| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner & Roo/Tdds erfolglos bekämpft?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.09.2011, 13:53
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner & Roo/Tdds erfolglos bekämpft? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.09.2011, 14:03
| #17 |
 | Trojaner & Roo/Tdds erfolglos bekämpft? Das Tool sieht irgendwie anders aus als beim letzten Mal und auf dem Screenshot. Hier der Report:
__________________Code:
ATTFilter 14:59:18.0586 3316 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
14:59:18.0975 3316 ============================================================
14:59:18.0975 3316 Current date / time: 2011/09/24 14:59:18.0975
14:59:18.0975 3316 SystemInfo:
14:59:18.0975 3316
14:59:18.0975 3316 OS Version: 6.0.6002 ServicePack: 2.0
14:59:18.0975 3316 Product type: Workstation
14:59:18.0975 3316 ComputerName: XB-PC
14:59:18.0976 3316 UserName: XB
14:59:18.0976 3316 Windows directory: C:\Windows
14:59:18.0976 3316 System windows directory: C:\Windows
14:59:18.0976 3316 Processor architecture: Intel x86
14:59:18.0976 3316 Number of processors: 2
14:59:18.0976 3316 Page size: 0x1000
14:59:18.0976 3316 Boot type: Normal boot
14:59:18.0976 3316 ============================================================
14:59:19.0511 3316 Initialize success
14:59:39.0540 3444 ============================================================
14:59:39.0540 3444 Scan started
14:59:39.0541 3444 Mode: Manual;
14:59:39.0541 3444 ============================================================
14:59:39.0908 3444 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:59:39.0911 3444 ACPI - ok
14:59:39.0997 3444 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:59:40.0003 3444 adp94xx - ok
14:59:40.0044 3444 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:59:40.0049 3444 adpahci - ok
14:59:40.0086 3444 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:59:40.0087 3444 adpu160m - ok
14:59:40.0124 3444 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:59:40.0127 3444 adpu320 - ok
14:59:40.0243 3444 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:59:40.0247 3444 AFD - ok
14:59:40.0284 3444 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:59:40.0286 3444 agp440 - ok
14:59:40.0322 3444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:59:40.0324 3444 aic78xx - ok
14:59:40.0369 3444 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:59:40.0370 3444 aliide - ok
14:59:40.0401 3444 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:59:40.0402 3444 amdagp - ok
14:59:40.0429 3444 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:59:40.0430 3444 amdide - ok
14:59:40.0474 3444 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:59:40.0475 3444 AmdK7 - ok
14:59:40.0508 3444 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:59:40.0509 3444 AmdK8 - ok
14:59:40.0569 3444 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:59:40.0572 3444 ApfiltrService - ok
14:59:40.0612 3444 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:59:40.0614 3444 arc - ok
14:59:40.0668 3444 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:59:40.0670 3444 arcsas - ok
14:59:40.0728 3444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:40.0730 3444 AsyncMac - ok
14:59:40.0758 3444 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
14:59:40.0759 3444 atapi - ok
14:59:40.0940 3444 atikmdag (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:40.0993 3444 atikmdag - ok
14:59:41.0040 3444 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
14:59:41.0044 3444 atksgt - ok
14:59:41.0123 3444 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
14:59:41.0124 3444 avgntflt - ok
14:59:41.0156 3444 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
14:59:41.0159 3444 avipbb - ok
14:59:41.0239 3444 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
14:59:41.0240 3444 BCM42RLY - ok
14:59:41.0318 3444 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:59:41.0334 3444 BCM43XX - ok
14:59:41.0383 3444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:59:41.0384 3444 Beep - ok
14:59:41.0422 3444 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:59:41.0423 3444 blbdrive - ok
14:59:41.0494 3444 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:59:41.0496 3444 bowser - ok
14:59:41.0537 3444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:59:41.0538 3444 BrFiltLo - ok
14:59:41.0591 3444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:59:41.0592 3444 BrFiltUp - ok
14:59:41.0650 3444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:59:41.0652 3444 Brserid - ok
14:59:41.0746 3444 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
14:59:41.0748 3444 BrSerIf - ok
14:59:41.0778 3444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:59:41.0780 3444 BrSerWdm - ok
14:59:41.0812 3444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:59:41.0813 3444 BrUsbMdm - ok
14:59:41.0839 3444 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
14:59:41.0840 3444 BrUsbSer - ok
14:59:41.0876 3444 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:59:41.0877 3444 BthEnum - ok
14:59:41.0929 3444 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
14:59:41.0930 3444 BTHMODEM - ok
14:59:41.0982 3444 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:59:41.0984 3444 BthPan - ok
14:59:42.0052 3444 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
14:59:42.0059 3444 BthPort - ok
14:59:42.0118 3444 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
14:59:42.0120 3444 BTHUSB - ok
14:59:42.0171 3444 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
14:59:42.0172 3444 btwaudio - ok
14:59:42.0209 3444 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
14:59:42.0211 3444 btwavdt - ok
14:59:42.0241 3444 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:59:42.0243 3444 btwl2cap - ok
14:59:42.0272 3444 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
14:59:42.0273 3444 btwrchid - ok
14:59:42.0342 3444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:59:42.0344 3444 cdfs - ok
14:59:42.0388 3444 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:59:42.0390 3444 cdrom - ok
14:59:42.0420 3444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
14:59:42.0421 3444 circlass - ok
14:59:42.0475 3444 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:59:42.0480 3444 CLFS - ok
14:59:42.0524 3444 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:59:42.0525 3444 CmBatt - ok
14:59:42.0554 3444 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:59:42.0556 3444 cmdide - ok
14:59:42.0591 3444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:59:42.0592 3444 Compbatt - ok
14:59:42.0614 3444 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:59:42.0616 3444 crcdisk - ok
14:59:42.0673 3444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:59:42.0674 3444 Crusoe - ok
14:59:42.0765 3444 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
14:59:42.0766 3444 CVirtA - ok
14:59:42.0860 3444 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys
14:59:42.0864 3444 CVPNDRVA - ok
14:59:42.0965 3444 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:59:42.0967 3444 DfsC - ok
14:59:42.0995 3444 DgiVecp - ok
14:59:43.0091 3444 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:59:43.0092 3444 disk - ok
14:59:43.0153 3444 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
14:59:43.0155 3444 DNE - ok
14:59:43.0229 3444 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:59:43.0232 3444 Dot4 - ok
14:59:43.0297 3444 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:59:43.0298 3444 Dot4Print - ok
14:59:43.0361 3444 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:59:43.0363 3444 dot4usb - ok
14:59:43.0416 3444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:59:43.0417 3444 drmkaud - ok
14:59:43.0497 3444 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:59:43.0505 3444 DXGKrnl - ok
14:59:43.0552 3444 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
14:59:43.0555 3444 e1express - ok
14:59:43.0600 3444 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:59:43.0602 3444 E1G60 - ok
14:59:43.0709 3444 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:59:43.0711 3444 Ecache - ok
14:59:43.0777 3444 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:59:43.0782 3444 elxstor - ok
14:59:43.0843 3444 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:59:43.0844 3444 ErrDev - ok
14:59:43.0900 3444 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:59:43.0903 3444 exfat - ok
14:59:43.0950 3444 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:59:43.0952 3444 fastfat - ok
14:59:43.0982 3444 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:59:43.0983 3444 fdc - ok
14:59:44.0027 3444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:59:44.0029 3444 FileInfo - ok
14:59:44.0054 3444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:59:44.0056 3444 Filetrace - ok
14:59:44.0080 3444 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:59:44.0081 3444 flpydisk - ok
14:59:44.0120 3444 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:59:44.0123 3444 FltMgr - ok
14:59:44.0154 3444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:59:44.0155 3444 Fs_Rec - ok
14:59:44.0188 3444 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:59:44.0189 3444 gagp30kx - ok
14:59:44.0280 3444 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:59:44.0283 3444 HdAudAddService - ok
14:59:44.0320 3444 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:44.0328 3444 HDAudBus - ok
14:59:44.0360 3444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:59:44.0361 3444 HidBth - ok
14:59:44.0395 3444 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
14:59:44.0396 3444 HidIr - ok
14:59:44.0420 3444 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:59:44.0421 3444 HidUsb - ok
14:59:44.0462 3444 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:59:44.0463 3444 HpCISSs - ok
14:59:44.0533 3444 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:59:44.0539 3444 HTTP - ok
14:59:44.0604 3444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:59:44.0605 3444 i2omp - ok
14:59:44.0654 3444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:44.0656 3444 i8042prt - ok
14:59:44.0742 3444 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
14:59:44.0746 3444 iaStor - ok
14:59:44.0788 3444 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:59:44.0792 3444 iaStorV - ok
14:59:44.0832 3444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:59:44.0833 3444 iirsp - ok
14:59:44.0877 3444 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:59:44.0878 3444 intelide - ok
14:59:44.0926 3444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:59:44.0928 3444 intelppm - ok
14:59:44.0961 3444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:44.0963 3444 IpFilterDriver - ok
14:59:44.0983 3444 IpInIp - ok
14:59:45.0020 3444 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:59:45.0022 3444 IPMIDRV - ok
14:59:45.0058 3444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:59:45.0060 3444 IPNAT - ok
14:59:45.0100 3444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:59:45.0102 3444 IRENUM - ok
14:59:45.0143 3444 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:59:45.0145 3444 isapnp - ok
14:59:45.0201 3444 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:45.0204 3444 iScsiPrt - ok
14:59:45.0246 3444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:59:45.0248 3444 iteatapi - ok
14:59:45.0285 3444 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
14:59:45.0287 3444 itecir - ok
14:59:45.0324 3444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:59:45.0326 3444 iteraid - ok
14:59:45.0390 3444 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
14:59:45.0394 3444 k57nd60x - ok
14:59:45.0420 3444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:45.0422 3444 kbdclass - ok
14:59:45.0455 3444 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:45.0456 3444 kbdhid - ok
14:59:45.0529 3444 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:59:45.0536 3444 KSecDD - ok
14:59:45.0695 3444 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:59:45.0696 3444 Lavasoft Kernexplorer - ok
14:59:45.0809 3444 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:59:45.0811 3444 Lbd - ok
14:59:45.0876 3444 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
14:59:45.0877 3444 lirsgt - ok
14:59:45.0932 3444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:59:45.0935 3444 lltdio - ok
14:59:45.0998 3444 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:59:46.0000 3444 LSI_FC - ok
14:59:46.0038 3444 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:59:46.0040 3444 LSI_SAS - ok
14:59:46.0077 3444 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:59:46.0079 3444 LSI_SCSI - ok
14:59:46.0119 3444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:59:46.0121 3444 luafv - ok
14:59:46.0188 3444 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:59:46.0189 3444 MBAMProtector - ok
14:59:46.0235 3444 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:59:46.0236 3444 megasas - ok
14:59:46.0286 3444 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:59:46.0291 3444 MegaSR - ok
14:59:46.0332 3444 MEMSWEEP2 - ok
14:59:46.0358 3444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:59:46.0360 3444 Modem - ok
14:59:46.0403 3444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:59:46.0404 3444 monitor - ok
14:59:46.0430 3444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:59:46.0432 3444 mouclass - ok
14:59:46.0455 3444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:59:46.0456 3444 mouhid - ok
14:59:46.0480 3444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:59:46.0482 3444 MountMgr - ok
14:59:46.0521 3444 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:59:46.0523 3444 mpio - ok
14:59:46.0560 3444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:59:46.0562 3444 mpsdrv - ok
14:59:46.0623 3444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:59:46.0625 3444 Mraid35x - ok
14:59:46.0714 3444 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:59:46.0716 3444 MRxDAV - ok
14:59:46.0781 3444 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:46.0783 3444 mrxsmb - ok
14:59:46.0838 3444 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:46.0842 3444 mrxsmb10 - ok
14:59:46.0881 3444 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:46.0883 3444 mrxsmb20 - ok
14:59:46.0938 3444 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:59:46.0940 3444 msahci - ok
14:59:46.0973 3444 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:59:46.0975 3444 msdsm - ok
14:59:47.0023 3444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:59:47.0024 3444 Msfs - ok
14:59:47.0048 3444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:59:47.0050 3444 msisadrv - ok
14:59:47.0096 3444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:59:47.0097 3444 MSKSSRV - ok
14:59:47.0122 3444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:47.0123 3444 MSPCLOCK - ok
14:59:47.0152 3444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:59:47.0153 3444 MSPQM - ok
14:59:47.0198 3444 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:59:47.0201 3444 MsRPC - ok
14:59:47.0233 3444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:47.0235 3444 mssmbios - ok
14:59:47.0258 3444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:59:47.0259 3444 MSTEE - ok
14:59:47.0302 3444 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:59:47.0304 3444 Mup - ok
14:59:47.0358 3444 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:59:47.0361 3444 NativeWifiP - ok
14:59:47.0398 3444 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:59:47.0406 3444 NDIS - ok
14:59:47.0428 3444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:47.0430 3444 NdisTapi - ok
14:59:47.0471 3444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:47.0472 3444 Ndisuio - ok
14:59:47.0505 3444 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:47.0507 3444 NdisWan - ok
14:59:47.0557 3444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:59:47.0559 3444 NDProxy - ok
14:59:47.0591 3444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:59:47.0593 3444 NetBIOS - ok
14:59:47.0629 3444 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:59:47.0632 3444 netbt - ok
14:59:47.0699 3444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:59:47.0700 3444 nfrd960 - ok
14:59:47.0760 3444 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:59:47.0761 3444 Npfs - ok
14:59:47.0784 3444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:59:47.0786 3444 nsiproxy - ok
14:59:47.0878 3444 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:59:47.0894 3444 Ntfs - ok
14:59:47.0919 3444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:59:47.0920 3444 ntrigdigi - ok
14:59:47.0939 3444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:59:47.0942 3444 Null - ok
14:59:47.0979 3444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:59:47.0981 3444 nvraid - ok
14:59:48.0008 3444 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:59:48.0010 3444 nvstor - ok
14:59:48.0041 3444 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:59:48.0043 3444 nv_agp - ok
14:59:48.0059 3444 NwlnkFlt - ok
14:59:48.0080 3444 NwlnkFwd - ok
14:59:48.0134 3444 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
14:59:48.0136 3444 OA001Ufd - ok
14:59:48.0168 3444 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
14:59:48.0172 3444 OA001Vid - ok
14:59:48.0241 3444 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:59:48.0243 3444 ohci1394 - ok
14:59:48.0299 3444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:59:48.0301 3444 Parport - ok
14:59:48.0351 3444 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:59:48.0353 3444 partmgr - ok
14:59:48.0388 3444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:59:48.0389 3444 Parvdm - ok
14:59:48.0425 3444 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:59:48.0428 3444 pci - ok
14:59:48.0467 3444 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:59:48.0468 3444 pciide - ok
14:59:48.0502 3444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:59:48.0505 3444 pcmcia - ok
14:59:48.0575 3444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:59:48.0588 3444 PEAUTH - ok
14:59:48.0687 3444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:59:48.0689 3444 PptpMiniport - ok
14:59:48.0731 3444 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:59:48.0732 3444 Processor - ok
14:59:48.0784 3444 prodrv06 (e87132348aaa995fcb3a8870f0da525d) C:\Windows\System32\drivers\prodrv06.sys
14:59:48.0786 3444 prodrv06 - ok
14:59:48.0838 3444 prohlp02 (efa0b90d3f2ddd18f064f94a3e9aa503) C:\Windows\system32\drivers\prohlp02.sys
14:59:48.0841 3444 prohlp02 - ok
14:59:48.0881 3444 prosync1 (cc3d1bb199cbb576b0fbaaba626b6714) C:\Windows\system32\drivers\prosync1.sys
14:59:48.0882 3444 prosync1 - ok
14:59:48.0946 3444 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:59:48.0948 3444 PSched - ok
14:59:49.0031 3444 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:59:49.0048 3444 ql2300 - ok
14:59:49.0095 3444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:59:49.0097 3444 ql40xx - ok
14:59:49.0142 3444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:59:49.0144 3444 QWAVEdrv - ok
14:59:49.0302 3444 R300 (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:49.0354 3444 R300 - ok
14:59:49.0380 3444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:59:49.0381 3444 RasAcd - ok
14:59:49.0437 3444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:49.0439 3444 Rasl2tp - ok
14:59:49.0481 3444 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:49.0483 3444 RasPppoe - ok
14:59:49.0512 3444 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:59:49.0515 3444 RasSstp - ok
14:59:49.0560 3444 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:59:49.0564 3444 rdbss - ok
14:59:49.0634 3444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:49.0635 3444 RDPCDD - ok
14:59:49.0681 3444 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:59:49.0685 3444 rdpdr - ok
14:59:49.0704 3444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:59:49.0706 3444 RDPENCDD - ok
14:59:49.0767 3444 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:59:49.0770 3444 RDPWD - ok
14:59:49.0857 3444 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:59:49.0859 3444 RFCOMM - ok
14:59:49.0916 3444 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:59:49.0918 3444 rimmptsk - ok
14:59:49.0937 3444 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:59:49.0939 3444 rimsptsk - ok
14:59:49.0960 3444 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:59:49.0962 3444 rismxdp - ok
14:59:50.0015 3444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:59:50.0017 3444 rspndr - ok
14:59:50.0059 3444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:59:50.0061 3444 sbp2port - ok
14:59:50.0116 3444 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:59:50.0118 3444 sdbus - ok
14:59:50.0154 3444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:59:50.0156 3444 secdrv - ok
14:59:50.0190 3444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:59:50.0191 3444 Serenum - ok
14:59:50.0230 3444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:59:50.0232 3444 Serial - ok
14:59:50.0269 3444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:59:50.0270 3444 sermouse - ok
14:59:50.0322 3444 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:59:50.0323 3444 sffdisk - ok
14:59:50.0358 3444 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:59:50.0360 3444 sffp_mmc - ok
14:59:50.0402 3444 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:59:50.0403 3444 sffp_sd - ok
14:59:50.0448 3444 sfhlp01 (95654a66531b8a198d0d5d153cc95f8e) C:\Windows\system32\drivers\sfhlp01.sys
14:59:50.0450 3444 sfhlp01 - ok
14:59:50.0482 3444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:59:50.0483 3444 sfloppy - ok
14:59:50.0559 3444 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:59:50.0561 3444 sisagp - ok
14:59:50.0598 3444 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:59:50.0600 3444 SiSRaid2 - ok
14:59:50.0636 3444 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:59:50.0638 3444 SiSRaid4 - ok
14:59:50.0748 3444 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:59:50.0750 3444 Smb - ok
14:59:50.0787 3444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:59:50.0789 3444 spldr - ok
14:59:50.0871 3444 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
14:59:50.0871 3444 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
14:59:50.0874 3444 sptd ( LockedFile.Multi.Generic ) - warning
14:59:50.0874 3444 sptd - detected LockedFile.Multi.Generic (1)
14:59:50.0952 3444 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:59:50.0957 3444 srv - ok
14:59:51.0036 3444 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:59:51.0039 3444 srv2 - ok
14:59:51.0083 3444 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:59:51.0085 3444 srvnet - ok
14:59:51.0147 3444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:59:51.0148 3444 ssmdrv - ok
14:59:51.0210 3444 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
14:59:51.0211 3444 SSPORT - ok
14:59:51.0271 3444 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
14:59:51.0273 3444 ss_bus - ok
14:59:51.0328 3444 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
14:59:51.0329 3444 ss_mdfl - ok
14:59:51.0378 3444 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
14:59:51.0381 3444 ss_mdm - ok
14:59:51.0474 3444 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
14:59:51.0475 3444 StarOpen - ok
14:59:51.0520 3444 STHDA (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
14:59:51.0526 3444 STHDA - ok
14:59:51.0581 3444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:59:51.0582 3444 swenum - ok
14:59:51.0633 3444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:59:51.0634 3444 Symc8xx - ok
14:59:51.0675 3444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:59:51.0677 3444 Sym_hi - ok
14:59:51.0725 3444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:59:51.0727 3444 Sym_u3 - ok
14:59:51.0865 3444 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
14:59:51.0877 3444 Tcpip - ok
14:59:51.0931 3444 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
14:59:51.0944 3444 Tcpip6 - ok
14:59:51.0989 3444 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:59:51.0991 3444 tcpipreg - ok
14:59:52.0033 3444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:59:52.0034 3444 TDPIPE - ok
14:59:52.0068 3444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:59:52.0070 3444 TDTCP - ok
14:59:52.0127 3444 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:59:52.0129 3444 tdx - ok
14:59:52.0168 3444 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:59:52.0170 3444 TermDD - ok
14:59:52.0252 3444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:52.0254 3444 tssecsrv - ok
14:59:52.0291 3444 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:59:52.0293 3444 tunmp - ok
14:59:52.0365 3444 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:59:52.0366 3444 tunnel - ok
14:59:52.0405 3444 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:59:52.0407 3444 uagp35 - ok
14:59:52.0471 3444 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:59:52.0475 3444 udfs - ok
14:59:52.0519 3444 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:59:52.0521 3444 uliagpkx - ok
14:59:52.0561 3444 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:59:52.0565 3444 uliahci - ok
14:59:52.0613 3444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:59:52.0616 3444 UlSata - ok
14:59:52.0672 3444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:59:52.0674 3444 ulsata2 - ok
14:59:52.0725 3444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:59:52.0727 3444 umbus - ok
14:59:52.0831 3444 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:59:52.0832 3444 UnlockerDriver5 - ok
14:59:52.0907 3444 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:52.0909 3444 usbccgp - ok
14:59:52.0940 3444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:59:52.0942 3444 usbcir - ok
14:59:52.0980 3444 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:59:52.0982 3444 usbehci - ok
14:59:53.0016 3444 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:59:53.0019 3444 usbhub - ok
14:59:53.0058 3444 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:59:53.0059 3444 usbohci - ok
14:59:53.0102 3444 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:59:53.0103 3444 usbprint - ok
14:59:53.0160 3444 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:59:53.0162 3444 usbscan - ok
14:59:53.0215 3444 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:53.0217 3444 USBSTOR - ok
14:59:53.0278 3444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:53.0280 3444 usbuhci - ok
14:59:53.0318 3444 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:53.0320 3444 vga - ok
14:59:53.0348 3444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:59:53.0350 3444 VgaSave - ok
14:59:53.0385 3444 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:59:53.0387 3444 viaagp - ok
14:59:53.0419 3444 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:59:53.0420 3444 ViaC7 - ok
14:59:53.0459 3444 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:59:53.0461 3444 viaide - ok
14:59:53.0481 3444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:59:53.0483 3444 volmgr - ok
14:59:53.0547 3444 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:59:53.0552 3444 volmgrx - ok
14:59:53.0621 3444 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:59:53.0626 3444 volsnap - ok
14:59:53.0668 3444 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:59:53.0671 3444 vsmraid - ok
14:59:53.0713 3444 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:59:53.0717 3444 VSTHWBS2 - ok
14:59:53.0790 3444 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:59:53.0804 3444 VST_DPV - ok
14:59:53.0860 3444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:59:53.0861 3444 WacomPen - ok
14:59:53.0895 3444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:53.0898 3444 Wanarp - ok
14:59:53.0907 3444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:53.0910 3444 Wanarpv6 - ok
14:59:53.0957 3444 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:59:53.0959 3444 Wd - ok
14:59:54.0005 3444 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:59:54.0013 3444 Wdf01000 - ok
14:59:54.0107 3444 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:59:54.0116 3444 winachsf - ok
14:59:54.0197 3444 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:59:54.0199 3444 WmiAcpi - ok
14:59:54.0258 3444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:59:54.0260 3444 ws2ifsl - ok
14:59:54.0312 3444 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:59:54.0313 3444 WSDPrintDevice - ok
14:59:54.0367 3444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:59:54.0369 3444 WUDFRd - ok
14:59:54.0422 3444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:59:54.0443 3444 \Device\Harddisk0\DR0 - ok
14:59:54.0459 3444 Boot (0x1200) (2045b22ae7a0c980add1b4130b40a01d) \Device\Harddisk0\DR0\Partition0
14:59:54.0461 3444 \Device\Harddisk0\DR0\Partition0 - ok
14:59:54.0467 3444 Boot (0x1200) (84e7f347abbc3880d37553383eca1bd2) \Device\Harddisk0\DR0\Partition1
14:59:54.0468 3444 \Device\Harddisk0\DR0\Partition1 - ok
14:59:54.0473 3444 ============================================================
14:59:54.0473 3444 Scan finished
14:59:54.0473 3444 ============================================================
14:59:54.0490 3440 Detected object count: 1
14:59:54.0491 3440 Actual detected object count: 1
15:00:03.0126 3440 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:00:03.0126 3440 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
24.09.2011, 14:55
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Roo/Tdds erfolglos bekämpft? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
24.09.2011, 15:57
| #19 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? So, Combofix ist auch durch: Code:
ATTFilter ComboFix 11-09-24.01 - XB 24.09.2011 16:38:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3581.2688 [GMT 2:00]
ausgeführt von:: c:\users\XB\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\windows\IsUn0407.exe
c:\windows\system32\srcr.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-24 bis 2011-09-24 ))))))))))))))))))))))))))))))
.
.
2011-09-24 12:49 . 2011-09-24 12:49 1449114 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-09-24 12:13 . 2011-09-24 12:13 -------- d-----w- C:\_OTL
2011-09-22 16:28 . 2011-09-22 16:28 -------- d-----w- c:\program files\MozBackup
2011-09-22 15:13 . 2011-09-22 15:13 -------- d-----w- c:\program files\ESET
2011-09-21 18:07 . 2011-09-21 18:07 -------- d-----w- c:\users\XB\AppData\Roaming\Malwarebytes
2011-09-21 18:07 . 2011-09-21 18:07 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 18:07 . 2011-09-21 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-21 18:07 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 18:01 . 2011-09-21 18:01 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-21 17:21 . 2011-09-21 17:21 -------- d--h--r- c:\users\XB\AppData\Roaming\SecuROM
2011-09-21 07:34 . 2011-09-21 07:34 102400 ----a-w- c:\windows\RegBootClean.exe
2011-09-21 07:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-20 21:52 . 2011-09-20 21:52 -------- d-----w- c:\program files\Sophos
2011-09-20 21:38 . 2011-09-20 21:38 -------- d-----w- c:\program files\Avira
2011-09-20 14:34 . 2011-09-20 14:34 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-20 14:33 . 2011-09-20 14:34 -------- d--h--w- c:\programdata\Hitman Pro
2011-09-17 10:58 . 2011-09-21 15:16 -------- d-----w- c:\program files\Common Files\Steam
2011-09-17 10:57 . 2011-09-23 15:56 -------- d-----w- c:\program files\Steam
2011-09-16 16:44 . 2011-08-12 02:44 7152464 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A79BDD4-5B48-4037-B143-09A7752CAB9A}\mpengine.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 13:04 . 2011-05-17 16:02 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 13:25 . 2011-08-25 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-15 16:07 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 06:35 . 2010-04-02 16:44 101720 ---ha-w- c:\windows\system32\drivers\SBREDrv.sys
2009-04-24 15:01 . 2009-04-24 15:01 9819136 ----a-w- c:\program files\openofficeorg31.msi
2008-09-30 15:48 . 2008-09-30 15:48 9776640 ----a-w- c:\program files\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-07 16:26 . 2011-05-31 18:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-15 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\XB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XB\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-10 12:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1c9857b8b2f9105;Google Update Service (gupdate1c9857b8b2f9105);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-03-11 29736]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A479.tmp [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-14 717296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-03-11 149208]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-03-11 277624]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 23518345
*NewlyCreated* - 23525287
*Deregistered* - 23518345
*Deregistered* - 23525287
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 13:40]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:16]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4080910
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XB\AppData\Roaming\Mozilla\Firefox\Profiles\aou9vsu3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-97776012.sys
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-24 16:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A479.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3073598487-600519957-3315168187-1000\Software\SecuROM\License information*]
"datasecu"=hex:df,02,08,42,5e,02,73,d7,af,a0,0a,af,4b,ca,2b,8a,08,dd,c0,00,6b,
1d,35,46,f0,d3,ce,90,b4,da,c9,1a,62,37,ec,5a,41,df,48,dd,67,de,e6,bd,32,f0,\
"rkeysecu"=hex:e7,3c,94,71,5b,91,c2,a5,ca,5e,4c,73,5a,01,a9,c9
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-09-24 16:52:23
ComboFix-quarantined-files.txt 2011-09-24 14:52
.
Vor Suchlauf: 7 Verzeichnis(se), 149.965.443.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 149.924.421.632 Bytes frei
.
- - End Of File - - 55C32AF2AA78F21DA54A33ACD1CC949D
|
|
24.09.2011, 16:30
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Roo/Tdds erfolglos bekämpft? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2011, 18:43
| #21 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? Hier ist das GMER-Log. Das Programm hat sich zwar nicht aufgehangen, aber irgendwann kam die Meldung "The scan was stopped." Ob d.h., dass fertig gescannt wurde weiß ich nicht. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-24 19:39:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gotcuqfr.exe; Driver: C:\Users\XB\AppData\Local\Temp\pxldipoc.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? B16F72D0
INT 0x62 ? B16F7050
INT 0x71 ? B38A27D0
INT 0x72 ? B16F7550
INT 0x81 ? B38A2CD0
INT 0x82 ? B38A57D0
INT 0x91 ? B38A2A50
INT 0xA0 ? B38A22D0
INT 0xA2 ? B16F7A50
INT 0xB0 ? B38AA7D0
INT 0xB1 ? B16F7CD0
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spkt.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xBB60A000, 0x213FE7, 0xE8000020]
.text USBPORT.SYS!DllUnload BBF7441B 5 Bytes JMP B338D4E0
.text ai04huq0.SYS BC20F000 22 Bytes [82, 73, DC, E2, 6C, 72, DC, ...]
.text ai04huq0.SYS BC20F017 137 Bytes [00, 32, B7, 99, B7, 3D, B5, ...]
.text ai04huq0.SYS BC20F0A1 43 Bytes [F0, AA, E2, 74, E6, A4, E2, ...]
.text ai04huq0.SYS BC20F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text ai04huq0.SYS BC20F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
? system32\DRIVERS\avgntflt.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xCDAED300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xCDBC0300, 0x1B7E, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\XB\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B78A2048] \SystemRoot\System32\Drivers\spkt.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs B16AE1F8
Device \FileSystem\fastfat \FatCdrom B3D2A4D0
Device \Driver\volmgr \Device\VolMgrControl B0D181F8
Device \Driver\usbuhci \Device\USBPDO-0 B33C01F8
Device \Driver\usbuhci \Device\USBPDO-1 B33C01F8
Device \Driver\usbehci \Device\USBPDO-2 B33CA1F8
Device \Driver\usbuhci \Device\USBPDO-3 B33C01F8
Device \Driver\usbuhci \Device\USBPDO-4 B33C01F8
Device \Driver\usbuhci \Device\USBPDO-5 B33C01F8
Device \Driver\usbehci \Device\USBPDO-6 B33CA1F8
Device \Driver\volmgr \Device\HarddiskVolume1 B0D181F8
Device \Driver\volmgr \Device\HarddiskVolume2 B0D181F8
Device \Driver\cdrom \Device\CdRom0 B33CE1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)
Device \Driver\volmgr \Device\HarddiskVolume3 B0D181F8
Device \Driver\cdrom \Device\CdRom1 B33CE1F8
Device \Driver\prohlp02 \Device\ProHlp02 BA246A08
Device \Driver\netbt \Device\NetBt_Wins_Export B08CC500
Device \Driver\netbt \Device\NetBT_Tcpip_{1D4AA4CE-FA5C-4D1D-8845-B69DCC52D969} B08CC500
Device \Driver\Smb \Device\NetbiosSmb B3CB41F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AAEF5F1E-EDBC-4AE0-9A9A-3EA018D664A2} B08CC500
Device \Driver\iScsiPrt \Device\RaidPort0 B383B1F8
Device \Driver\usbuhci \Device\USBFDO-0 B33C01F8
Device \Driver\PCI_PNP6872 \Device\0000006d spkt.sys
Device \Driver\usbuhci \Device\USBFDO-1 B33C01F8
Device \Driver\usbehci \Device\USBFDO-2 B33CA1F8
Device \Driver\usbuhci \Device\USBFDO-3 B33C01F8
Device \Driver\usbuhci \Device\USBFDO-4 B33C01F8
Device \Driver\sptd \Device\1839898909 spkt.sys
Device \Driver\usbuhci \Device\USBFDO-5 B33C01F8
Device \Driver\usbehci \Device\USBFDO-6 B33CA1F8
Device \Driver\ai04huq0 \Device\Scsi\ai04huq01Port2Path0Target0Lun0 B33C21F8
Device \Driver\ai04huq0 \Device\Scsi\ai04huq01 B33C21F8
Device \FileSystem\fastfat \Fat B3D2A4D0
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs B0E6B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1be032d
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x7D 0xF4 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEE 0x66 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x07 0xF0 0xE1 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1be032d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x7D 0xF4 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEE 0x66 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x07 0xF0 0xE1 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe1be032d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0x7D 0xF4 0xD8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEE 0x66 0x3F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x07 0xF0 0xE1 0xE1 ...
---- EOF - GMER 1.0.15 ----
|
|
24.09.2011, 18:54
| #22 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? Hier OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:52:48 on 24.09.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 6.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "Nero BurnRights" - ? - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ai04huq0" (ai04huq0) - "Microsoft Corporation" - C:\Windows\system32\drivers\ai04huq0.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - ? - C:\Windows\System32\DRIVERS\avgntflt.sys (File not found) "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys "catchme" (catchme) - ? - C:\Users\XB\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\A479.tmp (File not found) "pxldipoc" (pxldipoc) - ? - C:\Users\XB\AppData\Local\Temp\pxldipoc.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys "StarForce Protection Environment Driver v6" (prodrv06) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver v2" (prohlp02) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prosync1.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - ? - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE (File not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {5A7B2149-7840-4531-B7B4-58F0F1CB0A6E} "IMAPIShlXt Class" - "Dell Inc" - C:\Windows\IMAPIShellExt.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - ? - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll (File not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\XB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\XB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe (File not found) "Dock Login Service" (DockLoginService) - "Stardock Corporation" - C:\Program Files\Dell\DellDock\DockLogin.exe "Google Update Service (gupdate1c9857b8b2f9105)" (gupdate1c9857b8b2f9105) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter (File not found) [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
24.09.2011, 20:11
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Roo/Tdds erfolglos bekämpft? aswMBR kommt auch gleich?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2011, 20:24
| #24 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? Jupp, hab's grad nochmal neu gestartet, da es sich scheinbar bei einer Datei aufgehangen hat. Hat jedenfalls eine halbe Stunde lang nicht weiter gemacht. |
|
24.09.2011, 22:34
| #25 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? Diesmal hat's geklappt. Er hat sich trotzdem irgendwann an einer Datei verhakt. Ich poste mal das Logfile bis hierher, viel wäre ohnehin nicht mehr gekommen. Vielleicht hilft das schon weiter. Ansonsten versuche ich morgen nochmal einen vollständigen Durchlauf und lösche die Dateien, bei denen das Programm sich anscheinend gerne sehr lange aufhält. Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-24 21:20:35
-----------------------------
21:20:35.266 OS Version: Windows 6.0.6002 Service Pack 2
21:20:35.267 Number of processors: 2 586 0x1706
21:20:35.270 ComputerName: XB-PC UserName: XB
21:20:37.409 Initialize success
21:20:45.107 AVAST engine defs: 11092401
21:20:48.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:20:48.229 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:20:51.055 Disk 0 MBR read successfully
21:20:51.163 Disk 0 MBR scan
21:20:51.171 Disk 0 Windows VISTA default MBR code
21:20:51.348 Disk 0 scanning sectors +625139712
21:20:52.119 Disk 0 scanning C:\Windows\system32\drivers
21:24:23.102 Service scanning
21:24:24.570 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:24:25.201 Modules scanning
21:28:05.139 Disk 0 trace - called modules:
21:28:05.273 ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spkt.sys >>UNKNOWN [0xb1666938]<<
21:28:05.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225f4f8]
21:28:05.292 3 CLASSPNP.SYS[b81c58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb177b030]
21:28:07.466 AVAST engine scan C:\Windows
21:32:01.850 AVAST engine scan C:\Windows\system32
21:57:03.523 AVAST engine scan C:\Windows\system32\drivers
22:03:12.091 AVAST engine scan C:\Users\XB
23:28:06.664 Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat"
23:28:06.684 The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt"
|
|
26.09.2011, 10:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner & Roo/Tdds erfolglos bekämpft? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2011, 16:10
| #27 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? OK, danke, mache mich dann an die weiteren Scans. Hier ist erstmal noch das vollständige aswMBR Log, das ich noch schuldig war.  HTML-Code: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-09-24 21:20:35 ----------------------------- 21:20:35.266 OS Version: Windows 6.0.6002 Service Pack 2 21:20:35.267 Number of processors: 2 586 0x1706 21:20:35.270 ComputerName: XB-PC UserName: XB 21:20:37.409 Initialize success 21:20:45.107 AVAST engine defs: 11092401 21:20:48.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:20:48.229 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 21:20:51.055 Disk 0 MBR read successfully 21:20:51.163 Disk 0 MBR scan 21:20:51.171 Disk 0 Windows VISTA default MBR code 21:20:51.348 Disk 0 scanning sectors +625139712 21:20:52.119 Disk 0 scanning C:\Windows\system32\drivers 21:24:23.102 Service scanning 21:24:24.570 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 21:24:25.201 Modules scanning 21:28:05.139 Disk 0 trace - called modules: 21:28:05.273 ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spkt.sys >>UNKNOWN [0xb1666938]<< 21:28:05.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225f4f8] 21:28:05.292 3 CLASSPNP.SYS[b81c58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb177b030] 21:28:07.466 AVAST engine scan C:\Windows 21:32:01.850 AVAST engine scan C:\Windows\system32 21:57:03.523 AVAST engine scan C:\Windows\system32\drivers 22:03:12.091 AVAST engine scan C:\Users\XB 23:28:06.664 Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat" 23:28:06.684 The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt" aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-09-26 12:19:12 ----------------------------- 12:19:12.556 OS Version: Windows 6.0.6002 Service Pack 2 12:19:12.556 Number of processors: 2 586 0x1706 12:19:12.559 ComputerName: XB-PC UserName: XB 12:20:05.883 Initialize success 12:21:37.513 AVAST engine defs: 11092502 12:24:43.182 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:24:43.187 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 12:24:45.277 Disk 0 MBR read successfully 12:24:45.282 Disk 0 MBR scan 12:24:45.290 Disk 0 Windows VISTA default MBR code 12:24:45.298 Disk 0 scanning sectors +625139712 12:24:45.437 Disk 0 scanning C:\Windows\system32\drivers 12:25:08.533 Service scanning 12:25:10.138 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 12:25:10.772 Modules scanning 12:25:21.872 Disk 0 trace - called modules: 12:25:21.919 ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spec.sys >>UNKNOWN [0xb1666938]<< 12:25:21.927 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225eac8] 12:25:22.282 3 CLASSPNP.SYS[b81be8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb1786030] 12:25:24.350 AVAST engine scan C:\Windows 12:25:30.600 AVAST engine scan C:\Windows\system32 12:29:10.401 AVAST engine scan C:\Windows\system32\drivers 12:29:39.604 AVAST engine scan C:\Users\XB 12:48:36.594 AVAST engine scan C:\ProgramData 12:53:23.790 Scan finished successfully 17:07:28.750 Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat" 17:07:28.765 The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt" |
|
26.09.2011, 17:36
| #28 |
| | Trojaner & Roo/Tdds erfolglos bekämpft? Hier ist schonmal Malwarebytes, der Rest folgt später... Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7801
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413
26.09.2011 18:32:16
mbam-log-2011-09-26 (18-32-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 340659
Laufzeit: 1 Stunde(n), 17 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Trojaner & Roo/Tdds erfolglos bekämpft? |
| ad-aware, antivir, aufrufe, avira, combofix, e-banking, festplatte, forum, harddisk, hintergrund, kaputt, laptop, links, namen, object, problem, programme, rootkit, rootkit.boot.sst.a, scan, software, system, system32, systemwiederherstellung, trojaner, vista, windows, windows vista |
Linear-Darstellung
