Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: AVCare, Win32Trojan.TDss und mehr ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.08.2009, 14:44   #1
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Beitrag

AVCare, Win32Trojan.TDss und mehr ?



Hallo,
ich habe mir gestern so gegen 23.00 AVCare eingefangen, des weiteren fielen mir ein Prozess msa.exe und eine beim Systemstart ausgeführte b.exe auf.
Symptome waren neben dem nervenden AVCare ein paar Systemabstürze und beim darauffolgenden Neustart ein schwarzer Bildschirm mit bewegbarer Maus (Icon:Uhrenglas) statt des Anmeldebildschirms,
Ein weiterer Neustart verlief dann "normal".
Avira AntiVir startete seitdem aber den Guard nicht mehr.
Die Dateien von AVCare habe ich nach einer Anleitung von www*411-spyware*com_de_avcare-entfernen gelöscht, ebenso die msa.exe aus C:\Windows.
Unter C:\Dokumente und Einstellungen\*Name*\Lokale Einstellungen\Temp\ fanden sich;
- a.exe, b.exe, c.exe
- eine Launcher.exe (Icon:Borland C++ Builder) die höchstwahrscheinlich unschuldig war.
Auch diese Dateien habe ich gelöscht und nach einem Neustart waren keine auffälligen Einträge mehr zu entdecken.
Antivir startete aber immernoch nicht den Guard, also unter services.msc den StartTyp auf Auto gesetzt. Jetzt ist der Schirm zwar auf, aber so richtig traute ich dem ganzen nicht.
AdAware zurategezogen und beim Intelligenten Scan "Win32Trojan.TDss" und ein paar Cookies gefunden, leider endete der Entfernvorgang aber mit einer Fehlermeldung und der zweimaligen Aufforderung einen Fehlerbericht an den Hersteller zu senden.
Die Recherche im Internet führte mich dann wieder auf ein paar Threads hier im Forum, die Programme um das Rootkit (und was sonst noch so da ist) zu entfernen waren mir zu speziell und griffen zu stark ins System ein um sie auszuprobieren. Also liess ich die Finger davon.
Vermutlich hätte ich so eine Idee schon ganz am Anfang haben sollen und nicht versuchen das ganze alleine zu lösen, ich hatte aber nicht mit einem solch schwerwiegenden und widerstandsfähigen Befall gerechnet. (Das Ding kann sich immerhin gegen viele Sachen wehren)
Malware Bytes Programm liess sich zuerst natürlich nicht richtig installieren. Am Ende startet der Prozess mbam.exe und das Setup bleibt beim Beenden hängen, startet man das Programm so erscheint wieder besagter Prozess, dummerweise aber kein passendes Fenster.
Das Starten von einer "Kopie von mbam.exe" funktioniert zwar aber der Entfernvorgang ist nutzlos, da nach dem notwendigen Neustart alles beim alten zu sein scheint, denn zumindest finden Prevx und AdAware immernoch Sachen.
Den Rat im abges. Modus UAC****** und Co zu entfernen habe ich auch befolgen wollen, dummerweise konnte ich diese Einträge nicht finden (Prevx meldet aber 4x uac***.dll und 1x uac***.sys).
Als Vorbereitung auf diesen Thread habe ich CCleaner durchlaufen lassen (und u.a. den Verlauf habe ich aber nicht löschen lassen) und dieser hat vermutlich auch die b.exe aus dem Autostart entfernt.

Ich bin mir inzwischen unsicher was sich alles eingeschlichen hat, gehören
-AVCare
-msa.exe
- a|b|c.exe
-Win32Trojan.TDSss
denn alle zusammen ?

Benutzen kann ich im Moment die meisten Programme normal und ohne merkliche Geschwindigkeitseinbußen. Auch ein kleiner Blick auf den Netzwerkverkehr (Ethereal) bleibt ohne Befund.
Hier im Forum habe ich bereits ein paar Beiträge gefunden die sich mit einem ähnlichen oder sogar demselben Krankheitsbild beschäftigen und wie geschildert habe ich versucht Teile davon umzusetzen.
Ich werde jetzt versuchen mich am Riemen zu reißen und nicht mehr am System rumdoktorn.
Ich hoffe das mir jemand hilft das System wieder von dem Befall oder den Befällen zu befreien.
Bitte nicht schlagen, aber mit HijackThis habe ich ganz am Anfang auch schon ein wenig gearbeitet, weil ich damit mal vor längerer Zeit ein anderes Anhängsel losgeworden bin.
Hier das aktuelle Log (CAPM4RSK.EXE und CAPM4SWK.EXE gehören zu einem Netzwerkdrucker):
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:00, on 08/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Prevx\prevx.exe
E:\HDV3\DTemp\DTemp.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\System32\svchost.exe
C:\remindme\RemindMe.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Prevx\prevx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\devldr32.exe
C:\npp\notepad++.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\bases\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (reboot)] "F:\Programme\Mabytes\Kopie von mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe
O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - 
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 1: (no name) - http://www.tomshardware.de/
O24 - Desktop Component 2: (no name) - C:\Dokumente und Einstellungen\*User*\Desktop\Neu Textdokument (4).html

--
End of file - 8793 bytes
         
und die Einträge aus den backups (zusammengefasst)
Code:
ATTFilter
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
         

Alt 20.08.2009, 15:14   #2
kira
/// Helfer-Team
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Hallo und Herzlich Willkommen!

Was ist ein Rootkit? (Professionelle Erklärung von `Wikipedia` und Kaspersky - bitte unbedingt lesen!:
(englisch etwa: „Administratorenbausatz“; root ist unter unixoiden und unixähnlichen Betriebssystemen der Benutzer mit Administratorrechten) ist eine Sammlung von Softwarewerkzeugen, die nach dem Einbruch in ein Computersystem auf dem kompromittierten System installiert wird, um zukünftige Logins des Eindringlings zu verbergen und Prozesse und Dateien zu verstecken)
Wie übertragen sich Rootkits?
Da eine hundertprozentige Erkennung von Rootkits unmöglich ist, ist die beste Methode zur Entfernung die komplette Neuinstallation.
Rootkit/wikipedia.org
Falls Du dein System doch reinigen möchtest:

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

2.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

5.
Lade und installiere das Tool RootRepeal herunter

- setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK"
- nach der Scan, klick auf "Save Report"
- speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow
__________________


Alt 20.08.2009, 22:25   #3
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Ich habe jetzt mehrmals versucht mit GMER das System zu scannen und jedesmal scheint er etwas weiter zu kommen, bevor er aufhört.
Dann geht nichts mehr, ein paar Klicks sind vielleicht noch möglich, aber selbst die Systemuhr wird dabei schon nicht mehr aktualisiert und auch die Festplatte hat dann schon länger aufgehört zu rattern.
Wie lange dauert ein erfolgreicher Scan bei ~20GB ungefähr auf einem P4 3 GHz, 3 oder eher 10 Stunden ?
Wenn ich das Programm starte wird direkt angefangen zu scannen, dann wird ein Komplett-Scan empfohlen welcher wie gesagt noch nicht durchgelaufen ist.
Ich werds weiter versuchen, die Punkte davor hab ich schon abgearbeitet, aber hier komm ich noch nicht voran da das scannen ja leider sehr langsam ist.
Nur um sicherzugehen, dieser komplette Scan ist erforderlich die Einträge die ganz am Anfang oder innerhalb der ersten halben Stunde gefunden werden reichen nicht ? Es scheinen keine neuen Einträge hinzuzukommen oder zumindest sieht es so aus wenn man auf die dicke des Balkens in der Scrollleiste achtet. Ein weiterer Versuch dürfte gleich wieder scheitern, ich häng dann die Berichte der ersten drei Punkte an.
__________________

Alt 21.08.2009, 01:11   #4
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Ich bzw. Gmer hat es wieder nicht geschafft, gibt es überhaupt eine Meldung wenn er fertig ist ?
Bin ich einfach zu ungeduldig und nach 12h scheinbarem Nichtstun ist er dann durch ?
Ich versuchs weiter.

Aufgabenliste:
1. Ist (bei mir) Standard
2. filelist 1.Teil
Code:
ATTFilter
<----- Root ----------------------------- 
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 8435-0B01

 Verzeichnis von C:\

08/20/2009  17:30                43 filelist.txt
08/20/2009  17:21     2.146.226.176 hiberfil.sys
08/20/2009  17:21       805.306.368 pagefile.sys
08/20/2009  02:17               211 boot.ini
04/20/2009  22:12               206 Statistik.txt
04/06/2009  01:23            13.030 PDOXUSRS.NET
03/03/2009  01:48             3.361 LGSInst.Log
 
----- Windows -------------------------- 
 Verzeichnis von C:\WINDOWS

08/20/2009  17:22                 0 0.log
08/20/2009  17:22               157 wiadebug.log
08/20/2009  17:22         1.358.455 WindowsUpdate.log
08/20/2009  17:22                50 wiaservc.log
08/20/2009  17:22             2.256 axcapmon.log
08/20/2009  17:21             2.048 bootstat.dat
08/20/2009  14:45             2.582 axcapmon.bak
08/20/2009  14:45            32.540 SchedLgU.Txt
08/20/2009  12:08               121 WinInit.ini
08/20/2009  12:02           499.150 setupapi.log
08/20/2009  11:57           476.198 ntbtlog.txt
08/20/2009  02:17               261 SYSTEM.INI
08/20/2009  02:17            11.427 win.ini
08/19/2009  23:19                10 run.log
08/19/2009  23:19                12 srun.log
08/17/2009  21:41                49 NeroDigital.ini
08/17/2009  20:11             3.937 scad3.INI
08/14/2009  22:27           244.987 wmsetup.log
08/11/2009  23:23            54.156 QTFont.qfn
08/10/2009  21:20           197.737 War3Unin.dat
07/24/2009  12:41           199.608 setupact.log
07/16/2009  11:40            80.030 spupdsvc.log
07/16/2009  11:39               352 spupdsvc.log.1.log
07/15/2009  21:43         1.878.390 iis6.log
07/15/2009  21:43           486.633 comsetup.log
07/15/2009  21:43           300.715 ntdtcsetup.log
07/15/2009  21:43             1.374 imsins.log
07/15/2009  21:43           739.451 tsoc.log
07/15/2009  21:43            78.871 ocmsn.log
07/15/2009  21:43            78.175 tabletoc.log
07/15/2009  21:43            85.547 KB973346.log
07/15/2009  21:43           276.519 netfxocm.log
07/15/2009  21:43           106.872 medctroc.Log
07/15/2009  21:43           813.466 ocgen.log
07/15/2009  21:43            80.517 msgsocm.log
07/15/2009  21:43         1.556.892 FaxSetup.log
07/15/2009  21:43           517.138 msmqinst.log
07/15/2009  21:39             1.374 imsins.BAK
07/15/2009  21:39            93.473 KB961371.log
07/15/2009  21:38           283.545 updspapi.log
07/15/2009  21:38            92.852 KB971633.log
07/15/2009  21:37           121.409 ie8_main.log
07/15/2009  21:37            84.229 KB971930-IE8.log
07/15/2009  21:37            99.076 KB969897-IE8.log
07/15/2009  21:36            93.335 ie8.log
07/15/2009  21:17            37.201 WgaNotify.log
07/15/2009  21:15             8.263 KB961118.log
06/14/2009  00:39                44 rdrive.ini
06/10/2009  21:29           112.136 KB969897-IE7.log
06/10/2009  21:28            27.420 KB970238.log
06/10/2009  21:28            26.743 KB968537.log
06/10/2009  21:28            26.383 KB961501.log
06/10/2009  21:28            20.389 KB969898.log
06/10/2009  21:17            20.802 KB959426.log
06/10/2009  21:17            19.790 KB960803.log
06/10/2009  21:16            20.259 KB952004.log
06/10/2009  21:16            16.661 KB956572.log
06/10/2009  21:16            15.111 KB961373.log
06/10/2009  21:16            10.203 KB923561.log
06/10/2009  20:41            13.549 KB967715.log
06/10/2009  20:41             5.676 KB938464-v2.log
06/10/2009  20:41            13.153 KB960225.log
06/09/2009  19:15             8.067 KB893803v2.log
04/06/2009  23:53               605 ODBC.INI
03/03/2009  16:40             1.409 QTFont.for
03/03/2009  01:36            32.863 setuplog.txt

 
----- System  --- 
 Verzeichnis von C:\WINDOWS\system


 
----- System 32 (Achtung: Zeitfenster beachten!) --- 
 Verzeichnis von C:\WINDOWS\system32

08/20/2009  17:22            12.598 wpa.dbl
08/20/2009  11:50           357.752 FNTCACHE.DAT
08/02/2009  23:34             4.096 crash
07/07/2009  17:10        24.539.592 MRT.exe
06/16/2009  16:36            81.920 fontsub.dll
06/16/2009  16:36           119.808 t2embed.dll
06/10/2009  21:40           434.838 perfh009.dat
06/10/2009  21:40            68.828 perfc009.dat
06/10/2009  21:40           452.038 perfh007.dat
06/10/2009  21:40            81.842 perfc007.dat
06/10/2009  21:40         1.051.804 PerfStringBackup.INI
06/10/2009  19:15            18.620 CCCInstall_200906101915151093.log
06/03/2009  21:09         1.296.896 quartz.dll
05/13/2009  07:02           915.456 wininet.dll
05/13/2009  07:02         5.936.128 mshtml.dll
05/07/2009  17:32           348.160 localspl.dll
04/30/2009  23:13         1.985.024 iertutil.dll
04/30/2009  23:13        11.064.832 ieframe.dll
04/30/2009  23:12         1.207.808 urlmon.dll
04/30/2009  23:12         1.469.440 inetcpl.cpl
04/30/2009  23:12            25.600 jsproxy.dll
04/30/2009  23:12           385.536 iedkcs32.dll
04/30/2009  13:21           173.056 ie4uinit.exe
04/29/2009  06:41           133.120 extmgr.dll
04/19/2009  21:46         1.847.296 win32k.sys
04/15/2009  16:51           585.216 rpcrt4.dll
03/21/2009  16:06         1.063.424 kernel32.dll
03/10/2009  22:18         1.482.112 LegitCheckControl.dll
03/10/2009  22:18           970.632 WgaTray.exe
03/10/2009  22:18           265.096 WgaLogon.dll
03/08/2009  14:29         1.302.528 ieframe.dll.mui
03/08/2009  14:29            57.344 msrating.dll.mui
03/08/2009  14:28             2.560 mshta.exe.mui
03/08/2009  14:27             4.096 ie4uinit.exe.mui
03/08/2009  14:27            12.288 advpack.dll.mui
03/08/2009  14:27            81.920 iedkcs32.dll.mui
03/08/2009  04:52            21.840 SIntfNT.dll
03/08/2009  04:52            17.212 SIntf32.dll
03/08/2009  04:52            12.067 SIntf16.dll
03/08/2009  04:35           385.024 html.iec
03/08/2009  04:34           208.384 WinFXDocObj.exe
03/08/2009  04:34           236.544 webcheck.dll
03/08/2009  04:34            43.008 licmgr10.dll
03/08/2009  04:34           105.984 url.dll
03/08/2009  04:34           193.536 msrating.dll
03/08/2009  04:34           109.568 occache.dll
03/08/2009  04:33            18.944 corpol.dll
03/08/2009  04:33           726.528 jscript.dll
03/08/2009  04:33           229.376 ieaksie.dll
03/08/2009  04:33           420.352 vbscript.dll
03/08/2009  04:33           125.952 ieakeng.dll
03/08/2009  04:32            72.704 admparse.dll
03/08/2009  04:32           163.840 ieakui.dll
03/08/2009  04:32            36.864 ieudinit.exe
03/08/2009  04:32            71.680 iesetup.dll
03/08/2009  04:32            55.808 iernonce.dll
03/08/2009  04:32           128.512 advpack.dll
03/08/2009  04:32            94.720 inseng.dll
03/08/2009  04:32           594.432 msfeeds.dll
03/08/2009  04:32           611.840 mstime.dll
03/08/2009  04:31           183.808 iepeers.dll
03/08/2009  04:31            13.312 msfeedssync.exe
03/08/2009  04:31            59.904 icardie.dll
03/08/2009  04:31            55.296 msfeedsbs.dll
03/08/2009  04:31           348.160 dxtmsft.dll
03/08/2009  04:31            34.816 imgutil.dll
03/08/2009  04:31           216.064 dxtrans.dll
03/08/2009  04:31            46.592 pngfilt.dll
03/08/2009  04:31            66.560 mshtmled.dll
03/08/2009  04:31            48.128 mshtmler.dll
03/08/2009  04:31         1.638.912 mshtml.tlb
03/08/2009  04:31            45.568 mshta.exe
03/08/2009  04:30            66.560 tdc.ocx
03/08/2009  04:22           164.352 ieui.dll
03/08/2009  04:22           156.160 msls31.dll
03/08/2009  04:15            57.667 ieuinit.inf
03/08/2009  04:11           445.952 ieapfltr.dll
03/06/2009  16:19           286.720 pdh.dll
03/03/2009  01:36            12.540 wpa.bak
02/25/2009  23:42           442.368 ATIDEMGX.dll
02/25/2009  23:41           325.120 ati2dvag.dll
02/25/2009  23:30        11.841.536 atioglxx.dll
02/25/2009  23:30           204.800 atipdlxx.dll
02/25/2009  23:29           155.648 Oemdspif.dll
02/25/2009  23:29            26.112 Ati2mdxx.exe
02/25/2009  23:29            43.520 ati2edxx.dll
02/25/2009  23:29           155.648 ati2evxx.dll
02/25/2009  23:27           602.112 ati2evxx.exe
02/25/2009  23:26            53.248 ATIDDC.DLL
02/25/2009  23:16         3.817.984 ati3duag.dll
02/25/2009  23:09           307.200 atiiiexx.dll
02/25/2009  22:59         2.670.080 ativvaxx.dll
02/25/2009  22:58           151.824 ativvaxx.cap
02/25/2009  22:58         3.107.788 ativva5x.dat
02/25/2009  22:58           887.724 ativva6x.dat
02/25/2009  22:44            49.664 amdpcom32.dll
02/25/2009  22:40           475.136 atikvmag.dll
02/25/2009  22:38           126.976 atiadlxx.dll
02/25/2009  22:38            17.408 atitvo32.dll
02/25/2009  22:35           290.816 atiok3x2.dll
02/25/2009  22:32            45.056 aticalrt.dll
02/25/2009  22:32            45.056 aticalcl.dll
02/25/2009  22:32           626.688 ati2cqag.dll
02/25/2009  22:30         3.227.648 aticaldd.dll
02/25/2009  15:15           593.920 ati2sgag.exe
02/12/2009  22:20             6.873 IE8Eula.rtf
10/30/1617  07:13             3.120 ALLFSAF5a.ocx		

 
----- Prefetch ------------------------- 
 Verzeichnis von C:\WINDOWS\Prefetch

08/20/2009  17:30            16.542 CMD.EXE-034B0549.pf
08/20/2009  17:29            65.042 NOTEPAD++.EXE-20E43543.pf
08/20/2009  17:29            31.034 VERCLSID.EXE-28F52AD2.pf
08/20/2009  17:29            20.928 EXPLORER.EXE-02121B1A.pf
08/20/2009  17:29           179.934 WINRAR.EXE-1A0EFB18.pf
08/20/2009  17:24            19.306 FLASHGOT.EXE-24301770.pf
08/20/2009  17:24            99.948 FIREFOX.EXE-28BE8AE1.pf
08/20/2009  17:23            29.912 LOGONUI.EXE-05FEDB13.pf
08/20/2009  17:23            19.514 AAWTRAY.EXE-11640CC2.pf
08/20/2009  17:23            28.724 WUAUCLT.EXE-1360D60A.pf
08/20/2009  17:23            21.566 ALG.EXE-275708CF.pf
08/20/2009  17:23            28.796 DEVLDR32.EXE-3266C67C.pf
08/20/2009  17:23            33.254 WMIPRVSE.EXE-0D449B4F.pf
08/20/2009  17:23            53.426 IMAPI.EXE-201490BB.pf
08/20/2009  17:23            21.710 UNSECAPP.EXE-16EB9856.pf
08/20/2009  17:23            22.500 IBSERVER.EXE-2134BE34.pf
08/20/2009  17:23         1.212.172 NTOSBOOT-B00DFAAD.pf
08/20/2009  14:29            20.562 NOTEPAD.EXE-2F2D61E1.pf
08/20/2009  14:29            61.714 HIJACKTHIS.EXE-0217D948.pf
08/20/2009  13:46            42.622 AD-AWAREADMIN.EXE-2E1F7B25.pf
08/20/2009  13:46            63.810 AAWSERVICE.EXE-03154300.pf
08/20/2009  13:30            28.780 TASKMGR.EXE-06144C13.pf
08/20/2009  13:25            30.360 SYSINT~1.SCR-1085C59C.pf
08/20/2009  13:04            18.058 RUNDLL32.EXE-6E8D4657.pf
08/20/2009  12:16            56.706 AVSCAN.EXE-068A2CAC.pf
08/20/2009  12:16            61.750 AVCENTER.EXE-377C5668.pf
08/20/2009  11:17            23.206 REGSVR32.EXE-396DEA2C.pf
08/20/2009  11:15            14.428 MBAMGUI.EXE-3688636F.pf
08/20/2009  11:15            16.584 MBAM.EXE-32061666.pf
08/20/2009  11:15            44.412 MSCONFIG.EXE-1EF1EA0F.pf
08/20/2009  11:04            64.782 AVNOTIFY.EXE-22D2A6A0.pf
08/20/2009  11:04            69.270 UPDATE.EXE-33FE454B.pf
08/20/2009  02:32            49.492 AVGUARD.EXE-0EBF8B13.pf
08/20/2009  02:00            19.240 CTFMON.EXE-05E57A5E.pf
08/20/2009  02:00            19.946 B.EXE-1FEED026.pf
08/20/2009  02:00            20.470 MSA.EXE-02AC1082.pf
08/20/2009  01:32            27.356 LAMBAM-SETUP.TMP-0B46C02C.pf
08/20/2009  01:32            20.168 LAMBAM-SETUP.EXE-132847CA.pf
08/20/2009  01:31            13.650 MBAM-SETUP.EXE-39A61CA3.pf
08/20/2009  01:28            18.826 REGEDIT.COM-0204AD01.pf
08/20/2009  01:19            59.114 WDFMGR.EXE-22A3D9C5.pf
08/20/2009  01:19            25.364 SVCHOST.EXE-2D5FBD18.pf
08/20/2009  01:19            14.700 SMAGENT.EXE-09FD679F.pf
08/20/2009  01:19            22.324 CAPM4SWK.EXE-0BF8F428.pf
08/20/2009  01:15            49.318 HH.EXE-104606B2.pf
08/20/2009  01:12            14.744 CAPM4RSK.EXE-1F94D2CB.pf
08/20/2009  01:12            15.586 CAPM4LAK.EXE-39D4C6BC.pf
08/20/2009  01:09            71.198 AAWDRIVERTOOL.EXE-16062C11.pf
08/20/2009  01:07            60.398 MSIEXEC.EXE-330626DC.pf
08/20/2009  01:07            49.240 AD-AWAREAE.EXE-0C9B0A78.pf
08/20/2009  01:07            16.200 LAVASOFTGCHELPER.EXE-03D94920.pf
08/20/2009  01:06            78.888 AD-AWAREAE.EXE-13863249.pf
08/20/2009  00:54            20.840 HJTINSTALL202.EXE-2DCBE448.pf
08/20/2009  00:53            24.434 HIJACKTHIS.EXE-3918B6A3.pf
08/20/2009  00:53            57.992 ACRORD32INFO.EXE-3AD69296.pf
08/20/2009  00:50            14.376 QTTASK.EXE-0C419446.pf
08/20/2009  00:23           113.324 IEXPLORE.EXE-360BBB5C.pf
08/19/2009  23:28            80.236 PROGDVB.EXE-1D681201.pf
08/19/2009  23:21            52.740 MSHTA.EXE-07121ECA.pf
08/19/2009  23:21            69.256 AVCARE.EXE-1F60CD5A.pf
08/19/2009  23:20            15.010 RMACWENOXS.TMP-06065F37.pf
08/19/2009  23:20            18.304 C.EXE-2F100D8C.pf
08/19/2009  23:20            31.118 OXNMRSEWAC.TMP-03850CC8.pf
08/19/2009  23:20            16.612 A.EXE-19DCBE1A.pf
08/19/2009  23:20             2.728 RASVSNET.TMP-36E5B046.pf
08/19/2009  23:20            13.704 SPOOLSV.EXE-3A613CE3.pf
08/19/2009  23:20            35.322 AVWSC.EXE-1742FD55.pf
08/19/2009  23:19            16.358 PING.EXE-30F9CA9D.pf
08/19/2009  23:19             5.220 INCOSNET.TMP-2B1B354C.pf
08/19/2009  23:19            19.934 GUARDGUI.EXE-1FA25B88.pf
08/19/2009  23:19            38.864 XWSARENCOM.TMP-37CCFB87.pf
08/19/2009  23:19             9.640 NXCAMOERSW.TMP-2C4179E0.pf
08/19/2009  23:09            31.000 ANSMXOWRCE.TMP-27004A67.pf
08/19/2009  23:09            31.790 SERR.TMP-073B206E.pf
08/19/2009  23:09            98.550 ACRORD32.EXE-0ABDA372.pf
08/19/2009  22:34            77.638 ACDSEE32.EXE-2D662CCB.pf
08/19/2009  22:34           101.534 7ZG.EXE-1175D9D1.pf
08/19/2009  22:34            40.246 7ZFM.EXE-1F4FC77C.pf
08/19/2009  20:17           111.356 HELPSVC.EXE-1C192440.pf
08/19/2009  20:16            57.614 DFRGNTFS.EXE-38C3807C.pf
08/19/2009  20:16            17.188 DEFRAG.EXE-2858C7E2.pf
08/19/2009  20:16           446.184 Layout.ini
08/19/2009  19:17            22.414 RUNDLL32.EXE-3C500167.pf
08/18/2009  23:50            18.096 SNDVOL32.EXE-0EC6FD20.pf
08/18/2009  22:56            12.986 RUNDLL32.EXE-4FF9832D.pf
08/18/2009  22:55            31.094 EAGLE.EXE-26660B75.pf
08/18/2009  17:06            22.976 REMINDME.EXE-24FF2143.pf
08/18/2009  17:06            80.312 THUNDERBIRD.EXE-05833C98.pf
08/18/2009  13:45            15.532 MCCS.EXE-20B31B1E.pf
08/18/2009  00:53            86.692 EXCEL.EXE-37225E3A.pf
08/18/2009  00:37            15.108 CALC.EXE-02A5B4B1.pf
08/17/2009  23:51            65.070 WMPLAYER.EXE-017735B2.pf
08/17/2009  21:41            86.902 WMPLAYER.EXE-017735B3.pf
08/17/2009  20:11            17.836 SCAD3.EXE-376C22AD.pf
08/17/2009  20:06            68.196 FLVPLAYER.EXE-0999C13C.pf
08/17/2009  11:36            95.642 I_VIEW32.EXE-3680CA15.pf
08/16/2009  20:36            16.394 ASUSPROB.EXE-00420C19.pf
08/16/2009  20:32            35.698 NTVDM.EXE-0A81AB7B.pf
08/15/2009  22:51            58.376 WAR3.EXE-1839AED7.pf
08/15/2009  22:51            26.790 FROZEN THRONE.EXE-1A98598B.pf
08/15/2009  22:50            50.646 WC3BANLIST.EXE-1D56D029.pf
08/14/2009  22:27            43.336 SETUP_WM.EXE-21CBB822.pf
08/14/2009  19:26            85.584 UTORRENT.EXE-00B6F9FC.pf
08/13/2009  00:04            19.916 MSPAINT.EXE-146E0237.pf
08/12/2009  19:35           132.990 VLC.EXE-0B96AEC3.pf
08/12/2009  19:23            63.204 WMPLAYER.EXE-017735B4.pf
08/12/2009  00:52            31.526 WISH84.EXE-37B3B1EA.pf
08/12/2009  00:18            17.904 AVRBURNER.EXE-11E40BCC.pf
08/11/2009  23:48            16.250 AVRDUDE-GUI.EXE-1ACC90D5.pf
08/11/2009  23:47            13.850 AVRDUDE.EXE-36055496.pf
08/11/2009  23:47            68.886 SINAPROG.EXE-3A6DC24E.pf
08/11/2009  23:47            18.330 AVRBURNER.EXE-02D44B03.pf
08/11/2009  23:24            66.260 EXPORTCONTROLLER.EXE-29DA913E.pf
08/11/2009  23:24            91.998 QUICKTIMEPLAYER.EXE-370268C9.pf
08/11/2009  22:59            21.642 WIAACMGR.EXE-335C1EE8.pf
08/11/2009  18:50            65.074 MPLAYERC.EXE-116F880F.pf
08/11/2009  18:50            20.894 MPLAYER2.EXE-2F0692F3.pf
08/11/2009  18:50            22.632 ZPLAYER.EXE-2230A905.pf
08/10/2009  22:46            42.828 CCC.EXE-2F3357A9.pf
08/10/2009  21:19            76.476 BNUPDATE.EXE-3A52293C.pf
08/10/2009  07:39            29.048 RUNDLL32.EXE-4EE39BB6.pf
08/08/2009  01:14            13.956 RICHVIDEO.EXE-22863F01.pf
08/08/2009  01:14            48.182 POWERDVD.EXE-28BB77AA.pf
08/08/2009  01:14             9.350 OLRSTATECHECK.EXE-2ACB7E03.pf
08/07/2009  22:45            10.082 SNETCAT.EXE-0A8C4AF8.pf
08/07/2009  22:34            17.896 RUNDLL32.EXE-3E20222E.pf
08/06/2009  22:26            31.650 DIVXSM.EXE-052AE590.pf
07/16/2009  11:46            34.524 AVWSC.EXE-124724D5.pf
07/15/2009  21:40            51.674 UPDATE.EXE-16715754.pf
07/15/2009  21:40            15.142 PREUPD.EXE-0B43CCF7.pf
             130 Datei(en)      6.864.530 Bytes
               0 Verzeichnis(se),  2.109.587.456 Bytes frei

----- Tasks ---------------------------- 
 Verzeichnis von C:\WINDOWS\tasks

08/20/2009  17:21                 6 SA.DAT
08/20/2009  01:09               458 Ad-Aware Update (Weekly).job

----- Windows/Temp ----------------------- 
 Verzeichnis von C:\WINDOWS\Temp

08/20/2009  17:24               483 WGAErrLog.txt
08/20/2009  17:22            18.270 dbg_RA_proc.txt
08/20/2009  17:22            18.900 dbg_RA_printer.txt
06/09/2009  19:15            14.178 dd_netfx20UI4C5A.txt
01/25/2009  20:06            29.684 PQ_DEBUG.TXT
01/25/2009  19:11             1.607 PQ_BATCH.PQB
01/25/2009  16:55             9.575 PQ_DEBUG.001
01/16/2009  17:37               383 HPZIDS000.log
01/16/2009  17:37             1.232 hppldcoi.log
01/16/2009  17:37               607 update000.log
09/16/2008  19:33            20.425 PQ_DEBUG.002
09/16/2008  19:32             1.500 PQ_BATCH.002
         

Alt 21.08.2009, 01:16   #5
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Unglücklich

AVCare, Win32Trojan.TDss und mehr ?



2.filelist 2.Teil
Code:
ATTFilter
----- Temp ----------------------------- 
 Verzeichnis von C:\DOKUME~1\Jens\LOKALE~1\Temp

08/20/2009  17:22            16.384 ~DFC1AE.tmp
08/20/2009  12:32            16.384 ~DF20F8.tmp
08/20/2009  11:53                 0 mmc20D13DAE.xml
08/20/2009  02:31            16.384 ~DF9E9B.tmp
08/20/2009  02:22            19.012 a.dat
08/20/2009  02:22            16.384 ~DFA757.tmp
08/20/2009  02:15            16.384 ~DFD530.tmp
08/20/2009  01:43            16.384 ~DFD6B6.tmp
08/20/2009  01:18            16.384 ~DF94E3.tmp
08/20/2009  01:15            28.644 Cab4.tmp
08/20/2009  01:15                 0 Tar5.tmp
08/20/2009  01:11            16.384 ~DFC837.tmp
08/20/2009  00:48            16.384 ~DF8BC8.tmp
08/20/2009  00:23                 0 ~DFDA35.tmp
08/20/2009  00:23                 0 ~DFC7A9.tmp
08/20/2009  00:02                 0 etilqs_fgKVBIWHlzQ1CKkIyWIi
08/19/2009  23:51            16.384 ~DFE3C4.tmp
08/19/2009  23:37                 0 ~DF4B11.tmp
08/19/2009  23:37                 0 ~DF2A1F.tmp
08/19/2009  23:27            16.384 ~DFAAEA.tmp
08/19/2009  23:24                 0 ~DF65CA.tmp
08/19/2009  23:24                 0 ~DF539F.tmp
08/19/2009  23:19            32.768 ~DFB9C7.tmp
08/19/2009  23:19           196.608 xwsarencom.tmp
08/19/2009  23:15        16.624.654 flaCA.tmp
08/19/2009  23:15        20.074.518 flaC9.tmp
08/19/2009  23:15        19.957.695 flaC8.tmp
08/19/2009  23:08             7.488 java_install_reg.log
08/18/2009  17:06            16.384 ~DF2524.tmp
08/18/2009  17:05            16.384 ~DF8AC2.tmp
08/18/2009  12:52            16.384 ~DF9C14.tmp
08/16/2009  20:35            16.384 ~DF3CE3.tmp
08/16/2009  20:32           215.449 wavetool.zip
08/16/2009  20:22             1.052 nscopy.tmp
08/16/2009  20:22               801 nsmail.eml
08/15/2009  22:00                 0 2lx_TR24.pdf.part
08/14/2009  22:27            12.818 control.xml
08/12/2009  18:56                 0 jblD1.tmp
08/11/2009  23:47               169 SinaProg_8.6.1_Jens_cur.txt
08/10/2009  22:45            16.384 ~DF4140.tmp
08/10/2009  20:55                 0 etilqs_eU1hGyGITvaftUGQUO2Z
08/05/2009  19:41         2.439.487 card_installation_guide.pdf
08/05/2009  19:16            31.509 Elektroniklabor_Grundausrstung_3_tmp.xlsx
08/05/2009  19:16            28.014 Elektroniklabor_Grundausrstung_3.ods
08/03/2009  19:59               893 TWAIN.LOG
08/03/2009  19:59                 2 Twain001.Mtx
08/03/2009  19:59               156 Twunk001.MTX
08/03/2009  18:50            16.384 ~DFB476.tmp
08/02/2009  23:36            16.384 ~DFF817.tmp
08/02/2009  18:37            16.384 ~DF6C6A.tmp
08/02/2009  18:34            16.384 Perflib_Perfdata_f2c.dat
08/02/2009  18:19            16.384 ~DF5ADF.tmp
08/02/2009  18:17            16.384 Perflib_Perfdata_c34.dat
08/02/2009  17:25           381.005 fla4D9.tmp
08/02/2009  17:25           392.923 fla4D8.tmp
08/02/2009  17:21         1.048.735 fla4AF.tmp
08/02/2009  13:52         1.509.741 JDAC.zip
07/28/2009  17:52            15.660 +~JF47275.tmp
07/28/2009  17:52            20.416 +~JF47276.tmp
07/28/2009  17:52            20.432 +~JF47274.tmp
07/28/2009  17:52            17.424 +~JF47273.tmp
07/28/2009  17:52            17.488 +~JF47267.tmp
07/28/2009  17:52            22.576 +~JF47262.tmp
07/28/2009  17:52            21.472 +~JF47263.tmp
07/28/2009  17:52            29.888 +~JF47261.tmp
07/28/2009  17:52            29.524 +~JF47260.tmp
07/28/2009  17:52            29.296 +~JF47258.tmp
07/28/2009  17:52            26.904 +~JF47259.tmp
07/28/2009  17:52            37.320 +~JF47255.tmp
07/28/2009  17:47           210.432 Schwingungen_Schwebungen.ppt
07/27/2009  23:34         1.116.630 ECv62aSj.zip.part
07/26/2009  18:44            16.384 ~DFBE32.tmp
07/25/2009  17:33           517.338 haax+0qu.rar.part
07/25/2009  17:22            16.384 ~DFE5E4.tmp
07/24/2009  12:31            16.384 ~DFCAA3.tmp
07/23/2009  23:29               860 options.vnc
07/23/2009  22:39                 0 GJ3+LqG7.htm.part
07/22/2009  23:49                 0 Twunk002.MTX
07/22/2009  18:58            16.384 ~DFA849.tmp
07/21/2009  18:48            16.384 ~DF1873.tmp
07/18/2009  08:11            16.384 ~DFA838.tmp
07/17/2009  21:48         2.439.673 L”sungen Klausur Monien-1.pdf
07/16/2009  19:41         2.439.673 L”sungen Klausur Monien.pdf
07/16/2009  11:59        16.411.176 Compatibility Pack for the 2007 Office system (1).log
07/16/2009  11:50            16.384 ~DF5FB7.tmp
07/16/2009  11:47            11.374 dd_vcredistUI3FE3.txt
07/16/2009  11:47           480.504 dd_vcredistMSI3FE3.txt
07/16/2009  11:39            16.384 ~DFD390.tmp
07/15/2009  22:43            14.782 Elektroniklabor_Grundausrstung_2_tmp2.xlsx
07/15/2009  22:43                 0 c7jF29D+.ods.part
07/15/2009  22:23            14.782 Elektroniklabor_Grundausrstung_2_tmp1.xlsx
07/15/2009  22:21            11.659 Elektroniklabor_Grundausrstung_tmp.xlsx
07/15/2009  22:19        15.905.630 Compatibility Pack for the 2007 Office system (0).log
07/15/2009  21:38            76.370 Microsoft .NET Framework 3.5-KB963707_20090715_193846765.html
07/15/2009  21:38           424.072 Microsoft .NET Framework 3.5-KB963707_20090715_193846765-Msi0.txt
07/15/2009  21:17               383 HPZIDS000.log
07/15/2009  21:17             1.232 hppldcoi.log
07/15/2009  21:17               565 update000.log
07/15/2009  21:15               466 MSI39aa1.LOG
07/15/2009  20:56            14.782 Elektroniklabor_Grundausrstung_2_tmp.xlsx
07/15/2009  20:54               123 CFG5C3.tmp
07/15/2009  19:43            29.266 tmp7A3.tmp
07/15/2009  19:43            29.266 tmp7A2.tmp
07/15/2009  19:43            29.266 tmp79E.tmp
07/13/2009  23:53                 0 FZ9YgIjj.wmv.part
07/13/2009  22:08                 0 9mNOrdfg.wmv.part
07/13/2009  22:08                 0 fyYxFWAX.wmv.part
07/13/2009  21:38                 0 q0v55B.tmp
07/13/2009  21:33                 0 neGvPQvb.wmv.part
07/13/2009  20:40                 0 U9iIfqSu.wmv.part
07/12/2009  13:14                 0 utt430.tmp
07/12/2009  13:14                68 utt430.tmp.bat
07/12/2009  13:14                 0 utt42F.tmp
07/09/2009  00:45                 0 HXT3pQf4.pdf.part
07/05/2009  22:36                 0 _iUfJr9C.txt.part
07/05/2009  22:35                 0 CET_X8Cm.txt.part
07/05/2009  22:35                 0 0XO9PrYM.txt.part
07/05/2009  21:54                 0 6qOEWhjn.zip.part
07/05/2009  21:47                 0 hgCWnh52.wmv.part
07/05/2009  20:48                 0 tx669f06.bmp
07/04/2009  21:02            16.384 ~DFB109.tmp
07/04/2009  02:25                 0 jbl4B8.tmp
07/04/2009  01:26                 0 zkw42D.tmp
07/04/2009  01:26                 0 gok42C.tmp
07/04/2009  01:22                 0 bf541B.tmp
07/04/2009  01:05                 0 o5l3E6.tmp
07/04/2009  00:48                 0 h4l3AB.tmp
07/04/2009  00:36                 0 1v5387.tmp
07/04/2009  00:20                 0 zvc343.tmp
07/04/2009  00:12                 0 86z32F.tmp
07/04/2009  00:11                 0 oj432D.tmp
07/04/2009  00:10                 0 hwb32A.tmp
07/04/2009  00:05                 0 4ou315.tmp
07/03/2009  23:53                 0 26y2F8.tmp
07/03/2009  23:52                 0 eyq2EF.tmp
07/03/2009  23:48                 0 aph2E3.tmp
07/03/2009  23:21                 0 esv2A6.tmp
07/03/2009  23:17                 0 6fc29D.tmp
07/03/2009  23:17                 0 21429C.tmp
07/03/2009  23:12                 0 aee28C.tmp
07/03/2009  23:09                 0 fdf27E.tmp
07/03/2009  23:03                 0 25l275.tmp
07/03/2009  23:01                 0 k5m271.tmp
07/03/2009  23:01                 0 ynk270.tmp
07/03/2009  22:49                 0 rzk25C.tmp
07/03/2009  22:42                 0 nzh252.tmp
07/03/2009  22:38                 0 0n424A.tmp
07/03/2009  21:39                 0 rp51E5.tmp
07/03/2009  21:16                 0 l3p1C8.tmp
07/03/2009  21:10                 0 xth1BC.tmp
07/03/2009  20:59                 0 6m91AC.tmp
07/03/2009  20:55                 0 h0s1A6.tmp
07/03/2009  20:55                 0 7ph1A3.tmp
07/03/2009  20:52                 0 6bw1A1.tmp
07/03/2009  20:52                 0 j9f1A0.tmp
07/03/2009  20:50                 0 kk519B.tmp
07/03/2009  20:40                 0 h0i18E.tmp
07/03/2009  20:40                 0 lki18D.tmp
07/03/2009  20:07                 0 im4167.tmp
07/03/2009  20:01                 0 3db15E.tmp
07/03/2009  19:55                 0 3d4154.tmp
07/03/2009  19:53                 0 6vp14F.tmp
07/03/2009  19:50                 0 14w148.tmp
07/03/2009  19:45                 0 5x7134.tmp
07/03/2009  19:44                 0 yxw133.tmp
07/03/2009  19:44                 0 0g9131.tmp
07/03/2009  19:42                 0 j1o12C.tmp
07/03/2009  19:37                 0 shn120.tmp
07/01/2009  17:53            16.384 ~DF6261.tmp
06/27/2009  16:39                 0 5+Wu9YeX.pdf.part
06/27/2009  16:36           813.835 USBASP-1.zip
06/27/2009  16:34           266.754 usbasp.2009-02-28.tar.gz
06/27/2009  16:23           813.835 USBASP.zip
06/26/2009  23:38           325.830 usbisp_v2.1_schematic.pdf
06/26/2009  23:35           359.000 AVRIsp.zip
06/26/2009  23:31           301.779 AVRUSB-ISP (DIL).zip
06/26/2009  20:05           144.406 mw0Wzt9O.rar.part
06/26/2009  18:07           898.351 Astaro_V7_Quick_Start_Guide.pdf
06/26/2009  00:08                 0 kaCZLRdV.flv.part
06/25/2009  17:27            16.384 ~DF4613.tmp
06/22/2009  23:33             6.541 melody.zip
06/22/2009  20:16           113.664 Elektroniklabor_Bestellung_10.xls
06/22/2009  20:15           109.568 Elektroniklabor_Bestellung_11.xls
06/22/2009  20:13           103.936 Elektroniklabor_Bestellung_12_Conrad.xls
06/22/2009  16:25           375.479 USBasp_CH.zip
06/21/2009  06:54                70 3EE68A68.TMP
06/19/2009  20:41                 0 js1A57.tmp
06/19/2009  20:41                 0 in0A56.tmp
06/18/2009  18:19               435 TarTest.txt
06/15/2009  18:36                 0 4a4763.tmp
06/13/2009  20:16            16.384 ~DF86B0.tmp
06/13/2009  16:48            16.384 ~DF3F7.tmp
06/11/2009  20:54            16.384 ~DF5F8B.tmp
06/11/2009  13:57            13.504 dd_msdnexpUI74BB.txt
06/11/2009  13:57           429.116 dd_msdnexpMSI74BB.txt
06/11/2009  13:33            16.384 ~DFD18E.tmp
06/10/2009  21:35            16.384 ~DFB318.tmp
06/10/2009  21:27           182.848 dd_dotnetfx35install_lp.txt
06/10/2009  21:27           177.688 uxeventlog.txt
06/10/2009  21:27           695.795 dd_depcheck_NETFX_EXP_35.txt
06/10/2009  21:27            17.042 dd_XPS_LP.txt
06/10/2009  21:27           471.272 dd_NET_Framework35_LangPack_MSI7F2B.txt
06/10/2009  21:27           952.808 dd_NET_Framework_30LP_Agile_Setup7F0E.txt
06/10/2009  21:26         1.765.380 dd_NET_Framework_20LP_Agile_Setup7ECC.txt
06/10/2009  21:26                 2 dd_dotnetfx35error_lp.txt
06/10/2009  21:26            94.288 Microsoft .NET Framework 3.5-KB958484_20090610_192614406.html
06/10/2009  21:26           749.232 Microsoft .NET Framework 3.5-KB958484_20090610_192614406-Msi0.txt
06/10/2009  21:26           113.452 Microsoft .NET Framework 3.0-KB958483_20090610_192546781.html
06/10/2009  21:26         2.118.502 Microsoft .NET Framework 3.0-KB958483_20090610_192546781-Msi0.txt
06/10/2009  21:26             4.242 dd_wcf_retCA4254.txt
06/10/2009  21:25           506.154 Microsoft .NET Framework 2.0-KB958481_20090610_192324984.html
06/10/2009  21:25         9.407.584 Microsoft .NET Framework 2.0-KB958481_20090610_192324984-Msi0.txt
06/10/2009  21:25             5.158 ASPNETSetup_00001.log
06/10/2009  21:23           661.584 dd_dotnetfx35install.txt
06/10/2009  21:23         1.443.552 dd_NET_Framework35_MSI7BDD.txt
06/10/2009  21:22         3.225.840 dd_NET_Framework30_Setup7B37.txt
06/10/2009  21:22             4.377 dd_wcf_retCA725B.txt
06/10/2009  21:21            21.735 dd_XPS.txt
06/10/2009  21:21               383 HPZIDS004.log
06/10/2009  21:21               620 update003.log
06/10/2009  21:21        25.138.694 dd_NET_Framework20_Setup7841.txt
06/10/2009  21:19             5.158 ASPNETSetup_00000.log
06/10/2009  21:18           133.906 dd_RGB9RAST_x86.msi7837.txt
06/10/2009  21:18            15.915 dd_clwireg.txt
06/10/2009  20:03            16.384 ~DFECFD.tmp
06/10/2009  19:54            16.384 ~DF19A1.tmp
06/10/2009  19:39            16.384 ~DF9B42.tmp
06/10/2009  19:28            16.384 ~DFC37C.tmp
06/10/2009  19:00            16.384 ~DFAE91.tmp
06/09/2009  23:27            16.384 ~DFBA9E.tmp
06/09/2009  23:21            28.704 etilqs_HfdnEryT3Ed1tYYa5IVr
06/09/2009  23:17            16.384 ~DF450A.tmp
06/09/2009  23:05            12.304 etilqs_WDzEtZ3a11NwhBxWcEF7
06/09/2009  22:54            16.384 ~DFB9AA.tmp
06/09/2009  21:14            16.384 ~DFAE5.tmp
06/09/2009  21:08            16.384 ~DF5718.tmp
06/09/2009  20:55            16.384 ~DFA51E.tmp
06/09/2009  20:52             6.170 dd_dotnetfx35error.txt
06/09/2009  20:52                 0 bch59.tmp
06/09/2009  20:52                 0 bch56.tmp
06/09/2009  20:51                 0 bch53.tmp
06/09/2009  20:51                 0 bch50.tmp
06/09/2009  20:51                 0 bch4D.tmp
06/09/2009  20:51                 0 bch4A.tmp
06/09/2009  20:50                 0 bch47.tmp
06/09/2009  20:50                 0 bch44.tmp
06/09/2009  20:50                 0 bch42.tmp
06/09/2009  20:50                 0 bch3F.tmp
06/09/2009  20:50                 0 bch3C.tmp
06/09/2009  20:38                 0 bchE.tmp
06/09/2009  20:38                 0 bchB.tmp
06/09/2009  20:38                 0 bch8.tmp
06/09/2009  20:37                 0 bch5.tmp
06/09/2009  20:27            16.384 ~DF14A4.tmp
06/09/2009  20:25               174 MSIdbaf4.LOG
06/09/2009  20:12            16.384 ~DFD6DE.tmp
06/09/2009  20:08            16.384 ~DFC86C.tmp
06/09/2009  20:04               438 MSIba255.LOG
06/09/2009  20:04                 0 is56.tmp
06/09/2009  19:59               174 MSI781a1.LOG
06/09/2009  19:53            16.384 ~DF411.tmp
06/09/2009  19:50               174 MSIab219.LOG
06/09/2009  19:40            16.384 ~DF790F.tmp
06/09/2009  19:35            16.384 ~DF5525.tmp
06/09/2009  19:20                 0 isF3.tmp
06/09/2009  19:12            16.384 ~DFE206.tmp
06/09/2009  18:45            16.384 ~DFE0CB.tmp
05/26/2009  00:37            16.384 ~DFDCAF.tmp
04/19/2009  14:48           196.781 270xA_datasheet.pdf
04/05/2009  18:31         1.637.636 ZEOSDBO-6.6.4-stable.zip
04/05/2009  17:49           716.800 Compact_Express_Comparison.doc
04/05/2009  17:41           100.352 sqlservercompactdatasheet_final.doc
04/05/2009  17:36            79.360 SSCEOverview.doc
03/22/2009  00:49            20.500 etilqs_rDKgRRNxgEECId8jpQdy
03/10/2009  01:46           295.410 doc6296.pdf
03/10/2009  01:07         7.992.685 datasheet-1.pdf
03/09/2009  22:40           168.497 054-07461-0-AT91R40008.pdf
03/09/2009  22:15           123.191 STM32_EVAL_rev00.pdf
03/09/2009  20:42           437.675 75016140.pdf
02/02/2009  17:33            12.304 etilqs_Xo8nblBcbInaI76HQcIr
         
3. installierte Programme
Code:
ATTFilter
"WPF/E" (codename) Community Technology Preview (Dec 2006)
7-Zip 4.59 beta
Abe's Oddysee
ACDSee 32
ACDSee 9 Photo Manager
Active Ports
Ad-Aware
Ad-Aware SE Personal
Adobe Audition 1.5
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Japanese Fonts
Advanced LAN Pump version 3.1
AGEIA PhysX v7.09.13
aGSM v2.35c, altSoft
Alcohol 120%
Aliens vs. Predator 2
Alt-Tab Task Switcher Powertoy for Windows XP
Antman 2
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.21.07
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATITool Overclocking Utility
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AXIS NetPilot
AXIS Print Monitor for Canon CAPT Printers
Battlefield 1942
BitTorrent 4.0.2
Bonjour
Bontago
Borland C++Builder 6
Borland Delphi 7
Bricx Command Center
Bullzip PDF Printer 5.0.0.609
Cain & Abel v2.69
Calculator Powertoy for Windows XP
Canon iR1510-1670
CCleaner (remove only)
CD Audio Reader Filter (remove only)
CloneCD
CmdHere Powertoy For Windows XP
Code::Blocks
Compatibility Pack for the 2007 Office system
Creative Treiber für Massenspeicher
DC++ 0.698
Derive 5
Digital Video
Direct Connect 1.0 Preview Build 9
DirectVobSub (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
Driver Sweeper 1.5.5
DS-MP3 Source 1.30
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.1.8.0
EAGLE 4.16r1
Ethereal 0.99.0
Ettercap NG 0.7.3
Express Rip
ffdshow [rev 988] [2007-03-04]
Firebird/InterBase(r) ODBC driver 2.0
FlashFXP
FlatOut2
FLV Player 1.3.3
Free Download Manager 2.1
Free Fire Screensaver
FreeBASIC 0.15b
G3 Torrent
GetASFStream
GetRight
GPL Ghostscript 8.54
GPL Ghostscript Fonts
GSview 4.8
GUI for dvdauthor 1.04
Haali Media Splitter
Half-Life(R) 2
HijackThis 2.0.2
HP Photosmart All-In-One Software 9.0
Huffyuv AVI lossless video codec (Remove Only)
Hurrican 1.0.0.4
HydraVision
Icy Tower v1.2 (11kHz)
IL-2 Sturmovik
IL-2 Sturmovik 1946
innovatek Leistungsrechner 2007
InterBase 6.5
InterVideo WinDVD 4
IrfanView (remove only)
iTunes
J2SE Development Kit 5.0 Update 1
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
JAlbum
Java 3D 1.5.1
Klingon Academy
LANLEECH R3
LANWalk Scanner 3.x
Lazarus 0.9.26.2
LC5
Logitech Gaming Software
Look@LAN 2.50 Build 29
LTspice IV
LTspice/SwCADIII
Macromedia Extension Manager
Macromedia Flash MX
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manufactoid (remove only)
Maple 11
Maya Fluid Effects Screensaver
Metal Slug Series with Enabled MAME 0.78
Metasploit Framework 3.0
Mic1 Emulator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft AppLocale
Microsoft Office Small Business Edition 2003
Microsoft Platform SDK (R2) (3790.2075)
Microsoft Rechner-Plus
Microsoft Rise Of Nations
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server Management Studio Express
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft XML Parser and SDK
MIDI File Converter
MilkShape 3D 1.8.0
MinGW 5.0.3
mIRC
mirkes.de Tiny Hexer
MIT MathML Fonts 1.0
Mozilla (1.6)
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.22)
mpowerplayer
MSN Gaming Zone
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MSXML4 Parser
Natural Selection 3.1
Nero OEM
NetBeans IDE 4.0
Network Chemistry Packetyzer 5.0.0
Nimo Codecs Pack v5.0 (Remove Only)
ODF Add-In für Microsoft Office
OpenSource Flash Video Splitter (remove only)
Origin 6.0G
PHP-GTK 2 (remove only)
PicaLoader 1.50.1201
PowerDVD
Prevx 3.0
Prism Video Converter
ProgDVB
PSpice Student 9.1
Python 2.4 pygame-1.7.1release
Python 2.4.3
Qtracker
Quake III Arena
QuickTime
RealMedia (remove only)
RealPlayer
Riva FLV Player
RivaTuner v2.24
Robotics Invention System 2.0
Serious Samurize
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SHOUTcast Source (remove only)
SketchUp 5
SketchUp 5 Mechanical Design Library
SketchUp 5 Symbols Library
SmartFTP Client
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SoundMAX
SpeechRedist
sPlan 6.0
SQL Server Command Line Query Tool
Star Trek Armada II
Star Wars JK II Jedi Outcast
Steam(TM)
Stereoscopic Player
Street Hacker Update 1.1.3
Switch
TARGET 3001! V12 discover
THE HOUSE OF THE DEAD 3
TmNationsForever
TortoiseSVN 1.6.0.15855 (32 bit)
TrackMania Nations ESWC 0.1.7.5
Tweak UI
Ultra RM Converter 2.3.4
UltraVNC v1.0.2
Unreal Tournament 2004
Uplink
ViewSonic Windows XP Signed Files
VisiBroker for Cpp 4.5
VLS
VNC 4.0
WavePad Uninstall
WC3Banlist
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live installer
Windows Live Messenger
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WinTV NOVA
XVID Codec Installation
Zoom Player (remove only)
         
4. Hoffentlich irgendwann mal erfolgreich (siehe auch die beiden vorherigen Postings)


Alt 21.08.2009, 07:49   #6
kira
/// Helfer-Team
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



hi

1.
deinstalliere Gmer
2.
Lade es erneut herunter, aber:
Achtung!:
wenn Gmer nicht ausgeführt werden kann (ein Rootkit kann es verhindern):
- ** also bevor Du "gmer.exe" auf dem Desktop anlegst:
- ** versuche gmer.exe umbenennen und dann ausführen
- Wähle eine beliebige Dateiname, die Endung soll *.com sein!
ca 30 Min. (max 60 Min.) Laufabschnitt sollte reichen!

- wenn es wieder probleme gibt, fahre einfach mit Punkt 5. (Rootrepeal) fort

Alt 21.08.2009, 11:41   #7
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Hi,
von GMER habe ich mit zufällig generiertem Namen heruntergeladen und starten lässt es sich ja.
Ich habe es diesmal angehalten bevor er sich wieder aufhing, vollständig ist die Liste also vermutlich nicht, auch wenn ich mir sicher bin dass in den darauffolgenden 40min keine weiteren Einträge in der folgenden Auflistung gemacht werden.

Erstmal das was er ganz am Anfang meldet:
Code:
ATTFilter
GMER 1.0.15.15077 [2d1ohsw7.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-21 09:18:50
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code            8A3AECD0                                                         ZwEnumerateKey
Code            8A1A12E8                                                         ZwFlushInstructionCache
Code            8A5B10AE                                                         IofCallDriver
Code            8A4F7D6E                                                         IofCompleteRequest
Code            8A51E68D                                                         ZwSaveKey
Code            8A5A900D                                                         ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                           8A80B1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                        Lbd.sys (Boot Driver/Lavasoft AB)

---- Modules - GMER 1.0.15 ----

Module          _________                                                        F7A37000-F7A4F000 (98304 bytes)

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\drivers\UACootjxyfoaw.sys (*** hidden *** )  [SYSTEM] UACd.sys                   <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
         

Alt 21.08.2009, 11:44   #8
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Beitrag

AVCare, Win32Trojan.TDss und mehr ?



Hier besagter Teil des komplett Scans
Code:
ATTFilter
GMER 1.0.15.15077 [2d1ohsw7.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 11:34:37
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x62        ?                                                                                                                    8A79EBF8
INT 0x63        ?                                                                                                                    8A430F00
INT 0x73        ?                                                                                                                    8A430F00
INT 0x73        ?                                                                                                                    8A430F00
INT 0x82        ?                                                                                                                    8A79EBF8
INT 0x83        ?                                                                                                                    8A79EBF8
INT 0x83        ?                                                                                                                    8A79EBF8
INT 0x83        ?                                                                                                                    8A430F00
INT 0x83        ?                                                                                                                    8A79EBF8
INT 0xB4        ?                                                                                                                    8A430F00

Code            8A30E1B0                                                                                                             ZwEnumerateKey
Code            8A2E6218                                                                                                             ZwFlushInstructionCache
Code            8A5DEAD6                                                                                                             IofCallDriver
Code            8A3E0256                                                                                                             IofCompleteRequest
Code            8A2E627D                                                                                                             ZwSaveKey
Code            8A31A255                                                                                                             ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!IofCallDriver                                                                                           804E13A7 5 Bytes  JMP 8A5DEADB 
.text           ntoskrnl.exe!IofCompleteRequest                                                                                      804E17BD 5 Bytes  JMP 8A3E025B 
.text           ntoskrnl.exe!ZwSaveKey                                                                                               804E42AE 1 Byte  [E9]
.text           ntoskrnl.exe!ZwSaveKey                                                                                               804E42AE 5 Bytes  JMP 8A2E6282 
.text           ntoskrnl.exe!ZwSaveKeyEx                                                                                             804E42C2 5 Bytes  JMP 8A31A25A 
PAGE            ntoskrnl.exe!ZwEnumerateKey                                                                                          80578E14 5 Bytes  JMP 8A30E1B4 
PAGE            ntoskrnl.exe!ZwFlushInstructionCache                                                                                 80587BFB 5 Bytes  JMP 8A2E621C 
?               spfx.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                B8FBA8AC 5 Bytes  JMP 8A4304E0 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                   8A80F2D8
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                 [F7508C4C] spfx.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [F7508CA0] spfx.sys
IAT             \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                 8A4305E0
IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F74E8048] spfx.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               8A80B1F8
Device          \Driver\sptd \Device\3220481158                                                                                      spfx.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     8A2C2500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            8A80D1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              8A80D1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                 8A80D1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                8A80D1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     8A2C2500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     8A2C2500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     8A2C2500
Device          \Driver\usbehci \Device\USBPDO-4                                                                                     8A319500

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\prodrv06 \Device\ProDrv06                                                                                    E1C8E248
Device          \Driver\NetBT \Device\NetBT_Tcpip_{31392642-2787-4AA7-A08C-85E146C00CA4}                                             8A38F500
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               8A79F1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{C1C71F34-1886-40B2-BDD7-41047B3AE2DF}                                             8A38F500
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               8A79F1F8
Device          \FileSystem\Rdbss \Device\FsWrap                                                                                     8A401840
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                               8A79F1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24                                                                         8A6343E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   8A6343E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5                                                                          8A6343E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   8A6343E8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                   8A6343E8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                   8A6343E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c                                                                         8A6343E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10                                                                         8A6343E8
Device          \Driver\PCI_PNP9908 \Device\00000066                                                                                 spfx.sys
Device          \Driver\PCI_PNP9908 \Device\00000066                                                                                 spfx.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                               8A79F1F8
Device          \Driver\prohlp02 \Device\ProHlp02                                                                                    E182A5F0
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8A38F500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     8A38F500
Device          \FileSystem\Srv \Device\LanmanServer                                                                                 8A41B698
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     8A2C2500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     8A2C2500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8A3D0368
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8A549030
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     8A2C2500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8A3D0368
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8A549030
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     8A2C2500
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                   8A475E70
Device          \Driver\usbehci \Device\USBFDO-4                                                                                     8A319500
Device          \Driver\Ftdisk \Device\FtControl                                                                                     8A79F1F8
Device          \FileSystem\Msfs \Device\Mailslot                                                                                    8A3153B0
Device          \Driver\abezo9r8 \Device\Scsi\abezo9r81Port4Path0Target1Lun0                                                         8A45A008
Device          \Driver\abezo9r8 \Device\Scsi\abezo9r81                                                                              8A45A008
Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0                                                         89854AB0
Device          \Driver\abezo9r8 \Device\Scsi\abezo9r81Port4Path0Target0Lun0                                                         8A45A008
Device          \Driver\a347scsi \Device\Scsi\a347scsi1                                                                              89854AB0
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                                   8A344170
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                                    8A344170
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                        8A344170
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                     8A344170
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                                    8A344170
Device          \FileSystem\Cdfs \Cdfs                                                                                               8A3773C8
Device          \FileSystem\Cdfs \Cdfs                                                                                               8A2F01E8

---- Modules - GMER 1.0.15 ----

Module          _________                                                                                                            F7A37000-F7A4F000 (98304 bytes)
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [228]       0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [264]       0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [396]       0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [908]       0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [960]       0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1068]      0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1108]      0x10000000                                                    
Library         \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1488]      0x10000000                                                    

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\drivers\UACootjxyfoaw.sys (*** hidden *** )                                                      [SYSTEM] UACd.sys                                              <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xE2 0xAA 0x42 0xC2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x14 0x16 0xAF 0x33 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x33 0xFD 0x83 0xB9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x22 0x66 0xD1 0x49 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type                                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath                                                            \systemroot\system32\drivers\UACootjxyfoaw.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group                                                                file system
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd                                                         \\?\globalroot\systemroot\system32\drivers\UACootjxyfoaw.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc                                                         \\?\globalroot\systemroot\system32\UACqcwooiyyvp.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr                                                       \\?\globalroot\systemroot\system32\UACaxujnepyof.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr                                                        \\?\globalroot\systemroot\system32\UACkkurhhtsar.dat
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal                                                       \\?\globalroot\systemroot\system32\UACocbirxjadt.db
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem                                                       \\?\globalroot\systemroot\system32\UACqerpbdogdk.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf                                                      \\?\globalroot\systemroot\system32\UACalitjljxoc.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xE2 0xAA 0x42 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x14 0x16 0xAF 0x33 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x33 0xFD 0x83 0xB9 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x22 0x66 0xD1 0x49 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start                                                                    1
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type                                                                     1
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath                                                                \systemroot\system32\drivers\UACootjxyfoaw.sys
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group                                                                    file system
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)                                          
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd                                                             \\?\globalroot\systemroot\system32\drivers\UACootjxyfoaw.sys
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc                                                             \\?\globalroot\systemroot\system32\UACqcwooiyyvp.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr                                                           \\?\globalroot\systemroot\system32\UACaxujnepyof.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr                                                            \\?\globalroot\systemroot\system32\UACkkurhhtsar.dat
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal                                                           \\?\globalroot\systemroot\system32\UACocbirxjadt.db
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem                                                           \\?\globalroot\systemroot\system32\UACqerpbdogdk.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf                                                          \\?\globalroot\systemroot\system32\UACalitjljxoc.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xF9 0xA3 0x99 0xD2 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x14 0x16 0xAF 0x33 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xFB 0xBF 0x3C 0x18 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xB6 0xA8 0xC8 0xF5 ...

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp                                            343040 bytes executable

---- EOF - GMER 1.0.15 ----
         

Geändert von Befallener (21.08.2009 um 11:57 Uhr)

Alt 21.08.2009, 11:59   #9
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Als erstes meldet Root Repeal 5x "Could not read Boot sector. Try adjusting the Disk level in the Options dialog" (Ich habe 4 Partitionen).
Deine Anleitung zu den Einstellungen die ich vornehmen soll, verstehe ich leider nicht. Wo soll ich ein Häkchen machen, die angegebenen Punkte existieren als Reiter. Scannen ergab folgendes:

Edit: Jetzt hab ichs, unter Report und dann auf Scan.

Drivers:
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/21 11:51
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: 
Image Path: 
Address: 0x00000000	Size: -2141804192	File Visible: -	Signed: -
Status: -

Name:          
Image Path:          
Address: 0xF7A37000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: a347bus.sys
Image Path: a347bus.sys
Address: 0xF7497000	Size: 158720	File Visible: -	Signed: -
Status: -

Name: a347scsi.sys
Image Path: a347scsi.sys
Address: 0xF798D000	Size: 5248	File Visible: -	Signed: -
Status: -

Name: a347scsi.sys
Image Path: a347scsi.sys
Address: 0xF798D000	Size: 5248	File Visible: -	Signed: -
Status: Hidden from the Windows API!

Name: abezo9r8.SYS
Image Path: C:\WINDOWS\System32\Drivers\abezo9r8.SYS
Address: 0xB8EA6000	Size: 225280	File Visible: -	Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7858000	Size: 188800	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000	Size: 2265088	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA8B3E000	Size: 138496	File Visible: -	Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7697000	Size: 42368	File Visible: -	Signed: -
Status: -

Name: aslm75.sys
Image Path: C:\WINDOWS\system32\drivers\aslm75.sys
Address: 0xBA5A8000	Size: 3488	File Visible: -	Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000	Size: 626688	File Visible: -	Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000	Size: 339968	File Visible: -	Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB9002000	Size: 3891200	File Visible: -	Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CD000	Size: 3821568	File Visible: -	Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000	Size: 540672	File Visible: -	Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF182000	Size: 307200	File Visible: -	Signed: -
Status: -

Name: ATITool.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ATITool.sys
Address: 0xF7466000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF572000	Size: 2670592	File Visible: -	Signed: -
Status: -

Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xA6056000	Size: 165376	File Visible: -	Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xB8FDF000	Size: 3072	File Visible: -	Signed: -
Status: -

Name: aujasnkj.sys
Image Path: C:\DOKUME~1\Jens\LOKALE~1\Temp\aujasnkj.sys
Address: 0xA5783000	Size: 84352	File Visible: No	Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xF79DD000	Size: 6144	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA66CC000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA8A4C000	Size: 114688	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79CF000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: CAPM4LP.SYS
Image Path: C:\WINDOWS\system32\Drivers\CAPM4LP.SYS
Address: 0xA6241000	Size: 15264	File Visible: -	Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF76F7000	Size: 63744	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7887000	Size: 62976	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7647000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: ctlfacem.sys
Image Path: C:\WINDOWS\system32\drivers\ctlfacem.sys
Address: 0xF79C1000	Size: 6912	File Visible: -	Signed: -
Status: -

Name: ctljystk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctljystk.sys
Address: 0xB8FED000	Size: 3712	File Visible: -	Signed: -
Status: -

Name: cvintdrv.SYS
Image Path: C:\WINDOWS\System32\Drivers\cvintdrv.SYS
Address: 0xB9C02000	Size: 3776	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7637000	Size: 36352	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7637000	Size: 36352	File Visible: -	Signed: -
Status: Hidden from the Windows API!

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7961000	Size: 154112	File Visible: -	Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798B000	Size: 5888	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7446000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8A34000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DF000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB8D4D000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A97000	Size: 4096	File Visible: -	Signed: -
Status: -

Name: EL2K_XP.sys
Image Path: C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys
Address: 0xB8F7E000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: ElbyCDFL.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
Address: 0xB9AB0000	Size: 15360	File Visible: -	Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xA60E7000	Size: 9792	File Visible: -	Signed: -
Status: -

Name: emu10k1m.sys
Image Path: C:\WINDOWS\system32\drivers\emu10k1m.sys
Address: 0xB8F38000	Size: 283904	File Visible: -	Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7787000	Size: 27392	File Visible: -	Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB9B5F000	Size: 44672	File Visible: -	Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xB943A000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7A17000	Size: 129792	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79CD000	Size: 7936	File Visible: -	Signed: -
Status: -

Name: fsvga.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fsvga.sys
Address: 0xF794B000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7839000	Size: 126336	File Visible: -	Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xB9AC0000	Size: 10624	File Visible: -	Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xB9AAC000	Size: 9472	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x80700000	Size: 134400	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xB9BBF000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB942A000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBA5EC000	Size: 10368	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA58B0000	Size: 264832	File Visible: -	Signed: -
Status: -

Name: hwinterface.sys
Image Path: C:\WINDOWS\System32\Drivers\hwinterface.sys
Address: 0xB9A6B000	Size: 2624	File Visible: -	Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7416000	Size: 52992	File Visible: -	Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBA7E0000	Size: 42112	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7456000	Size: 40448	File Visible: -	Signed: -
Status: -

Name: io.sys
Image Path: C:\WINDOWS\system32\drivers\io.sys
Address: 0xB9995000	Size: 2944	File Visible: -	Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xA8B88000	Size: 152832	File Visible: -	Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xA8C07000	Size: 75264	File Visible: -	Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000	Size: 37632	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF777F000	Size: 25216	File Visible: -	Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5B01000	Size: 172416	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB8EF1000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA749000	Size: 92288	File Visible: -	Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7667000	Size: 57472	File Visible: -	Signed: -
Status: -

Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF77B7000	Size: 18048	File Visible: -	Signed: -
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xA679C000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79D1000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xB944A000	Size: 23552	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xBA5E8000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000	Size: 42368	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xA6341000	Size: 180608	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xA8A68000	Size: 455296	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77E7000	Size: 19072	File Visible: -	Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xB9B9F000	Size: 35072	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBA610000	Size: 15488	File Visible: -	Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA650000	Size: 105344	File Visible: -	Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA68F000	Size: 182656	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA62C000	Size: 10112	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB8E8F000	Size: 91520	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA770000	Size: 40576	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xB9B7F000	Size: 34688	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xA8B60000	Size: 162816	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77EF000	Size: 30848	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA6BC000	Size: 574976	File Visible: -	Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000	Size: 2265088	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9C01000	Size: 2944	File Visible: -	Signed: -
Status: -

Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xA659E000	Size: 88320	File Visible: -	Signed: -
Status: -

Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xB8E6F000	Size: 63232	File Visible: -	Signed: -
Status: -

Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xA64C6000	Size: 55936	File Visible: -	Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB8EDD000	Size: 80384	File Visible: -	Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000	Size: 19712	File Visible: -	Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79B1000	Size: 7040	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7486000	Size: 68224	File Visible: -	Signed: -
Status: -

Name: PCI_PNP9908
Image Path: \Driver\PCI_PNP9908
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000	Size: 3328	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xBA7A0000	Size: 47360	File Visible: -	Signed: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xB9AB4000	Size: 10368	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000	Size: 2265088	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8F14000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: prodrv06.sys
Image Path: C:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xA8AD8000	Size: 77184	File Visible: -	Signed: -
Status: -

Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xF7687000	Size: 65504	File Visible: -	Signed: -
Status: -

Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xF7991000	Size: 6944	File Visible: -	Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xB945A000	Size: 17792	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7677000	Size: 35648	File Visible: -	Signed: -
Status: -

Name: pxscan.sys
Image Path: pxscan.sys
Address: 0xF7617000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: pxsec.sys
Image Path: pxsec.sys
Address: 0xF7657000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBA5CE000	Size: 8832	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBA7D0000	Size: 51328	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBA7C0000	Size: 41472	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBA7B0000	Size: 48384	File Visible: -	Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xB9452000	Size: 16512	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000	Size: 2265088	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xA8B13000	Size: 175744	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79D3000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB8DBF000	Size: 196224	File Visible: -	Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBA7F0000	Size: 57728	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA57A8000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF74BE000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Address: 0xA61B1000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xB9AB8000	Size: 15744	File Visible: -	Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF7406000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xBA66A000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xF798F000	Size: 4832	File Visible: -	Signed: -
Status: -

Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF7717000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: sfmanm.sys
Image Path: C:\WINDOWS\system32\drivers\sfmanm.sys
Address: 0xF7436000	Size: 36480	File Visible: -	Signed: -
Status: -

Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xBA67C000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: spfx.sys
Image Path: spfx.sys
Address: 0xF74D6000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7827000	Size: 73472	File Visible: -	Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xA5F14000	Size: 333952	File Visible: -	Signed: -
Status: -

Name: SVKP.sys
Image Path: C:\WINDOWS\system32\SVKP.sys
Address: 0xF7AAB000	Size: 2368	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79C9000	Size: 4352	File Visible: -	Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA6614000	Size: 60800	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xA8BAE000	Size: 361600	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xB9462000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBA790000	Size: 40704	File Visible: -	Signed: -
Status: -

Name: ttdvblcd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ttdvblcd.sys
Address: 0xF7426000	Size: 63520	File Visible: -	Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB8D61000	Size: 384768	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79CB000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF7777000	Size: 30208	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xB9BDF000	Size: 59520	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB8FA2000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF776F000	Size: 20608	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB9422000	Size: 20992	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8FC6000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7627000	Size: 53760	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xB9B8F000	Size: 34560	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77FF000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6214000	Size: 83072	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000	Size: 1847296	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000	Size: 1847296	File Visible: -	Signed: -
Status: -

Name: WmBEnum.sys
Image Path: C:\WINDOWS\system32\drivers\WmBEnum.sys
Address: 0xBA614000	Size: 10144	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7989000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000	Size: 2265088	File Visible: -	Signed: -
Status: -

Name: WmXlCore.sys
Image Path: C:\WINDOWS\system32\drivers\WmXlCore.sys
Address: 0xBA780000	Size: 45504	File Visible: -	Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBA5C2000	Size: 12032	File Visible: -	Signed: -
Status: -
         
Hidden Services
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/21 11:50
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Hidden Services
-------------------
Service Name: UACd.sys
Image PathC:\WINDOWS\system32\drivers\UACootjxyfoaw.sys
         

Geändert von Befallener (21.08.2009 um 12:12 Uhr)

Alt 21.08.2009, 12:01   #10
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Stealth Obj.
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/21 11:51
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Module [Name: UACqcwooiyyvp.dll]
Process: svchost.exe (PID: 836)	Address: 0x00a60000	Size: 73728

Object: Hidden Module [Name: UACe051.tmpnepyof.dll]
Process: svchost.exe (PID: 836)	Address: 0x10000000	Size: 217088

Object: Hidden Module [Name: UACalitjljxoc.dll]
Process: Explorer.EXE (PID: 3352)	Address: 0x10000000	Size: 49152

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8a80b1f8	Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System	Address: 0x89854ab0	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8a4c7b98	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8a6343e8	Size: 99

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x8a80d1f8	Size: 121

Object: Hidden Code [Driver: prodrv06؅䵃慖쐐㶀؂అ瑎䱆ᙸ䏀, IRP_MJ_CREATE]
Process: System	Address: 0xe1c8e248	Size: 1945

Object: Hidden Code [Driver: prodrv06؅䵃慖쐐㶀؂అ瑎䱆ᙸ䏀, IRP_MJ_CLOSE]
Process: System	Address: 0xe1c8e248	Size: 1945

Object: Hidden Code [Driver: prodrv06؅䵃慖쐐㶀؂అ瑎䱆ᙸ䏀, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0xe1c8e248	Size: 1945

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x8a2c2500	Size: 121

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_CLOSE]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_READ]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_WRITE]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_EA]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_POWER]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Hard, IRP_MJ_PNP]
Process: System	Address: 0x8a45a008	Size: 99

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8a79f1f8	Size: 121

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System	Address: 0xe182a5f0	Size: 2580

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System	Address: 0xe182a5f0	Size: 2580

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0xe182a5f0	Size: 2580

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x8a38f500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8a319500	Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System	Address: 0x8a401840	Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System	Address: 0x8a41b698	Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x8a549030	Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x8a3d0368	Size: 121

Object: Hidden Code [Driver: Npfsȅః瑎て, IRP_MJ_READ]
Process: System	Address: 0x8a475e70	Size: 11

Object: Hidden Code [Driver: MsfsЅఉ敓, IRP_MJ_READ]
Process: System	Address: 0x8a3153b0	Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System	Address: 0x8a344170	Size: 11

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_CREATE]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_CLOSE]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_READ]
Process: System	Address: 0x8a2f01e8	Size: 11

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a3773c8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑎獆ꒈ, IRP_MJ_PNP]
Process: System	Address: 0x8a3773c8	Size: 121
         

Geändert von Befallener (21.08.2009 um 12:09 Uhr)

Alt 21.08.2009, 17:30   #11
kira
/// Helfer-Team
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



hi

doch haben wir ja also: Rootkit/wikipedia.org
Da eine hundertprozentige Erkennung von Rootkits unmöglich ist, ist die beste Methode zur Entfernung wäre die komplette Neuinstallation.
Falls Du dein System doch reinigen möchtest:

1.
- Kopiere den Text aus der Code-Box in ein Notepad-Dokument und speichere ihn als remove.txt auf deiner Festplatte C:\
Code:
ATTFilter
Drivers to disable:
UACd.sys 
Drivers to delete:
UACd.sys 
Files to delete:
c:\windows\system32\drivers\UACootjxyfoaw.sys
c:\windows\system32\UACqcwooiyyvp.dll
c:\windows\system32\UACaxujnepyof.dll
c:\windows\system32\UACkkurhhtsar.dat
c:\windows\system32\UACocbirxjadt.db
c:\windows\system32\UACqerpbdogdk.dll
c:\windows\system32\UACalitjljxoc.dll
C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp
         
2.
→ Lade den Avenger herunter und entzippe ihn auf den Desktop. (direkt als `EXE` *hier* erhältlich )
→ die avenger.exe per Doppelklick starten
→ füge den Inhalt aus der Codebox vollständig und unverändert in das leere Textfeld bei "Input script here" ein
→ dann klicke auf "Execute"
→ wirst Du gefragt, ob Du das Script ausführen willst. Beantworte die Frage "Ja".
→ auf die Fragae ob dein Rechner jetzt neu starten soll "Rebot now" bejahe bitte auch
→ nach Neustart wird ein Dos Fenster aufgehen.
→ wenn wieder geschlossen ist, es öffnet sich der Editor mit die Scanergebnisse : C:\avenger.txt
→ kopiere und füge den Inhalt direkt aus der Textdatei hier rein
Achtung!:
Wenn Avenger nicht ausgeführt werden kann (ein Rootkit kann es verhindern), benenne avenger.exe um in "arniee.com" und versuche es erneut. (also wie vorher mit Gmer)

3.
  • klicke bitte auf diese URL (DelDomains.inf)
  • speichere den gesamten Text, den du nun bekommst, in die Zwischenablage deines Browsers,
  • kopiere ihn in ein neues Notepad Dokument, unter "alle Datei Typen" als
  • DelDomains.inf
  • Schliesse den Internet Explorer!
  • Mach einen Doppel-Klick auf die neue Datei "DelDomains.inf" auf deinem Desktop, um sie zu starten. Das ist alles.
4.
poste erneut:
Trend Micro HijackThis-Logfile

Geändert von kira (21.08.2009 um 17:40 Uhr)

Alt 22.08.2009, 22:27   #12
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Idee

AVCare, Win32Trojan.TDss und mehr ?



Hatte gestern und heute wenig Zeit, deshalb konnte ich erst jetzt weitermachen

avenger.txt
Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "a2vmuvj4" found!
Could not open driver a2vmuvj4 for rootkit scan.  Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Rootkit scan completed.

Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Driver "UACd.sys" deleted successfully.
File "c:\windows\system32\drivers\UACootjxyfoaw.sys" deleted successfully.
File "c:\windows\system32\UACqcwooiyyvp.dll" deleted successfully.
File "c:\windows\system32\UACaxujnepyof.dll" deleted successfully.
File "c:\windows\system32\UACkkurhhtsar.dat" deleted successfully.
File "c:\windows\system32\UACocbirxjadt.db" deleted successfully.
File "c:\windows\system32\UACqerpbdogdk.dll" deleted successfully.
File "c:\windows\system32\UACalitjljxoc.dll" deleted successfully.
File "C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
         
hijackthis.log
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:47, on 08/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Prevx\prevx.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\Programme\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
E:\HDV3\DTemp\DTemp.exe
C:\remindme\RemindMe.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\bases\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe
O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - 
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 1: (no name) - http://www.tomshardware.de/
O24 - Desktop Component 2: (no name) - C:\Dokumente und Einstellungen\*User*\Desktop\Neu Textdokument (4).html

--
End of file - 8542 bytes
         
Nach dem Neustart erschien bei mir nach dem Anmelden kurz ein Fenster und der Rechner bootete von neuem und diesmal normal/erfolgreich. Erkennen konnte ich im Fenster nur"Es kann kein temporäres (Ziel)verzeichnis....".

Die DelDomains.inf wird bei mir durch doppelklick nur geöffnet, ich hab dann mal installieren gewählt und jetzt sind diese Einträge von wegen Trusted Zone weg (von denen ich glaube das sie das Ziel dieser Maßnahme waren).

Prevx findet aus irgendeinem Grund immernoch das Rootkit und dessen Dateien (sowie den Avenger), im Skript angegeben sind alle. Was soll ich davon halten ?
AdAware findet keinen Win32Trojan.TDss mehr.
Ich habe außerdem immernoch nicht herausgefunden woher ich dieses nette AddOn für meinen PC habe.
Zwei Archive sind momentan heiße Kandidaten, kann ich diese Dateien wenigstens markieren und dann löschen oder sollte ich diese lieber über DOS/Knoppix/Avenger diese direkt löschen ?
Eine Neuinfektion möchte ich vermeiden.

Geändert von Befallener (22.08.2009 um 22:36 Uhr)

Alt 23.08.2009, 17:49   #13
kira
/// Helfer-Team
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



hi

Sind wir noch `lange` nicht fertig

1.
den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw
- Gmer entfernen
- C:\avenger\backup.zip löschen– (mit den Inhalt der gelöschten Dateien) → Papierkorb leeren
- Rootrepeal entfernen

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

3.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):
Zitat:
O24 - Desktop Component 1: (no name) - h**p://www.tomshardware.de/
O24 - Desktop Component 2: (no name) - C:\Dokumente und Einstellungen\*User*\Desktop\Neu Textdokument (4).html
4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Schalte den Rechner ab und nach ca 2-3 Minuten fahre wieder hoch

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
- Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...
- Falls danach noch alte Updates unter `Systemsteuerung → Software → Ändern/Entfernen...` existieren, deinstallieren:

- Adobe Reader: sehe nach, ob neuere Versionen vorhanden sind

9.
poste erneut:
Trend Micro HijackThis-Logfile
filelist.bat - den letzten sechs Monaten!

** Berichte wie es dein Rechner geht?

Geändert von kira (23.08.2009 um 17:56 Uhr)

Alt 23.08.2009, 21:04   #14
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Standard

AVCare, Win32Trojan.TDss und mehr ?



Anti Malware hat beim ersten Start den Fehler 732 (0, 0) geworfen. Ich schätze das lag daran, dass das Netzwerkkabel abgesteckt war (Ein Update habe ich dann durchgeführt),

1. erledigt
2. Malwarebytes Anti-Malware Log
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2683
Windows 5.1.2600 Service Pack 3

08/23/2009 20:55:38
mbam-log-2009-08-23 (20-55-38).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 252283
Laufzeit: 49 minute(s), 4 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACalitjljxoc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkkurhhtsar.dat (Trojan.Agent) -> Quarantined and deleted successfully.
         

Alt 23.08.2009, 23:04   #15
Befallener
 
AVCare, Win32Trojan.TDss und mehr ? - Icon24

AVCare, Win32Trojan.TDss und mehr ?



So, ich musste kurz unterbrechen und ich kann irgendwie den vorherigen Beitrag editieren.

3. Hijackthis: erledigt
4. CCleaner: erledigt
5. War deutlich länger
6. SUPERAntiSpyware FREE Edition:
Den Bildschirmschoner hab ich draufgelassen
Code:
ATTFilter
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2009 at 10:35 PM

Application Version : 4.27.1002

Core Rules Database Version : 4067
Trace Rules Database Version: 2007

Scan type       : Complete Scan
Total Scan Time : 00:43:32

Memory items scanned      : 642
Memory threats detected   : 0
Registry items scanned    : 5843
Registry threats detected : 9
File items scanned        : 31134
File threats detected     : 34

Unclassified.PC MightyMax
	HKU\S-1-5-21-606747145-920026266-839522115-1003\Software\PC MightyMax
	C:\Programme\PC MightyMax\lic.conf
	C:\Programme\PC MightyMax\lic.dat
	C:\Programme\PC MightyMax\pcdocrx.conf
	C:\Programme\PC MightyMax\tmp_res_x_101.tmp
	C:\Programme\PC MightyMax\tmp_res_x_102.tmp
	C:\Programme\PC MightyMax\tmp_res_x_103.tmp
	C:\Programme\PC MightyMax\tmp_res_x_104.tmp
	C:\Programme\PC MightyMax\tmp_res_x_105.tmp
	C:\Programme\PC MightyMax\tmp_res_x_106.tmp
	C:\Programme\PC MightyMax\tmp_res_x_107.tmp
	C:\Programme\PC MightyMax\tmp_res_x_108.tmp
	C:\Programme\PC MightyMax\tmp_res_x_109.tmp
	C:\Programme\PC MightyMax\tmp_res_x_110.tmp
	C:\Programme\PC MightyMax\tmp_res_x_111.tmp
	C:\Programme\PC MightyMax\tmp_res_x_112.tmp
	C:\Programme\PC MightyMax\tmp_res_x_113.tmp
	C:\Programme\PC MightyMax\tmp_res_x_114.tmp
	C:\Programme\PC MightyMax\tmp_res_x_115.tmp
	C:\Programme\PC MightyMax\tmp_res_x_116.tmp
	C:\Programme\PC MightyMax\tmp_res_x_117.tmp
	C:\Programme\PC MightyMax\tmp_res_x_118.tmp
	C:\Programme\PC MightyMax\tmp_res_x_119.tmp
	C:\Programme\PC MightyMax\tmp_res_x_120.tmp
	C:\Programme\PC MightyMax\tmp_res_x_121.tmp
	C:\Programme\PC MightyMax\tmp_res_x_122.tmp
	C:\Programme\PC MightyMax\tmp_res_x_123.tmp
	C:\Programme\PC MightyMax\tmp_res_x_124.tmp
	C:\Programme\PC MightyMax\tmp_res_x_125.tmp
	C:\Programme\PC MightyMax\undo
	C:\Programme\PC MightyMax

Rootkit.Agent/Gen
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#start
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#type
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#group
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#imagepath
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACd
	HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACc

NotHarmful.Sysinternals Bluescreen Screen Saver
	C:\WINDOWS\SYSTEM32\SYSINTERNALS BLUESCREEN.SCR

Trojan.Downloader-Gen/Suspicious
	F:\PROGRAMME\FLASHFXP\TOOLS\WINRAR V3.50 BETA6\WDC-PATCH.EXE

Adware.Lop
	F:\PROGRAMME\NETPUMPER\ZM\NP_0123_1.EXE
	F:\SYSTEM VOLUME INFORMATION\_RESTORE{3D460867-A620-4D6C-88AC-A50227E74D0A}\RP1096\A0253968.EXE
         
nach einem Neustart hab ich jetzt nochmal Prevx drüberlaufen lassen und der findet auch nichts mehr.

7.

8.Java war wirklich deutlich älter als ich dachte, wurde also auch gleich ein Update eingeleitet

9. HijackThis Log
Frage: Was sind eigentlich diese Einträge bei O16 ?

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:26, on 08/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\taskswitch.exe
F:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\HDV3\DTemp\DTemp.exe
C:\remindme\RemindMe.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\bases\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe
O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - 
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205
O20 - Winlogon Notify: !SASWinLogon - F:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8656 bytes
         

Geändert von Befallener (23.08.2009 um 23:24 Uhr)

Antwort

Themen zu AVCare, Win32Trojan.TDss und mehr ?
ad-aware, anfang, antivir, antivir guard, bho, bildschirm, browser, c.exe, desktop, einstellungen, excel, firefox, free download, helper, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, malwarebytes anti-malware, maus, mozilla, netzwerkverkehr, prozess, rootkit, scan, schwarzer bildschirm, software, starten, teile davon, trojan.tdss, windows xp



Ähnliche Themen: AVCare, Win32Trojan.TDss und mehr ?


  1. BOO/TDss.O - Kein Zugriff auf Dateien mehr
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (25)
  2. Rootkit BOO/TDss.D Bekomme ich nicht mehr weg HELP
    Log-Analyse und Auswertung - 15.09.2011 (37)
  3. TDss.M im Bootsektor gelöscht, Pc fährt nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 10.07.2011 (1)
  4. BOO/TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (25)
  5. Rootkit.Win32.TDSS.d - Komme nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  6. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  7. Virus Win32Trojan-gen in Datei VCREDI~3.EXE
    Plagegeister aller Art und deren Bekämpfung - 21.11.2009 (4)
  8. Virus durch AVCare
    Log-Analyse und Auswertung - 16.09.2009 (98)
  9. Win32Trojan.Tdss - wie entfernen - bitte um Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (46)
  10. Logfile -TDss und mehr
    Plagegeister aller Art und deren Bekämpfung - 24.08.2009 (1)
  11. AVCare - System neu aufsetzen notwendig oder gehts auch ohne?
    Log-Analyse und Auswertung - 21.08.2009 (1)
  12. Win32Trojan.Tdss - lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2009 (45)
  13. BDS/TDSS.adb, BDS/TDSS.JW und einiges mehr
    Log-Analyse und Auswertung - 14.01.2009 (28)
  14. Hilfe bei TR/Crypt.XPACK.Gen u. TR/TDss.AT.518 u.a auch mehr..
    Plagegeister aller Art und deren Bekämpfung - 12.01.2009 (8)
  15. Avast meldet Win32Trojan-gen
    Log-Analyse und Auswertung - 27.12.2008 (1)
  16. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  17. Backdoor.TDSS.asz und TDSS.atb gefunden
    Mülltonne - 28.11.2008 (0)

Zum Thema AVCare, Win32Trojan.TDss und mehr ? - Hallo, ich habe mir gestern so gegen 23.00 AVCare eingefangen, des weiteren fielen mir ein Prozess msa.exe und eine beim Systemstart ausgeführte b.exe auf. Symptome waren neben dem nervenden AVCare - AVCare, Win32Trojan.TDss und mehr ?...
Archiv
Du betrachtest: AVCare, Win32Trojan.TDss und mehr ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.