Windows Vista - Infektion mit Sirefef, Sirefef.AB

SatanasOz · 17.10.2012, 00:01

Log gekürzt, volles Log im Anhang

Code:

ATTFilter

11:39:47.0780 5256  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:39:48.0880 5256  ============================================================
11:39:48.0880 5256  Current date / time: 2012/10/17 11:39:48.0880
11:39:48.0880 5256  SystemInfo:
11:39:48.0880 5256  
11:39:48.0880 5256  OS Version: 6.0.6002 ServicePack: 2.0
11:39:48.0881 5256  Product type: Workstation
11:39:48.0881 5256  ComputerName: NINA-PC
11:39:48.0881 5256  UserName: Nina
11:39:48.0881 5256  Windows directory: C:\Windows
11:39:48.0881 5256  System windows directory: C:\Windows
11:39:48.0881 5256  Processor architecture: Intel x86
11:39:48.0881 5256  Number of processors: 2
11:39:48.0881 5256  Page size: 0x1000
11:39:48.0881 5256  Boot type: Normal boot
11:39:48.0882 5256  ============================================================
11:39:49.0002 5256  BG loaded
11:39:49.0653 5256  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
11:39:49.0677 5256  Drive \Device\Harddisk1\DR2 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:49.0679 5256  ============================================================
11:39:49.0679 5256  \Device\Harddisk0\DR0:
11:39:49.0679 5256  MBR partitions:
11:39:49.0679 5256  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
11:39:49.0692 5256  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
11:39:49.0693 5256  \Device\Harddisk1\DR2:
11:39:49.0694 5256  MBR partitions:
11:39:49.0694 5256  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
11:39:49.0694 5256  ============================================================
11:39:49.0769 5256  C: <-> \Device\Harddisk0\DR0\Partition1
11:39:49.0859 5256  D: <-> \Device\Harddisk0\DR0\Partition2
11:39:49.0860 5256  ============================================================
11:39:49.0860 5256  Initialize success
11:39:49.0860 5256  ============================================================
11:39:59.0820 5872  ============================================================
11:39:59.0820 5872  Scan started
11:39:59.0821 5872  Mode: Manual; SigCheck; TDLFS; 
11:39:59.0821 5872  ============================================================
11:40:04.0760 5872  ================ Scan system memory ========================
11:40:04.0761 5872  System memory - ok
11:40:04.0761 5872  ================ Scan services =============================
11:40:06.0098 5872  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:40:06.0386 5872  ACPI - ok
11:40:06.0847 5872  [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:40:07.0079 5872  AcrSch2Svc - ok
...
11:49:59.0250 4400  C:\Windows\System32\wsqmcons.exe - ok
11:49:59.0261 4400  [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
11:49:59.0261 4400  C:\Windows\System32\tdh.dll - ok
11:49:59.0268 4400  [ 2A965923FE3D6D5119A770D9B40B1C16 ] C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe
11:49:59.0268 4400  C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe - ok
11:49:59.0272 4400  ============================================================
11:49:59.0272 4400  Scan finished
11:49:59.0272 4400  ============================================================
11:49:59.0287 3684  Detected object count: 11
11:49:59.0287 3684  Actual detected object count: 11
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0677 3684  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0678 3684  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

Windows Vista - Infektion mit Sirefef, Sirefef.AB

Log-Analyse und Auswertung: Windows Vista - Infektion mit Sirefef, Sirefef.AB

Windows Vista - Infektion mit Sirefef, Sirefef.AB

Ähnliche Themen: Windows Vista - Infektion mit Sirefef, Sirefef.AB