| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.12.2011, 21:09
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GEMA Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.12.2011, 14:51
| #2 |
 | GEMA Trojaner Der Scanner hat was böses gefunden. Habe aber auch hierfür zunächst "skip" eingestellt. Logdatei sieht wie folgt aus:
__________________Code:
ATTFilter 14:44:36.0755 2688 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:44:36.0896 2688 ============================================================
14:44:36.0896 2688 Current date / time: 2011/12/16 14:44:36.0896
14:44:36.0896 2688 SystemInfo:
14:44:36.0896 2688
14:44:36.0896 2688 OS Version: 5.1.2600 ServicePack: 2.0
14:44:36.0896 2688 Product type: Workstation
14:44:36.0896 2688 ComputerName: JULIA
14:44:36.0896 2688 UserName: juli
14:44:36.0896 2688 Windows directory: C:\WINDOWS
14:44:36.0896 2688 System windows directory: C:\WINDOWS
14:44:36.0896 2688 Processor architecture: Intel x86
14:44:36.0896 2688 Number of processors: 1
14:44:36.0896 2688 Page size: 0x1000
14:44:36.0896 2688 Boot type: Normal boot
14:44:36.0896 2688 ============================================================
14:44:37.0318 2688 Initialize success
14:45:31.0615 1864 ============================================================
14:45:31.0615 1864 Scan started
14:45:31.0615 1864 Mode: Manual; SigCheck; TDLFS;
14:45:31.0615 1864 ============================================================
14:45:31.0912 1864 Abiosdsk - ok
14:45:31.0943 1864 abp480n5 - ok
14:45:32.0052 1864 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys
14:45:32.0990 1864 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
14:45:32.0990 1864 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
14:45:33.0052 1864 acedrv09 (bd4e8c841716d5f2804ce000cfe61524) C:\WINDOWS\system32\drivers\acedrv09.sys
14:45:48.0130 1864 acedrv09 - ok
14:45:48.0224 1864 acehlp09 (7b19e528f2f40524e2c40f754a571eb8) C:\WINDOWS\system32\drivers\acehlp09.sys
14:45:48.0255 1864 acehlp09 - ok
14:45:48.0349 1864 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:49.0708 1864 ACPI - ok
14:45:49.0865 1864 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:45:50.0037 1864 ACPIEC - ok
14:45:50.0052 1864 adpu160m - ok
14:45:50.0130 1864 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:45:50.0490 1864 aec - ok
14:45:50.0537 1864 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:45:50.0615 1864 AFD - ok
14:45:50.0630 1864 Aha154x - ok
14:45:50.0646 1864 aic78u2 - ok
14:45:50.0662 1864 aic78xx - ok
14:45:50.0677 1864 AliIde - ok
14:45:50.0740 1864 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:45:50.0802 1864 AmdK8 - ok
14:45:50.0818 1864 amsint - ok
14:45:50.0880 1864 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:45:51.0037 1864 Arp1394 - ok
14:45:51.0052 1864 asc - ok
14:45:51.0068 1864 asc3350p - ok
14:45:51.0083 1864 asc3550 - ok
14:45:51.0130 1864 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:45:51.0302 1864 AsyncMac - ok
14:45:51.0318 1864 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:45:51.0474 1864 atapi - ok
14:45:51.0490 1864 Atdisk - ok
14:45:51.0521 1864 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:45:51.0662 1864 Atmarpc - ok
14:45:51.0724 1864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:45:51.0849 1864 audstub - ok
14:45:51.0912 1864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:45:52.0068 1864 Beep - ok
14:45:52.0115 1864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:52.0287 1864 cbidf2k - ok
14:45:52.0333 1864 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:45:52.0490 1864 CCDECODE - ok
14:45:52.0505 1864 cd20xrnt - ok
14:45:52.0537 1864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:52.0677 1864 Cdaudio - ok
14:45:52.0693 1864 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:52.0880 1864 Cdfs - ok
14:45:52.0927 1864 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:53.0052 1864 Cdrom - ok
14:45:53.0068 1864 Changer - ok
14:45:53.0146 1864 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:45:53.0302 1864 CmBatt - ok
14:45:53.0318 1864 CmdIde - ok
14:45:53.0333 1864 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:45:53.0474 1864 Compbatt - ok
14:45:53.0505 1864 Cpqarray - ok
14:45:53.0521 1864 dac2w2k - ok
14:45:53.0537 1864 dac960nt - ok
14:45:53.0552 1864 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:53.0662 1864 Disk - ok
14:45:53.0724 1864 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
14:45:53.0896 1864 dmboot - ok
14:45:53.0927 1864 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
14:45:54.0037 1864 dmio - ok
14:45:54.0068 1864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:45:54.0224 1864 dmload - ok
14:45:54.0287 1864 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:45:54.0412 1864 DMusic - ok
14:45:54.0427 1864 dpti2o - ok
14:45:54.0458 1864 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:54.0583 1864 drmkaud - ok
14:45:54.0615 1864 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:54.0802 1864 Fastfat - ok
14:45:54.0849 1864 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
14:45:55.0005 1864 Fdc - ok
14:45:55.0037 1864 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
14:45:55.0177 1864 Fips - ok
14:45:55.0208 1864 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:45:55.0349 1864 Flpydisk - ok
14:45:55.0380 1864 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:45:55.0740 1864 FltMgr - ok
14:45:55.0771 1864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:55.0896 1864 Fs_Rec - ok
14:45:55.0912 1864 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:56.0021 1864 Ftdisk - ok
14:45:56.0052 1864 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:56.0162 1864 Gpc - ok
14:45:56.0224 1864 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:45:56.0287 1864 HDAudBus - ok
14:45:56.0349 1864 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:45:56.0490 1864 HidUsb - ok
14:45:56.0537 1864 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
14:45:56.0552 1864 Hotkey ( UnsignedFile.Multi.Generic ) - warning
14:45:56.0552 1864 Hotkey - detected UnsignedFile.Multi.Generic (1)
14:45:56.0568 1864 hpn - ok
14:45:56.0630 1864 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:56.0677 1864 HTTP - ok
14:45:56.0708 1864 i2omgmt - ok
14:45:56.0708 1864 i2omp - ok
14:45:56.0771 1864 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:56.0927 1864 i8042prt - ok
14:45:56.0958 1864 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:57.0068 1864 Imapi - ok
14:45:57.0099 1864 ini910u - ok
14:45:57.0302 1864 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:45:57.0537 1864 IntcAzAudAddService - ok
14:45:57.0630 1864 IntelIde - ok
14:45:57.0693 1864 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:45:57.0833 1864 Ip6Fw - ok
14:45:57.0880 1864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:58.0037 1864 IpFilterDriver - ok
14:45:58.0052 1864 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:58.0193 1864 IpInIp - ok
14:45:58.0255 1864 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:58.0693 1864 IpNat - ok
14:45:58.0755 1864 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:58.0880 1864 IPSec - ok
14:45:58.0912 1864 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:58.0990 1864 IRENUM - ok
14:45:59.0021 1864 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:59.0146 1864 isapnp - ok
14:45:59.0208 1864 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:59.0318 1864 Kbdclass - ok
14:45:59.0380 1864 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:45:59.0537 1864 kbdhid - ok
14:45:59.0599 1864 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:46:00.0037 1864 kmixer - ok
14:46:00.0068 1864 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:46:00.0146 1864 KSecDD - ok
14:46:00.0162 1864 lbrtfdc - ok
14:46:00.0255 1864 LVMST (0c944e4f596780f7cd26686e577ef606) C:\WINDOWS\system32\DRIVERS\LVMST.sys
14:46:00.0365 1864 LVMST - ok
14:46:00.0380 1864 mailKmd - ok
14:46:00.0412 1864 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:46:00.0412 1864 MBAMProtector - ok
14:46:00.0443 1864 MBAMSwissArmy - ok
14:46:00.0490 1864 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:46:00.0568 1864 MHNDRV - ok
14:46:00.0615 1864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:46:00.0755 1864 mnmdd - ok
14:46:00.0802 1864 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
14:46:00.0958 1864 Modem - ok
14:46:01.0021 1864 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:46:01.0162 1864 Mouclass - ok
14:46:01.0208 1864 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:46:01.0333 1864 mouhid - ok
14:46:01.0396 1864 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:46:01.0537 1864 MountMgr - ok
14:46:01.0583 1864 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:46:01.0708 1864 MPE - ok
14:46:01.0724 1864 mraid35x - ok
14:46:01.0771 1864 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:46:01.0896 1864 MRxDAV - ok
14:46:01.0943 1864 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:46:02.0021 1864 MRxSmb - ok
14:46:02.0037 1864 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:46:02.0162 1864 Msfs - ok
14:46:02.0208 1864 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:46:02.0365 1864 MSKSSRV - ok
14:46:02.0396 1864 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:46:02.0552 1864 MSPCLOCK - ok
14:46:02.0568 1864 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:46:02.0693 1864 MSPQM - ok
14:46:02.0740 1864 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:46:02.0880 1864 mssmbios - ok
14:46:02.0927 1864 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:46:03.0068 1864 MSTEE - ok
14:46:03.0083 1864 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:46:03.0224 1864 Mup - ok
14:46:03.0271 1864 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:46:03.0396 1864 NABTSFEC - ok
14:46:03.0412 1864 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:46:03.0537 1864 NDIS - ok
14:46:03.0583 1864 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:46:03.0677 1864 NdisIP - ok
14:46:03.0724 1864 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:46:03.0849 1864 NdisTapi - ok
14:46:03.0896 1864 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:46:04.0365 1864 Ndisuio - ok
14:46:04.0380 1864 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:46:04.0490 1864 NdisWan - ok
14:46:04.0505 1864 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:46:04.0630 1864 NDProxy - ok
14:46:04.0646 1864 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:46:04.0771 1864 NetBIOS - ok
14:46:04.0818 1864 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:46:04.0927 1864 NetBT - ok
14:46:05.0005 1864 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:46:05.0115 1864 NIC1394 - ok
14:46:05.0130 1864 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:46:05.0240 1864 Npfs - ok
14:46:05.0287 1864 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:46:05.0443 1864 Ntfs - ok
14:46:05.0490 1864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:46:05.0615 1864 Null - ok
14:46:05.0802 1864 nv (3f539f457764d0989081d6d9aaabeb71) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:46:06.0021 1864 nv - ok
14:46:06.0130 1864 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
14:46:06.0193 1864 nvata - ok
14:46:06.0255 1864 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:46:06.0333 1864 NVENETFD - ok
14:46:06.0380 1864 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:46:06.0427 1864 nvnetbus - ok
14:46:06.0443 1864 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
14:46:06.0505 1864 nvsmu - ok
14:46:06.0552 1864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:46:06.0818 1864 NwlnkFlt - ok
14:46:06.0833 1864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:46:06.0958 1864 NwlnkFwd - ok
14:46:06.0990 1864 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:46:07.0115 1864 ohci1394 - ok
14:46:07.0177 1864 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
14:46:07.0302 1864 Parport - ok
14:46:07.0302 1864 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:46:07.0427 1864 PartMgr - ok
14:46:07.0474 1864 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:46:07.0615 1864 ParVdm - ok
14:46:07.0662 1864 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
14:46:07.0802 1864 PCI - ok
14:46:07.0818 1864 PCIDump - ok
14:46:07.0849 1864 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:46:07.0990 1864 PCIIde - ok
14:46:08.0037 1864 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:46:08.0162 1864 Pcmcia - ok
14:46:08.0177 1864 PDCOMP - ok
14:46:08.0193 1864 PDFRAME - ok
14:46:08.0208 1864 PDRELI - ok
14:46:08.0224 1864 PDRFRAME - ok
14:46:08.0240 1864 perc2 - ok
14:46:08.0255 1864 perc2hib - ok
14:46:08.0318 1864 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:08.0443 1864 PptpMiniport - ok
14:46:08.0505 1864 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
14:46:08.0630 1864 Processor - ok
14:46:08.0646 1864 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:08.0771 1864 PSched - ok
14:46:08.0771 1864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:08.0896 1864 Ptilink - ok
14:46:08.0943 1864 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:46:08.0958 1864 PxHelp20 - ok
14:46:08.0958 1864 ql1080 - ok
14:46:08.0974 1864 Ql10wnt - ok
14:46:08.0990 1864 ql12160 - ok
14:46:09.0005 1864 ql1240 - ok
14:46:09.0021 1864 ql1280 - ok
14:46:09.0068 1864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:09.0177 1864 RasAcd - ok
14:46:09.0208 1864 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:09.0333 1864 Rasl2tp - ok
14:46:09.0349 1864 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:09.0490 1864 RasPppoe - ok
14:46:09.0505 1864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:09.0630 1864 Raspti - ok
14:46:09.0677 1864 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:46:10.0162 1864 Rdbss - ok
14:46:10.0208 1864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:10.0333 1864 RDPCDD - ok
14:46:10.0396 1864 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:46:10.0521 1864 rdpdr - ok
14:46:10.0583 1864 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:10.0990 1864 RDPWD - ok
14:46:11.0052 1864 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:11.0177 1864 redbook - ok
14:46:11.0224 1864 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:46:11.0287 1864 rimmptsk - ok
14:46:11.0318 1864 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:46:11.0380 1864 rimsptsk - ok
14:46:11.0443 1864 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:46:11.0505 1864 rismxdp - ok
14:46:11.0568 1864 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:46:11.0708 1864 sdbus - ok
14:46:11.0740 1864 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:11.0818 1864 Secdrv - ok
14:46:11.0880 1864 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
14:46:12.0005 1864 Serial - ok
14:46:12.0052 1864 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:46:12.0177 1864 sffdisk - ok
14:46:12.0193 1864 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:46:12.0349 1864 sffp_sd - ok
14:46:12.0380 1864 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:46:12.0505 1864 Sfloppy - ok
14:46:12.0537 1864 Simbad - ok
14:46:12.0583 1864 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:46:12.0708 1864 SLIP - ok
14:46:12.0771 1864 smserial (05fe55f1a7ebb00b6288f078912e9603) C:\WINDOWS\system32\DRIVERS\smserial.sys
14:46:12.0896 1864 smserial - ok
14:46:12.0927 1864 Sparrow - ok
14:46:12.0974 1864 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:46:13.0427 1864 splitter - ok
14:46:13.0490 1864 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
14:46:13.0552 1864 sr - ok
14:46:13.0615 1864 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:46:13.0693 1864 Srv - ok
14:46:13.0724 1864 SSHDRV82 (d8c69b05dbad47479f9f344b117abf4f) C:\WINDOWS\system32\drivers\SSHDRV82.sys
14:46:13.0740 1864 SSHDRV82 ( UnsignedFile.Multi.Generic ) - warning
14:46:13.0740 1864 SSHDRV82 - detected UnsignedFile.Multi.Generic (1)
14:46:13.0787 1864 SSHDRV86 (f7f529976b672a38800d26e713f8ff18) C:\WINDOWS\system32\drivers\SSHDRV86.sys
14:46:13.0787 1864 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SSHDRV86.sys. Real md5: f7f529976b672a38800d26e713f8ff18, Fake md5: b9e31f2a3640403b0ea3a867bb73b9f4
14:46:13.0787 1864 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - infected
14:46:13.0787 1864 SSHDRV86 - detected Rootkit.Win32.ZAccess.aml (0)
14:46:13.0802 1864 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:46:13.0927 1864 streamip - ok
14:46:13.0958 1864 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:46:14.0099 1864 swenum - ok
14:46:14.0162 1864 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:46:14.0318 1864 swmidi - ok
14:46:14.0333 1864 symc810 - ok
14:46:14.0349 1864 symc8xx - ok
14:46:14.0365 1864 sym_hi - ok
14:46:14.0380 1864 sym_u3 - ok
14:46:14.0443 1864 SynTP (60b421663910fbb3c9b350b7efa75a68) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:46:14.0505 1864 SynTP - ok
14:46:14.0568 1864 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:46:14.0708 1864 sysaudio - ok
14:46:14.0771 1864 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:46:14.0833 1864 Tcpip - ok
14:46:14.0896 1864 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:46:15.0021 1864 TDPIPE - ok
14:46:15.0037 1864 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:46:15.0177 1864 TDTCP - ok
14:46:15.0240 1864 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:46:15.0365 1864 TermDD - ok
14:46:15.0380 1864 TosIde - ok
14:46:15.0458 1864 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:46:15.0583 1864 Udfs - ok
14:46:15.0599 1864 ultra - ok
14:46:15.0662 1864 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
14:46:16.0193 1864 Update - ok
14:46:16.0240 1864 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:46:16.0365 1864 usbccgp - ok
14:46:16.0427 1864 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:16.0552 1864 usbehci - ok
14:46:16.0583 1864 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:16.0693 1864 usbhub - ok
14:46:16.0740 1864 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:46:16.0865 1864 usbohci - ok
14:46:16.0912 1864 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:46:17.0052 1864 usbprint - ok
14:46:17.0099 1864 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:17.0224 1864 usbscan - ok
14:46:17.0318 1864 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:17.0458 1864 USBSTOR - ok
14:46:17.0521 1864 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:46:17.0662 1864 VgaSave - ok
14:46:17.0662 1864 ViaIde - ok
14:46:17.0724 1864 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:17.0880 1864 VolSnap - ok
14:46:17.0927 1864 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:18.0068 1864 Wanarp - ok
14:46:18.0130 1864 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:46:18.0177 1864 wanatw - ok
14:46:18.0193 1864 Wbutton - ok
14:46:18.0208 1864 WDICA - ok
14:46:18.0287 1864 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:18.0771 1864 wdmaud - ok
14:46:18.0865 1864 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:46:18.0990 1864 WmiAcpi - ok
14:46:19.0052 1864 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:46:19.0146 1864 WSTCODEC - ok
14:46:19.0224 1864 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
14:46:19.0287 1864 X10Hid - ok
14:46:19.0349 1864 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
14:46:19.0380 1864 XUIF - ok
14:46:19.0443 1864 ZD1211BU(ZyDAS) (77778a5d6d8b0fb3bd89b9f39c72c78d) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
14:46:19.0537 1864 ZD1211BU(ZyDAS) - ok
14:46:19.0552 1864 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
14:46:19.0568 1864 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
14:46:19.0568 1864 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
14:46:19.0599 1864 MBR (0x1B8) (ae330efad318eb44f0142039deeaa8c2) \Device\Harddisk0\DR0
14:46:20.0646 1864 \Device\Harddisk0\DR0 - ok
14:46:20.0662 1864 Boot (0x1200) (f545b97d15dccd300dabff39f40f3a2d) \Device\Harddisk0\DR0\Partition0
14:46:20.0662 1864 \Device\Harddisk0\DR0\Partition0 - ok
14:46:20.0662 1864 Boot (0x1200) (2b6e993ed881da8ea3e19393d5a97888) \Device\Harddisk0\DR0\Partition1
14:46:20.0662 1864 \Device\Harddisk0\DR0\Partition1 - ok
14:46:20.0662 1864 ============================================================
14:46:20.0662 1864 Scan finished
14:46:20.0662 1864 ============================================================
14:46:20.0818 0892 Detected object count: 5
14:46:20.0818 0892 Actual detected object count: 5
14:47:47.0302 0892 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 SSHDRV82 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 SSHDRV82 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - skipped by user
14:47:47.0318 0892 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip
14:47:47.0318 0892 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu GEMA Trojaner |
| 0x00000001, 5suxrt589cxuftg.exe, administrator, adobe, bho, canon, disabletaskmgr, einstellungen, explorer, format, gema trojaner, home, homepage, hotkey.sys, install.exe, installation, launch, logfile, mdm.exe, neu, nvidia, object, otl-datei, plug-in, realtek, registry, scan, seiten, software, trojane, trojaner, trojaner eingefangen, usb, wallpaper, windows, windows xp, winlogon |
Hybrid-Darstellung
