| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TDDS installiert sich nach deinstallation und reboot wieder neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.05.2010, 17:46
| #1 |
 |  TDDS installiert sich nach deinstallation und reboot wieder neu Hallo zusammen, ich habe das Problem das mein Norton ständig die svchost und meine firefox.exe anmeckert "Https Tidserv Request" oder auch "Https Tidserv Request 2" Diese Aktionen werden allesamt geblockt. Folgendes habe ich schon ausprobiert: - Den CCleaner benutzt wie hier im Forum beschrieben. - Malwarebytes-Anti-Malware im Quick und Ausführlichen Modus benutzt und alles was gefunden wurde gelöscht Hier mein Log hierzu (Full Scan): Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4074
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
07.05.2010 15:12:07
mbam-log-2010-05-07 (15-12-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 266903
Laufzeit: 1 Stunde(n), 7 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier das Logfile: Code:
ATTFilter 15:41:22:609 2992 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
15:41:22:609 2992 ================================================================================
15:41:22:609 2992 SystemInfo:
15:41:22:609 2992 OS Version: 5.1.2600 ServicePack: 3.0
15:41:22:609 2992 Product type: Workstation
15:41:22:609 2992 ComputerName: ***
15:41:22:609 2992 UserName: ***
15:41:22:609 2992 Windows directory: C:\WINDOWS
15:41:22:609 2992 Processor architecture: Intel x86
15:41:22:609 2992 Number of processors: 2
15:41:22:609 2992 Page size: 0x1000
15:41:22:609 2992 Boot type: Normal boot
15:41:22:609 2992 ================================================================================
15:41:22:609 2992 UnloadDriverW: NtUnloadDriver error 2
15:41:22:609 2992 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:41:23:343 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:41:23:343 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992 wfopen_ex: Trying to KLMD file open
15:41:23:343 2992 wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:41:23:343 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992 wfopen_ex: Trying to KLMD file open
15:41:23:343 2992 wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992 Initialize success
15:41:23:343 2992
15:41:23:343 2992 Scanning Services ...
15:41:24:171 2992 Raw services enum returned 397 services
15:41:24:187 2992
15:41:24:187 2992 Scanning Kernel memory ...
15:41:24:187 2992 Devices to scan: 10
15:41:24:187 2992
15:41:24:187 2992 Driver Name: Disk
15:41:24:187 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:187 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:187 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:187 2992 IRP_MJ_READ : B8108D1F
15:41:24:187 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:187 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:187 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:187 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:187 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:187 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:187 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:187 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:187 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:187 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:187 2992 IRP_MJ_POWER : B810AC82
15:41:24:187 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:187 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:187 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:203 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:203 2992
15:41:24:203 2992 Driver Name: Disk
15:41:24:203 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:203 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:203 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:203 2992 IRP_MJ_READ : B8108D1F
15:41:24:203 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:203 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:203 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:203 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:203 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:203 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:203 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:203 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:203 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:203 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:203 2992 IRP_MJ_POWER : B810AC82
15:41:24:203 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:203 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:203 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:234 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992
15:41:24:234 2992 Driver Name: Disk
15:41:24:234 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:234 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:234 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:234 2992 IRP_MJ_READ : B8108D1F
15:41:24:234 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:234 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:234 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:234 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:234 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:234 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:234 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:234 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_POWER : B810AC82
15:41:24:234 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:234 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:234 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992
15:41:24:234 2992 Driver Name: Disk
15:41:24:234 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:234 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:234 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:234 2992 IRP_MJ_READ : B8108D1F
15:41:24:234 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:234 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:234 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:234 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:234 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:234 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:234 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:234 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_POWER : B810AC82
15:41:24:234 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:234 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:250 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992
15:41:24:250 2992 Driver Name: Disk
15:41:24:250 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:250 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:250 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:250 2992 IRP_MJ_READ : B8108D1F
15:41:24:250 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:250 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:250 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:250 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:250 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:250 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:250 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:250 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_POWER : B810AC82
15:41:24:250 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:250 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:250 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992
15:41:24:250 2992 Driver Name: atapi
15:41:24:250 2992 IRP_MJ_CREATE : B7F146F2
15:41:24:250 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:250 2992 IRP_MJ_CLOSE : B7F146F2
15:41:24:250 2992 IRP_MJ_READ : 804F4562
15:41:24:250 2992 IRP_MJ_WRITE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:250 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_DEVICE_CONTROL : B7F14712
15:41:24:250 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F10852
15:41:24:250 2992 IRP_MJ_SHUTDOWN : 804F4562
15:41:24:250 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:250 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_POWER : B7F1473C
15:41:24:250 2992 IRP_MJ_SYSTEM_CONTROL : B7F1B336
15:41:24:250 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:265 2992 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:265 2992
15:41:24:265 2992 Driver Name: atapi
15:41:24:265 2992 IRP_MJ_CREATE : 8A331EE4
15:41:24:265 2992 IRP_MJ_CREATE_NAMED_PIPE : 8A331EE4
15:41:24:265 2992 IRP_MJ_CLOSE : 8A331EE4
15:41:24:265 2992 IRP_MJ_READ : 8A331EE4
15:41:24:265 2992 IRP_MJ_WRITE : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_EA : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_EA : 8A331EE4
15:41:24:265 2992 IRP_MJ_FLUSH_BUFFERS : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_VOLUME_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_DIRECTORY_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_DEVICE_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_SHUTDOWN : 8A331EE4
15:41:24:265 2992 IRP_MJ_LOCK_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_CLEANUP : 8A331EE4
15:41:24:265 2992 IRP_MJ_CREATE_MAILSLOT : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_SECURITY : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_SECURITY : 8A331EE4
15:41:24:265 2992 IRP_MJ_POWER : 8A331EE4
15:41:24:265 2992 IRP_MJ_SYSTEM_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_DEVICE_CHANGE : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_QUOTA : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_QUOTA : 8A331EE4
15:41:24:265 2992 Driver "atapi" infected by TDSS rootkit!
15:41:24:281 2992 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:281 2992 File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 15:41:24:281 2992 Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
15:41:24:281 2992 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:41:24:375 2992 vfvi6
15:41:24:453 2992 !dsvbh1
15:41:25:687 2992 dsvbh2
15:41:25:687 2992 fdfb2
15:41:25:687 2992 Backup copy found, using it..
15:41:25:781 2992 will be cured on next reboot
15:41:25:781 2992 Reboot required for cure complete..
15:41:25:812 2992 Cure on reboot scheduled successfully
15:41:25:812 2992
15:41:25:812 2992 Completed
15:41:25:812 2992
15:41:25:812 2992 Results:
15:41:25:812 2992 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
15:41:25:812 2992 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:41:25:812 2992 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:41:25:812 2992
15:41:25:812 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:41:25:812 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:41:25:812 2992 UnloadDriverW: NtUnloadDriver error 1
15:41:25:812 2992 KLMD(ARK) unloaded successfully
Hier das Logfile: Code:
ATTFilter Norman TDSS Cleaner
Version 1.9.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/04/27 16:10:07
Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/04/27 16:10:07, Variants: 55720
Scan started: 07/05/2010 15:49:53
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: PC-Name\Benutzer
Running anti-TDSS module:
TDSS/TDL3 Rootkit Detected
Infected driver successfully cured
Reboot required to complete rootkit disinfection
Running post-scan cleanup routine:
Number of files found: 0
Number of archives unpacked: 0
Number of files scanned: 0
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 39s
- Spybot SD ausgeführt -> keine Spyware gefunden - RSIT ausgeführt Log.txt Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by Benutzer at 2010-05-07 18:25:20 Microsoft Windows XP Professional Service Pack 3 System drive C: has 31 GB (61%) free of 51 GB Total RAM: 2030 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:25:33, on 07.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\idt\intelxpv_v103\wdm\STacSV.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Logitech\Easy Synchronization\servicestub.exe C:\Programme\MagicTune Premium\MagicTuneEngine.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe d:\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe D:\iTunes\iTunesHelper.exe C:\Programme\IDT\WDM\sttray.exe C:\Programme\Citrix\ICA Client\concentr.exe D:\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\Citrix\ICA Client\wfcrun32.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\MagicTune Premium\GammaTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\MagicTune Premium\MagicTune.exe C:\Dokumente und Einstellungen\Markus\Desktop\RSIT.exe C:\Programme\trend micro\Markus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Programme\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "d:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262193160640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262197682203 O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECF2FB7-7C81-4A11-BAE4-FAF9D9E207EA}: NameServer = 212.114.152.1,212.114.153.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Programme\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - d:\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programme\idt\intelxpv_v103\wdm\STacSV.exe -- End of file - 10429 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}] SnapFlash Class - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll [2002-12-03 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-17 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Bluetooth Connection Assistant"=LBTWIZ.EXE -silent [] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=D:\iTunes\iTunesHelper.exe [2009-07-13 292128] "SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2009-03-12 483422] "ConnectionCenter"=C:\Programme\Citrix\ICA Client\concentr.exe [2009-09-12 103768] "nwiz"=nwiz.exe /installquiet [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"=d:\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe GammaTray.lnk - C:\Programme\MagicTune Premium\GammaTray.exe Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Programme\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632] "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA" "D:\ICQ6.5\ICQ.exe"="D:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Curse\CurseClient.exe"="D:\Curse\CurseClient.exe:*:Enabled:Curse Client" "E:\Celetania\Celetania.exe"="E:\Celetania\Celetania.exe:*:Enabled:Celetania" "D:\Sony Ericsson Media Manager\MediaManager.exe"="D:\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "D:\appleJuice\gui\AJCoreGUI.exe"="D:\appleJuice\gui\AJCoreGUI.exe:*:Enabled:appleJuice Client (GUI)" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df6cc934-1e2a-11df-bbb6-0019d1463bec}] shell\AutoRun\command - M:\DPFMate.exe ======List of files/folders created in the last 1 months====== 2010-05-07 15:45:51 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.45.51_log.txt 2010-05-07 15:41:22 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.41.22_log.txt 2010-05-06 22:14:56 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_22.14.56_log.txt 2010-05-06 21:44:08 ----D---- C:\rsit 2010-05-06 21:44:08 ----D---- C:\Programme\trend micro 2010-05-06 20:30:28 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_20.30.28_log.txt 2010-05-06 00:17:28 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes 2010-05-06 00:17:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-06 00:17:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-06 00:09:06 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Uniblue 2010-05-06 00:09:00 ----D---- C:\Programme\Uniblue 2010-05-05 23:57:06 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.57.06_log.txt 2010-05-05 23:46:05 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.46.05_log.txt 2010-05-05 20:55:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation 2010-05-05 20:39:57 ----RASHOT---- C:\WINDOWS\winstart.bat 2010-05-05 20:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-05-05 20:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$ 2010-05-05 20:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-05-05 20:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-05-05 20:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-05-05 20:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-05-05 20:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-05-05 20:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-05-05 20:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$ 2010-05-05 20:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-05-05 20:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-05-05 20:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-05-05 20:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-05-05 20:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-05-05 20:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-05-05 20:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-05-05 20:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-05-05 20:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-05-05 20:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-05-05 20:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-05-05 20:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-05-05 20:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-05-05 20:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-05-05 20:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-05-05 20:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-05-05 20:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-05-05 20:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-05-05 20:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-05-05 20:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-05-05 20:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-05-05 20:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-05-05 20:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-05-05 20:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-05-05 20:23:04 ----SHD---- C:\Config.Msi 2010-05-05 20:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-05-05 20:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-05-05 20:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-05-05 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-05-05 20:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-05-05 20:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-05-05 20:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-05-05 20:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-05-05 20:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-05-05 20:20:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-05-05 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-05-05 20:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-05-05 20:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-05-05 20:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-05-05 20:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-05-05 20:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-05-05 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-05-05 20:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-05-05 20:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-05-05 20:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-05-05 20:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-05-05 20:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-05-05 20:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-05-05 20:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-05-05 20:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-05-05 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-05-05 20:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-05-05 20:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-05-05 20:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-05-05 20:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-05-05 20:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-05-05 20:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-05-05 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-05-05 20:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-05-05 20:16:57 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll 2010-04-26 20:02:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix ======List of files/folders modified in the last 1 months====== 2010-05-07 17:24:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-05-07 16:44:39 ----D---- C:\WINDOWS\Temp 2010-05-07 15:54:02 ----D---- C:\WINDOWS\Prefetch 2010-05-07 15:51:57 ----D---- C:\WINDOWS\system32 2010-05-07 15:51:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-07 15:50:37 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-07 15:50:03 ----D---- C:\WINDOWS\system32\drivers 2010-05-07 15:49:56 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-07 15:47:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-07 15:44:15 ----D---- C:\WINDOWS 2010-05-07 13:54:06 ----D---- C:\WINDOWS\Debug 2010-05-07 13:53:29 ----D---- C:\Programme\CCleaner 2010-05-06 22:42:32 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Skype 2010-05-06 21:44:08 ----RD---- C:\Programme 2010-05-06 21:36:09 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\skypePM 2010-05-06 20:48:12 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-06 17:47:55 ----D---- C:\WINDOWS\Microsoft.NET 2010-05-06 17:47:41 ----RSD---- C:\WINDOWS\assembly 2010-05-06 17:23:40 ----D---- C:\WINDOWS\system32\Restore 2010-05-06 17:23:00 ----D---- C:\Programme\Spybot - Search & Destroy 2010-05-06 00:29:34 ----SHD---- C:\System Volume Information 2010-05-06 00:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$ 2010-05-06 00:03:22 ----HD---- C:\WINDOWS\inf 2010-05-05 20:56:20 ----SHD---- C:\WINDOWS\Installer 2010-05-05 20:55:53 ----D---- C:\WINDOWS\Help 2010-05-05 20:55:53 ----D---- C:\Programme\NVIDIA Corporation 2010-05-05 20:54:54 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-05-05 20:51:33 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-05 20:47:24 ----D---- C:\Programme\XP-Clean Speed 2010-05-05 20:33:37 ----D---- C:\WINDOWS\system32\wbem 2010-05-05 20:33:37 ----D---- C:\WINDOWS\AppPatch 2010-05-05 20:28:41 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-05 20:27:57 ----D---- C:\Programme\Movie Maker 2010-05-05 20:26:46 ----D---- C:\WINDOWS\WinSxS 2010-05-05 20:21:13 ----D---- C:\Programme\Outlook Express 2010-05-05 20:19:19 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-05 20:18:10 ----D---- C:\Programme\Messenger 2010-05-05 17:26:09 ----SD---- C:\WINDOWS\Tasks 2010-04-26 20:02:17 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\ICAClient 2010-04-26 20:02:03 ----D---- C:\Programme\Citrix 2010-04-26 19:47:12 ----RD---- C:\Programme\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2009-08-22 259632] R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-02-04 482432] R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [] R1 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSxpx86.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2009-08-22 308272] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2009-08-22 43696] R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2009-08-22 217136] R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys [] R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys [] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-28 17024] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-10-28 30299] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-10-28 44003] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-04 241296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-07-29 43392] R3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-01-17 13184] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288] R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVEX15.SYS [] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2009-08-22 89904] R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS [2009-08-22 33072] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS [2009-08-22 36400] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-10-05 18167] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-28 54488] S3 catchme;catchme; \??\C:\cf\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544] S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728] S3 skfilt;skfilt; C:\WINDOWS\system32\drivers\skfilt.sys [2008-02-12 1670016] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-10-05 47104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-10-28 163840] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-17 153376] R2 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Programme\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536] R2 MagicTuneEngine;MagicTuneEngine; C:\Programme\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208] R2 Norton AntiVirus;Norton AntiVirus; C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 OMSI download service;Sony Ericsson OMSI download service; d:\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 STacSV;Audio Service; c:\programme\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-07-13 542496] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-08-20 73728] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
| Themen zu TDDS installiert sich nach deinstallation und reboot wieder neu |
| antivirus, bho, bonjour, browser, browseui preloader, curse, desktop, device driver, down, einstellungen, eraser, error, excel, firefox.exe, focus, fontcache, heuristics, hijack, hijackthis, hkus\s-1-5-18, installation, intrusion prevention, logfile, malwarebytes' anti-malware, mein log, msiexec, neu starten, norman, problem, required, rootkit, routine, rundll, scan, security, senden, skype.exe, spyware, starten, studio, svchost, symantec, visual studio, windows xp, write |
Baum-Darstellung