 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
21:57:42.0343 4692 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:57:42.0343 4692 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:57:42.0343 4692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
21:57:42.0515 4692 \Device\Harddisk1\DR2 - ok
21:57:42.0515 4692 Boot (0x1200) (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
21:57:42.0531 4692 \Device\Harddisk0\DR0\Partition0 - ok
21:57:42.0531 4692 Boot (0x1200) (da5def75bb81028110fdb12e54669dc1) \Device\Harddisk1\DR2\Partition0
21:57:42.0531 4692 \Device\Harddisk1\DR2\Partition0 - ok
21:57:42.0531 4692 ============================================================
21:57:42.0531 4692 Scan finished
21:57:42.0531 4692 ============================================================
21:57:42.0640 2992 Detected object count: 6
21:57:42.0640 2992 Actual detected object count: 6
21:58:10.0140 2992 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992 TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992 TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0156 2992 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
21:58:10.0187 2992 \Device\Harddisk0\DR0 - ok
21:58:10.0187 2992 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
21:58:10.0187 2992 \Device\Harddisk0\DR0\TDLFS - deleted
21:58:10.0187 2992 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:58:14.0765 4616 Deinitialize success
|
|
16.01.2012, 13:56
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Du solltest neu starten und ein neues Log machen
__________________
__________________ |
|
17.01.2012, 17:07
| #19 |
| | 50€-Trojaner: auch mich hat es erwischt. So, nun der log nach Neustart! Code:
ATTFilter 17:05:47.0703 7104 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
17:05:47.0718 7104 ============================================================
17:05:47.0718 7104 Current date / time: 2012/01/17 17:05:47.0718
17:05:47.0718 7104 SystemInfo:
17:05:47.0718 7104
17:05:47.0718 7104 OS Version: 5.1.2600 ServicePack: 3.0
17:05:47.0718 7104 Product type: Workstation
17:05:47.0718 7104 ComputerName: ***1
17:05:47.0718 7104 UserName: ***
17:05:47.0718 7104 Windows directory: C:\WINDOWS
17:05:47.0718 7104 System windows directory: C:\WINDOWS
17:05:47.0718 7104 Processor architecture: Intel x86
17:05:47.0718 7104 Number of processors: 4
17:05:47.0718 7104 Page size: 0x1000
17:05:47.0718 7104 Boot type: Normal boot
17:05:47.0718 7104 ============================================================
17:05:48.0078 7104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
17:05:48.0109 7104 Initialize success
17:05:54.0687 1860 ============================================================
17:05:54.0687 1860 Scan started
17:05:54.0687 1860 Mode: Manual; SigCheck; TDLFS;
17:05:54.0687 1860 ============================================================
17:05:54.0984 1860 Abiosdsk - ok
17:05:55.0000 1860 abp480n5 - ok
17:05:55.0062 1860 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:55.0406 1860 ACPI - ok
17:05:55.0437 1860 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:05:55.0531 1860 ACPIEC - ok
17:05:55.0578 1860 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
17:05:55.0593 1860 adfs - ok
17:05:55.0593 1860 adpu160m - ok
17:05:55.0640 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:05:55.0765 1860 aec - ok
17:05:55.0859 1860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:05:55.0921 1860 AFD - ok
17:05:55.0921 1860 Aha154x - ok
17:05:55.0937 1860 aic78u2 - ok
17:05:55.0937 1860 aic78xx - ok
17:05:55.0953 1860 AliIde - ok
17:05:56.0031 1860 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:05:56.0218 1860 Ambfilt - ok
17:05:56.0281 1860 amsint - ok
17:05:56.0328 1860 ApfiltrService (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:05:56.0359 1860 ApfiltrService - ok
17:05:56.0375 1860 asc - ok
17:05:56.0375 1860 asc3350p - ok
17:05:56.0390 1860 asc3550 - ok
17:05:56.0406 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:05:56.0546 1860 AsyncMac - ok
17:05:56.0578 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
17:05:56.0718 1860 atapi - ok
17:05:56.0718 1860 Atdisk - ok
17:05:56.0734 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:05:56.0906 1860 Atmarpc - ok
17:05:56.0984 1860 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
17:05:57.0031 1860 ATSwpWDF - ok
17:05:57.0125 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:05:57.0187 1860 audstub - ok
17:05:57.0203 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:05:57.0296 1860 Beep - ok
17:05:57.0312 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:05:57.0375 1860 cbidf2k - ok
17:05:57.0375 1860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:05:57.0515 1860 CCDECODE - ok
17:05:57.0515 1860 cd20xrnt - ok
17:05:57.0531 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:05:57.0593 1860 Cdaudio - ok
17:05:57.0625 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:05:57.0718 1860 Cdfs - ok
17:05:57.0718 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:05:57.0796 1860 Cdrom - ok
17:05:57.0812 1860 Changer - ok
17:05:57.0843 1860 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:05:58.0000 1860 CmBatt - ok
17:05:58.0000 1860 CmdIde - ok
17:05:58.0015 1860 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:05:58.0093 1860 Compbatt - ok
17:05:58.0093 1860 Cpqarray - ok
17:05:58.0109 1860 dac2w2k - ok
17:05:58.0109 1860 dac960nt - ok
17:05:58.0140 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:05:58.0203 1860 Disk - ok
17:05:58.0250 1860 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:05:58.0328 1860 dmboot - ok
17:05:58.0406 1860 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:05:58.0500 1860 dmio - ok
17:05:58.0515 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:05:58.0593 1860 dmload - ok
17:05:58.0640 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:05:58.0781 1860 DMusic - ok
17:05:58.0796 1860 dpti2o - ok
17:05:58.0843 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:05:58.0968 1860 drmkaud - ok
17:05:59.0015 1860 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
17:05:59.0031 1860 e1kexpress - ok
17:05:59.0062 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:05:59.0187 1860 Fastfat - ok
17:05:59.0203 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:05:59.0328 1860 Fdc - ok
17:05:59.0343 1860 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:05:59.0500 1860 Fips - ok
17:05:59.0609 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:05:59.0734 1860 Flpydisk - ok
17:05:59.0750 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:05:59.0906 1860 FltMgr - ok
17:05:59.0921 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:00.0046 1860 Fs_Rec - ok
17:06:00.0062 1860 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:00.0187 1860 Ftdisk - ok
17:06:00.0218 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:00.0359 1860 Gpc - ok
17:06:00.0406 1860 guardian2 (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
17:06:00.0421 1860 guardian2 - ok
17:06:00.0515 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:00.0671 1860 HDAudBus - ok
17:06:00.0703 1860 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
17:06:00.0734 1860 HECI - ok
17:06:00.0796 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:00.0921 1860 HidUsb - ok
17:06:00.0921 1860 hpn - ok
17:06:00.0968 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:01.0031 1860 HTTP - ok
17:06:01.0109 1860 i2omgmt - ok
17:06:01.0125 1860 i2omp - ok
17:06:01.0140 1860 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:01.0296 1860 i8042prt - ok
17:06:01.0328 1860 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
17:06:01.0343 1860 iaStor - ok
17:06:01.0375 1860 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:06:01.0437 1860 IFXTPM - ok
17:06:01.0500 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:01.0593 1860 Imapi - ok
17:06:01.0640 1860 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
17:06:01.0671 1860 Impcd - ok
17:06:01.0687 1860 ini910u - ok
17:06:01.0875 1860 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:02.0156 1860 IntcAzAudAddService - ok
17:06:02.0234 1860 IntelIde - ok
17:06:02.0265 1860 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:02.0406 1860 intelppm - ok
17:06:02.0437 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:02.0562 1860 Ip6Fw - ok
17:06:02.0562 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:02.0703 1860 IpFilterDriver - ok
17:06:02.0703 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:02.0796 1860 IpInIp - ok
17:06:02.0828 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:02.0890 1860 IpNat - ok
17:06:02.0937 1860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:03.0015 1860 IPSec - ok
17:06:03.0031 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:03.0062 1860 IRENUM - ok
17:06:03.0093 1860 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:03.0171 1860 isapnp - ok
17:06:03.0265 1860 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:03.0406 1860 Kbdclass - ok
17:06:03.0453 1860 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:03.0593 1860 kbdhid - ok
17:06:03.0671 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:03.0812 1860 kmixer - ok
17:06:03.0828 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:03.0906 1860 KSecDD - ok
17:06:03.0921 1860 lbrtfdc - ok
17:06:03.0968 1860 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:06:03.0984 1860 MBAMProtector - ok
17:06:04.0109 1860 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
17:06:04.0125 1860 mfeavfk - ok
17:06:04.0187 1860 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
17:06:04.0187 1860 mfebopk - ok
17:06:04.0250 1860 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
17:06:04.0265 1860 mfehidk - ok
17:06:04.0281 1860 mferkdk - ok
17:06:04.0281 1860 mfesmfk - ok
17:06:04.0328 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:04.0468 1860 mnmdd - ok
17:06:04.0546 1860 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:06:04.0687 1860 Modem - ok
17:06:04.0812 1860 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:06:04.0906 1860 Monfilt - ok
17:06:04.0937 1860 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:05.0078 1860 Mouclass - ok
17:06:05.0171 1860 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:05.0312 1860 mouhid - ok
17:06:05.0343 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:05.0468 1860 MountMgr - ok
17:06:05.0468 1860 MPFP - ok
17:06:05.0484 1860 mraid35x - ok
17:06:05.0484 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:05.0593 1860 MRxDAV - ok
17:06:05.0640 1860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:05.0671 1860 MRxSmb - ok
17:06:05.0687 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:05.0796 1860 Msfs - ok
17:06:05.0812 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:05.0968 1860 MSKSSRV - ok
17:06:06.0031 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:06.0093 1860 MSPCLOCK - ok
17:06:06.0125 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:06.0203 1860 MSPQM - ok
17:06:06.0218 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:06.0281 1860 mssmbios - ok
17:06:06.0312 1860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:06:06.0390 1860 MSTEE - ok
17:06:06.0421 1860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:06:06.0453 1860 Mup - ok
17:06:06.0531 1860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:06:06.0687 1860 NABTSFEC - ok
17:06:06.0718 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:06.0843 1860 NDIS - ok
17:06:06.0875 1860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:06:07.0015 1860 NdisIP - ok
17:06:07.0046 1860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:07.0093 1860 NdisTapi - ok
17:06:07.0171 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:07.0296 1860 Ndisuio - ok
17:06:07.0343 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:07.0406 1860 NdisWan - ok
17:06:07.0437 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:07.0500 1860 NDProxy - ok
17:06:07.0515 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:07.0578 1860 NetBIOS - ok
17:06:07.0625 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:07.0703 1860 NetBT - ok
17:06:07.0781 1860 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:06:07.0796 1860 Netdevio ( UnsignedFile.Multi.Generic ) - warning
17:06:07.0796 1860 Netdevio - detected UnsignedFile.Multi.Generic (1)
17:06:07.0953 1860 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:06:08.0171 1860 NETw5x32 - ok
17:06:08.0281 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:08.0421 1860 Npfs - ok
17:06:08.0437 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:08.0625 1860 Ntfs - ok
17:06:08.0656 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:08.0781 1860 Null - ok
17:06:09.0046 1860 nv (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:09.0578 1860 nv - ok
17:06:09.0687 1860 NVHDA (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
17:06:09.0703 1860 NVHDA - ok
17:06:09.0718 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:09.0843 1860 NwlnkFlt - ok
17:06:09.0875 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:10.0000 1860 NwlnkFwd - ok
17:06:10.0046 1860 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:06:10.0187 1860 Parport - ok
17:06:10.0203 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:10.0328 1860 PartMgr - ok
17:06:10.0359 1860 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:10.0500 1860 ParVdm - ok
17:06:10.0593 1860 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:06:10.0656 1860 pccsmcfd - ok
17:06:10.0671 1860 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:10.0796 1860 PCI - ok
17:06:10.0796 1860 PCIDump - ok
17:06:10.0812 1860 PCIIde - ok
17:06:10.0843 1860 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:10.0937 1860 Pcmcia - ok
17:06:10.0937 1860 PDCOMP - ok
17:06:10.0953 1860 PDFRAME - ok
17:06:10.0968 1860 PDRELI - ok
17:06:10.0968 1860 PDRFRAME - ok
17:06:10.0984 1860 perc2 - ok
17:06:10.0984 1860 perc2hib - ok
17:06:11.0015 1860 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
17:06:11.0062 1860 PGEffect - ok
17:06:11.0109 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:11.0234 1860 PptpMiniport - ok
17:06:11.0265 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:11.0328 1860 PSched - ok
17:06:11.0343 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:11.0421 1860 Ptilink - ok
17:06:11.0500 1860 ql1080 - ok
17:06:11.0515 1860 Ql10wnt - ok
17:06:11.0531 1860 ql12160 - ok
17:06:11.0531 1860 ql1240 - ok
17:06:11.0546 1860 ql1280 - ok
17:06:11.0562 1860 QsFsFltr (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
17:06:11.0593 1860 QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
17:06:11.0593 1860 QsFsFltr - detected UnsignedFile.Multi.Generic (1)
17:06:11.0593 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:11.0750 1860 RasAcd - ok
17:06:11.0781 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:11.0890 1860 Rasl2tp - ok
17:06:11.0906 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:12.0015 1860 RasPppoe - ok
17:06:12.0031 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:12.0093 1860 Raspti - ok
17:06:12.0187 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:12.0265 1860 Rdbss - ok
17:06:12.0296 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:12.0359 1860 RDPCDD - ok
17:06:12.0390 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:06:12.0468 1860 rdpdr - ok
17:06:12.0515 1860 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:12.0546 1860 RDPWD - ok
17:06:12.0671 1860 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:12.0796 1860 redbook - ok
17:06:12.0843 1860 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
17:06:12.0859 1860 rimspci - ok
17:06:12.0875 1860 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
17:06:12.0890 1860 risdpcie - ok
17:06:12.0906 1860 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
17:06:12.0921 1860 rixdpcie - ok
17:06:12.0953 1860 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:06:13.0109 1860 sdbus - ok
17:06:13.0187 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:13.0218 1860 Secdrv - ok
17:06:13.0250 1860 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:06:13.0375 1860 Serial - ok
17:06:13.0390 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:13.0531 1860 Sfloppy - ok
17:06:13.0546 1860 Simbad - ok
17:06:13.0546 1860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:06:13.0671 1860 SLIP - ok
17:06:13.0687 1860 Sparrow - ok
17:06:13.0718 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:13.0828 1860 splitter - ok
17:06:13.0859 1860 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:13.0921 1860 sr - ok
17:06:14.0015 1860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:14.0093 1860 Srv - ok
17:06:14.0125 1860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:06:14.0265 1860 streamip - ok
17:06:14.0265 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:14.0343 1860 swenum - ok
17:06:14.0375 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:14.0437 1860 swmidi - ok
17:06:14.0437 1860 symc810 - ok
17:06:14.0453 1860 symc8xx - ok
17:06:14.0453 1860 sym_hi - ok
17:06:14.0468 1860 sym_u3 - ok
17:06:14.0484 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:14.0546 1860 sysaudio - ok
17:06:14.0656 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:14.0750 1860 Tcpip - ok
17:06:14.0765 1860 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
17:06:14.0828 1860 tdcmdpst - ok
17:06:14.0859 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:15.0000 1860 TDPIPE - ok
17:06:15.0046 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:15.0187 1860 TDTCP - ok
17:06:15.0218 1860 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
17:06:15.0234 1860 tdudf - ok
17:06:15.0250 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:15.0390 1860 TermDD - ok
17:06:15.0421 1860 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
17:06:15.0421 1860 Thpdrv - ok
17:06:15.0437 1860 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
17:06:15.0453 1860 Thpevm - ok
17:06:15.0484 1860 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
17:06:15.0515 1860 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0515 1860 TMEI3E - detected UnsignedFile.Multi.Generic (1)
17:06:15.0546 1860 TosIde - ok
17:06:15.0578 1860 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
17:06:15.0593 1860 Tosrfcom - ok
17:06:15.0625 1860 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:06:15.0625 1860 tosrfec - ok
17:06:15.0640 1860 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
17:06:15.0656 1860 tos_sps32 - ok
17:06:15.0671 1860 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
17:06:15.0703 1860 trudf - ok
17:06:15.0734 1860 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
17:06:15.0765 1860 TVALZ - ok
17:06:15.0796 1860 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
17:06:15.0828 1860 TVALZFL ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0828 1860 TVALZFL - detected UnsignedFile.Multi.Generic (1)
17:06:15.0859 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:15.0968 1860 Udfs - ok
17:06:15.0984 1860 ultra - ok
17:06:16.0015 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:16.0093 1860 Update - ok
17:06:16.0156 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:16.0218 1860 usbccgp - ok
17:06:16.0234 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:16.0312 1860 usbehci - ok
17:06:16.0328 1860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:16.0390 1860 usbhub - ok
17:06:16.0421 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:16.0500 1860 usbprint - ok
17:06:16.0546 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:16.0593 1860 USBSTOR - ok
17:06:16.0609 1860 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:06:16.0671 1860 usbvideo - ok
17:06:16.0687 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:16.0750 1860 VgaSave - ok
17:06:16.0750 1860 ViaIde - ok
17:06:16.0781 1860 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:16.0843 1860 VolSnap - ok
17:06:16.0859 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:16.0937 1860 Wanarp - ok
17:06:16.0984 1860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:06:17.0015 1860 Wdf01000 - ok
17:06:17.0078 1860 WDICA - ok
17:06:17.0125 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:17.0203 1860 wdmaud - ok
17:06:17.0281 1860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:06:17.0343 1860 WSTCODEC - ok
17:06:17.0390 1860 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:17.0437 1860 WudfPf - ok
17:06:17.0484 1860 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:17.0515 1860 WudfRd - ok
17:06:17.0546 1860 xcpip - ok
17:06:17.0578 1860 xpsec - ok
17:06:17.0609 1860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:06:17.0843 1860 \Device\Harddisk0\DR0 - ok
17:06:17.0859 1860 Boot (0x1200) (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
17:06:17.0859 1860 \Device\Harddisk0\DR0\Partition0 - ok
17:06:17.0859 1860 ============================================================
17:06:17.0859 1860 Scan finished
17:06:17.0859 1860 ============================================================
17:06:17.0968 5936 Detected object count: 4
17:06:17.0968 5936 Actual detected object count: 4
17:06:22.0203 5936 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936 TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936 TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:24.0531 0304 Deinitialize success
|
|
17.01.2012, 21:25
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2012, 14:28
| #21 |
| | 50€-Trojaner: auch mich hat es erwischt. Hallo Arne, ich habe Probleme, McAfee Internet Security (Toshiba-Lizensierung) abzuschalten. Recherche hierzu brachte nichts zu Tage. Kann ich ComboFix auch im abgesicherten Modus laufen lassen? Besten Dank, Jens |
|
19.01.2012, 16:42
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Ja geht notfalls auch. Ich würde dir aber eh empfehlen diese Suite nicht zu nutzen und daher zu deinstallieren. Reiner Virenscanner plus Windows-Firefall ist sinnvoller
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 10:11
| #23 |
| | 50€-Trojaner: auch mich hat es erwischt. So, hier ist nun der log von ComboFix: Code:
ATTFilter ComboFix 12-01-18.04 - 20.01.2012 7:21.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2741 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-20 bis 2012-01-20 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 07:25
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
Zeit der Fertigstellung: 2012-01-20 07:26:50
ComboFix-quarantined-files.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.232.851.456 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.384.272.384 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CB4AEE3B60B1C63760C96011003490CE
|
|
20.01.2012, 12:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
"5353:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
File::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys
Driver::
xcpip
xpsec
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 14:43
| #25 |
| | 50€-Trojaner: auch mich hat es erwischt. Und der nächste log (auch im abgesichterten Modus lief McAfee): Code:
ATTFilter ComboFix 12-01-18.04 - 20.01.2012 12:47:18.2.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2750 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-20 bis 2012-01-20 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 11:55 . 2012-01-20 11:55 53248 c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25 53248 c:\windows\temp\catchme.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
- - - - - - - > 'Explorer.exe'(1948)
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
Zeit der Fertigstellung: 2012-01-20 12:56:09
ComboFix-quarantined-files.txt 2012-01-20 11:56
ComboFix2.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.319.555.584 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.303.568.896 Bytes frei
.
- - End Of File - - C68F55B1E045E3079112AF6BA2CE746B
|
|
20.01.2012, 21:03
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt. Also irgendwie war das nichts  Hast du alles so in die CFScript.txt kopiert wie es sollte? Wiederhol das bitte. Wenn's geht im normalen Modus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2012, 12:35
| #27 |
| | 50€-Trojaner: auch mich hat es erwischt. Hallo Arne, habe wahrscheinlich wieder den gleichen log. Ich schaffe es nicht, McAfee abzuschalten. Soll ich die Suite deinstallieren und dann noch einmal alles laufen lassen? Anbei der log: Code:
ATTFilter ComboFix 12-01-19.02 - 21.01.2012 12:21:46.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2085 [GMT 1:00]
ausgeführt von:: c:\combofix\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-21 bis 2012-01-21 ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 13:37 . 2012-01-20 13:37 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2012-01-21 11:29 . 2012-01-21 11:29 53248 c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25 53248 c:\windows\temp\catchme.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-21 12:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
.
- - - - - - - > 'Explorer.exe'(7492)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
c:\programme\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Zeit der Fertigstellung: 2012-01-21 12:30:46
ComboFix-quarantined-files.txt 2012-01-21 11:30
ComboFix2.txt 2012-01-20 13:44
ComboFix3.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.161.080.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.150.959.616 Bytes frei
.
- - End Of File - - 594632290B91DBAB65FC304C7455E03E
Jens |
|
23.01.2012, 11:32
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2012, 07:24
| #29 |
| | 50€-Trojaner: auch mich hat es erwischt. So, nach Deistallation und Neustart meledete ComboFix wieder McAfee. Lief aber weiter. Allerdings mit "eingeschränkter Funktionalität", da es "abgelaufen" sei. Hier ist ist der log: Code:
ATTFilter ComboFix 12-01-18.04 - 24.01.2012 21:56:50.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3056.2226 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-24 bis 2012-01-24 ))))))))))))))))))))))))))))))
.
.
2012-01-24 12:23 . 2012-01-24 12:24 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:24 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:23 -------- d-----w- c:\programme\iSaver
2012-01-14 14:09 . 2012-01-16 06:34 -------- d-----w- c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09 -------- d-----w- C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06 -------- d-----w- c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\PJLMON.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27 1297920 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27 672768 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27 371200 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-14 12:01 . 2010-09-17 10:03 24376 ----a-w- c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_06.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\temp\catchme.dll
+ 2012-01-24 20:52 . 2012-01-24 20:52 16384 c:\windows\temp\Perflib_Perfdata_6a8.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38 285504 ----a-w- c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2008-07-07 1142784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-McAfee Update - c:\windows\TEMP\mcupdate_1327437487.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-24 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
.
Zeit der Fertigstellung: 2012-01-24 22:00:51
ComboFix-quarantined-files.txt 2012-01-24 21:00
ComboFix2.txt 2012-01-21 11:30
ComboFix3.txt 2012-01-20 13:44
ComboFix4.txt 2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.346.019.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.350.361.088 Bytes frei
.
- - End Of File - - D62154094CBAD19B2A9F92F427039887
Jens p.s.: welche Antivirus-Software empfiehlst Du anstelle von McAfee? |
|
25.01.2012, 11:04
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50€-Trojaner: auch mich hat es erwischt.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 50€-Trojaner: auch mich hat es erwischt. |
| 50€-trojaner, 50€-virus, erwischt, folge, folgende, forum, gmer, log, malwarebytes, maßnahme, maßnahmen, troja, trojaner, windows |
Linear-Darstellung
