| |
| |||||||
Log-Analyse und Auswertung: PE:Malware.Generic(Thunder)!1.A1C4 [F] in mehreren Exe-DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.12.2015, 13:21
| #10 |
| | ![PE:Malware.Generic(Thunder)!1.A1C4 [F] in mehreren Exe-Dateien - Standard](images/icons/icon1.gif){kind=icon} PE:Malware.Generic(Thunder)!1.A1C4 [F] in mehreren Exe-DateienCode:
ATTFilter AdwCleaner v5.025 - Bericht erstellt am 21/12/2015 um 12:49:02
# Aktualisiert am 13/12/2015 von Xplode
# Datenbank : 2015-12-13.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Ekim - EKIM-PC
# Gestartet von : C:\Users\Burgerkingster\Desktop\adwcleaner_5.025.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
########## EOF - \AdwCleaner\AdwCleaner[S10].txt - [646 Bytes] ##########
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18124
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8525733888, free: 6681661440
Downloaded database version: v2015.12.21.03
Downloaded database version: v2015.12.18.01
Downloaded database version: v2015.12.15.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
12/21/2015 12:57:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\cthdb.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\av69s9ge.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\cthda.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\dump_veracrypt.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\??\G:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\amdacpksd.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
\Program Files\DAEMON Tools Lite\VDriveLib.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.12.21.03
rootkit: v2015.12.18.01
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800a770790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800a523900
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800c3eed70
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80092d7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa8006a919c0
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xfffffa800c37db80
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80092d6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa80066609c0
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xfffffa800bf07970
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80092d5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8006a8e060
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xfffffa800c057090
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80092d5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80091cfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80092d5b50, DeviceName: Unknown, DriverName: \Driver\veracrypt\
DevicePointer: 0xfffffa80092d5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80091cec50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8006a8e060, DeviceName: \Device\00000071\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\veracrypt\
Upper DeviceData: 0xfffff8a00bc711a0, 0xfffffa80092d5060, 0xfffffa800bfa4790
Lower DeviceData: 0xfffff8a0107cf730, 0xfffffa8006a8e060, 0xfffffa800c057090
<<<3>>>
Volume: C:
File system type: UNKNOWN
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
<<<2>>>
<<<3>>>
Volume: C:
File system type: UNKNOWN
<<<2>>>
<<<3>>>
Volume: C:
File system type: UNKNOWN
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DEBF469C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 122880000
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 122882048 Numsec = 111554560
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80092d6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80091d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80092d6b50, DeviceName: Unknown, DriverName: \Driver\veracrypt\
DevicePointer: 0xfffffa80092d6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80091ce860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80066609c0, DeviceName: \Device\00000072\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\veracrypt\
Upper DeviceData: 0xfffff8a00fe16de0, 0xfffffa80092d6060, 0xfffffa800b0dd090
Lower DeviceData: 0xfffff8a01382fa70, 0xfffffa80066609c0, 0xfffffa800bf07970
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A5512
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 234441647
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3321799065
GPT Header CurrentLba = 1 BackupLba 234441647
GPT Header FirstUsableLba 34 LastUsableLba 234441614
GPT Header Guid c97ee93d-f928-4ecf-909f-58d8a7fff52e
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3321799065
Backup GPT header CurrentLba = 234441647 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 234441614
Backup GPT header Guid c97ee93d-f928-4ecf-909f-58d8a7fff52e
Backup GPT header Contains 128 partition entries starting at LBA 234441615
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID feb1e27-1050-4722-97af-caed3555b99e
FirstLBA 2048 Last LBA 204802047
Attributes 0
Partition Name
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID d733468e-2213-4439-ab8a-c6c82c275554
FirstLBA 204802048 Last LBA 219138047
Attributes 0
Partition Name Basic data partition
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80092d7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80091d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80092d7b50, DeviceName: Unknown, DriverName: \Driver\veracrypt\
DevicePointer: 0xfffffa80092d7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80091d1c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8006a919c0, DeviceName: \Device\00000073\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\veracrypt\
Upper DeviceData: 0xfffff8a0151bd160, 0xfffffa80092d7060, 0xfffffa800bf89450
Lower DeviceData: 0xfffff8a00bcb6cc0, 0xfffffa8006a919c0, 0xfffffa800c37db80
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9E93A
Partition information:
Partition 0 type is Other (0x82)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 32768000
Partition is not bootable
Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 32772094 Numsec = 78120962
Partition is not bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 110893056 Numsec = 369307648
Partition is not bootable
Partition file system is NTFS
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800a770790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a527b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a526b50, DeviceName: Unknown, DriverName: \Driver\veracrypt\
DevicePointer: 0xfffffa800a770790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a524c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800a523900, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
Code:
ATTFilter 13:17:22.0150 0x06b0 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:17:32.0688 0x06b0 ============================================================
13:17:32.0688 0x06b0 Current date / time: 2015/12/21 13:17:32.0688
13:17:32.0688 0x06b0 SystemInfo:
13:17:32.0688 0x06b0
13:17:32.0688 0x06b0 OS Version: 6.1.7601 ServicePack: 1.0
13:17:32.0688 0x06b0 Product type: Workstation
13:17:32.0688 0x06b0 ComputerName: EKIM-PC
13:17:32.0689 0x06b0 UserName: Ekim
13:17:32.0689 0x06b0 Windows directory: C:\Windows
13:17:32.0689 0x06b0 System windows directory: C:\Windows
13:17:32.0689 0x06b0 Running under WOW64
13:17:32.0689 0x06b0 Processor architecture: Intel x64
13:17:32.0689 0x06b0 Number of processors: 4
13:17:32.0689 0x06b0 Page size: 0x1000
13:17:32.0689 0x06b0 Boot type: Normal boot
13:17:32.0689 0x06b0 ============================================================
13:17:33.0532 0x06b0 KLMD registered as C:\Windows\system32\drivers\33326929.sys
13:17:33.0721 0x06b0 System UUID: {82C1F478-9A5C-45A6-BA8D-C8EA04AF86BF}
13:17:33.0973 0x06b0 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:33.0975 0x06b0 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:33.0993 0x06b0 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:33.0997 0x06b0 ============================================================
13:17:33.0997 0x06b0 \Device\Harddisk0\DR0:
13:17:33.0997 0x06b0 MBR partitions:
13:17:33.0997 0x06b0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7530000
13:17:33.0997 0x06b0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0x6A63000
13:17:33.0997 0x06b0 \Device\Harddisk1\DR1:
13:17:33.0997 0x06b0 GPT partitions:
13:17:33.0997 0x06b0 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0FEB1E27-1050-4722-97AF-CAED3555B99E}, Name: , StartLBA 0x800, BlocksNum 0xC350000
13:17:33.0997 0x06b0 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D733468E-2213-4439-AB8A-C6C82C275554}, Name: Basic data partition, StartLBA 0xC350800, BlocksNum 0xDAC000
13:17:33.0997 0x06b0 MBR partitions:
13:17:33.0997 0x06b0 \Device\Harddisk2\DR2:
13:17:33.0997 0x06b0 MBR partitions:
13:17:34.0019 0x06b0 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x69C1800, BlocksNum 0x16033000
13:17:34.0019 0x06b0 ============================================================
13:17:34.0019 0x06b0 F: <-> \Device\Harddisk1\DR1\Partition1
13:17:34.0020 0x06b0 G: <-> \Device\Harddisk1\DR1\Partition2
13:17:34.0021 0x06b0 H: <-> \Device\Harddisk0\DR0\Partition2
13:17:34.0058 0x06b0 J: <-> \Device\Harddisk2\DR2\Partition1
13:17:34.0058 0x06b0 ============================================================
13:17:34.0058 0x06b0 Initialize success
13:17:34.0058 0x06b0 ============================================================
13:17:47.0095 0x09d0 ============================================================
13:17:47.0095 0x09d0 Scan started
13:17:47.0095 0x09d0 Mode: Manual;
13:17:47.0095 0x09d0 ============================================================
13:17:47.0095 0x09d0 KSN ping started
13:17:49.0420 0x09d0 KSN ping finished: true
13:17:49.0513 0x09d0 ================ Scan system memory ========================
13:17:49.0513 0x09d0 System memory - ok
13:17:49.0514 0x09d0 ================ Scan services =============================
13:17:49.0533 0x09d0 1394ohci - ok
13:17:49.0539 0x09d0 ACPI - ok
13:17:49.0542 0x09d0 AcpiPmi - ok
13:17:49.0545 0x09d0 AdobeFlashPlayerUpdateSvc - ok
13:17:49.0549 0x09d0 adp94xx - ok
13:17:49.0552 0x09d0 adpahci - ok
13:17:49.0555 0x09d0 adpu320 - ok
13:17:49.0560 0x09d0 AeLookupSvc - ok
13:17:49.0563 0x09d0 AFD - ok
13:17:49.0567 0x09d0 agp440 - ok
13:17:49.0570 0x09d0 ALG - ok
13:17:49.0571 0x09d0 aliide - ok
13:17:49.0574 0x09d0 AMD External Events Utility - ok
13:17:49.0575 0x09d0 amdacpksd - ok
13:17:49.0577 0x09d0 amdacpusrsvc - ok
13:17:49.0580 0x09d0 amdide - ok
13:17:49.0581 0x09d0 AmdK8 - ok
13:17:49.0583 0x09d0 amdkmdag - ok
13:17:49.0585 0x09d0 amdkmdap - ok
13:17:49.0587 0x09d0 AmdPPM - ok
13:17:49.0589 0x09d0 amdsata - ok
13:17:49.0591 0x09d0 amdsbs - ok
13:17:49.0593 0x09d0 amdxata - ok
13:17:49.0596 0x09d0 AppID - ok
13:17:49.0597 0x09d0 AppIDSvc - ok
13:17:49.0600 0x09d0 Appinfo - ok
13:17:49.0602 0x09d0 AppMgmt - ok
13:17:49.0604 0x09d0 arc - ok
13:17:49.0606 0x09d0 arcsas - ok
13:17:49.0608 0x09d0 asComSvc - ok
13:17:49.0610 0x09d0 AsIO - ok
13:17:49.0614 0x09d0 aspnet_state - ok
13:17:49.0616 0x09d0 AsyncMac - ok
13:17:49.0618 0x09d0 atapi - ok
13:17:49.0621 0x09d0 AtiHDAudioService - ok
13:17:49.0623 0x09d0 AudioEndpointBuilder - ok
13:17:49.0625 0x09d0 AudioSrv - ok
13:17:49.0626 0x09d0 avc3 - ok
13:17:49.0628 0x09d0 avchv - ok
13:17:49.0630 0x09d0 avckf - ok
13:17:49.0631 0x09d0 AxInstSV - ok
13:17:49.0633 0x09d0 b06bdrv - ok
13:17:49.0635 0x09d0 b57nd60a - ok
13:17:49.0637 0x09d0 BdDesktopParental - ok
13:17:49.0639 0x09d0 BDESVC - ok
13:17:49.0640 0x09d0 BdfNdisf - ok
13:17:49.0642 0x09d0 bdfwfpf - ok
13:17:49.0644 0x09d0 bdfwfpf_pc - ok
13:17:49.0646 0x09d0 BDSandBox - ok
13:17:49.0647 0x09d0 Beep - ok
13:17:49.0649 0x09d0 BFE - ok
13:17:49.0651 0x09d0 BITS - ok
13:17:49.0652 0x09d0 blbdrive - ok
13:17:49.0654 0x09d0 bowser - ok
13:17:49.0655 0x09d0 BrFiltLo - ok
13:17:49.0657 0x09d0 BrFiltUp - ok
13:17:49.0658 0x09d0 Browser - ok
13:17:49.0660 0x09d0 Brserid - ok
13:17:49.0661 0x09d0 BrSerWdm - ok
13:17:49.0663 0x09d0 BrUsbMdm - ok
13:17:49.0664 0x09d0 BrUsbSer - ok
13:17:49.0666 0x09d0 BTHMODEM - ok
13:17:49.0668 0x09d0 bthserv - ok
13:17:49.0669 0x09d0 cdfs - ok
13:17:49.0671 0x09d0 cdrom - ok
13:17:49.0673 0x09d0 CertPropSvc - ok
13:17:49.0674 0x09d0 circlass - ok
13:17:49.0676 0x09d0 CLFS - ok
13:17:49.0677 0x09d0 clr_optimization_v2.0.50727_32 - ok
13:17:49.0679 0x09d0 clr_optimization_v2.0.50727_64 - ok
13:17:49.0681 0x09d0 clr_optimization_v4.0.30319_32 - ok
13:17:49.0683 0x09d0 clr_optimization_v4.0.30319_64 - ok
13:17:49.0684 0x09d0 CmBatt - ok
13:17:49.0686 0x09d0 cmdide - ok
13:17:49.0687 0x09d0 CNG - ok
13:17:49.0689 0x09d0 Compbatt - ok
13:17:49.0690 0x09d0 CompositeBus - ok
13:17:49.0692 0x09d0 COMSysApp - ok
13:17:49.0694 0x09d0 crcdisk - ok
13:17:49.0696 0x09d0 CryptSvc - ok
13:17:49.0697 0x09d0 CSC - ok
13:17:49.0699 0x09d0 CscService - ok
13:17:49.0700 0x09d0 CTAudSvcService - ok
13:17:49.0702 0x09d0 cthda - ok
13:17:49.0704 0x09d0 CtHdaSvc - ok
13:17:49.0705 0x09d0 cthdb - ok
13:17:49.0708 0x09d0 DcomLaunch - ok
13:17:49.0709 0x09d0 defragsvc - ok
13:17:49.0711 0x09d0 DfsC - ok
13:17:49.0712 0x09d0 Dhcp - ok
13:17:49.0715 0x09d0 DiagTrack - ok
13:17:49.0736 0x09d0 [ 91DF13EC831BDCFA36A7A12CD13D66B9, 5054281FE91D4BE0DB446F6F30E3D59E669185555F6C20B988DEC250713FFCED ] Disc Soft Lite Bus Service H:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
13:17:49.0752 0x09d0 Disc Soft Lite Bus Service - ok
13:17:49.0761 0x09d0 discache - ok
13:17:49.0763 0x09d0 Disk - ok
13:17:49.0765 0x09d0 dmvsc - ok
13:17:49.0766 0x09d0 Dnscache - ok
13:17:49.0769 0x09d0 dot3svc - ok
13:17:49.0770 0x09d0 DPS - ok
13:17:49.0772 0x09d0 drmkaud - ok
13:17:49.0773 0x09d0 dtlitescsibus - ok
13:17:49.0775 0x09d0 DXGKrnl - ok
13:17:49.0776 0x09d0 EapHost - ok
13:17:49.0778 0x09d0 ebdrv - ok
13:17:49.0779 0x09d0 EFS - ok
13:17:49.0781 0x09d0 ehRecvr - ok
13:17:49.0782 0x09d0 ehSched - ok
13:17:49.0784 0x09d0 elxstor - ok
13:17:49.0785 0x09d0 ErrDev - ok
13:17:49.0788 0x09d0 EventSystem - ok
13:17:49.0810 0x09d0 [ FE18DDEA98D90DBF850AFCA0158ABEC8, 8EC0099B560CC23DA6D26A71A202667D1A7C4BC37CE0F9F3458EA40440541D06 ] Everything H:\Program Files\Everything\Everything.exe
13:17:49.0828 0x09d0 Everything - ok
13:17:49.0830 0x09d0 exfat - ok
13:17:49.0831 0x09d0 fastfat - ok
13:17:49.0833 0x09d0 Fax - ok
13:17:49.0834 0x09d0 fdc - ok
13:17:49.0836 0x09d0 fdPHost - ok
13:17:49.0837 0x09d0 FDResPub - ok
13:17:49.0839 0x09d0 FileInfo - ok
13:17:49.0840 0x09d0 Filetrace - ok
13:17:49.0842 0x09d0 flpydisk - ok
13:17:49.0843 0x09d0 FltMgr - ok
13:17:49.0845 0x09d0 FontCache - ok
13:17:49.0846 0x09d0 FontCache3.0.0.0 - ok
13:17:49.0848 0x09d0 FsDepends - ok
13:17:49.0849 0x09d0 Fs_Rec - ok
13:17:49.0851 0x09d0 fvevol - ok
13:17:49.0852 0x09d0 gagp30kx - ok
13:17:49.0854 0x09d0 gpsvc - ok
13:17:49.0855 0x09d0 gzflt - ok
13:17:49.0857 0x09d0 hcw85cir - ok
13:17:49.0858 0x09d0 HdAudAddService - ok
13:17:49.0860 0x09d0 HDAudBus - ok
13:17:49.0861 0x09d0 HidBatt - ok
13:17:49.0863 0x09d0 HidBth - ok
13:17:49.0864 0x09d0 HidIr - ok
13:17:49.0866 0x09d0 hidserv - ok
13:17:49.0867 0x09d0 HidUsb - ok
13:17:49.0869 0x09d0 hkmsvc - ok
13:17:49.0870 0x09d0 HomeGroupListener - ok
13:17:49.0872 0x09d0 HomeGroupProvider - ok
13:17:49.0873 0x09d0 HpSAMD - ok
13:17:49.0874 0x09d0 HTTP - ok
13:17:49.0876 0x09d0 hwpolicy - ok
13:17:49.0878 0x09d0 i8042prt - ok
13:17:49.0879 0x09d0 iaStorA - ok
13:17:49.0881 0x09d0 IAStorDataMgrSvc - ok
13:17:49.0883 0x09d0 iaStorF - ok
13:17:49.0884 0x09d0 iaStorV - ok
13:17:49.0886 0x09d0 idsvc - ok
13:17:49.0888 0x09d0 IEEtwCollectorService - ok
13:17:49.0889 0x09d0 iirsp - ok
13:17:49.0891 0x09d0 IKEEXT - ok
13:17:49.0893 0x09d0 IntcAzAudAddService - ok
13:17:49.0896 0x09d0 Intel(R) Capability Licensing Service Interface - ok
13:17:49.0897 0x09d0 Intel(R) Capability Licensing Service TCP IP Interface - ok
13:17:49.0899 0x09d0 intelide - ok
13:17:49.0901 0x09d0 intelppm - ok
13:17:49.0902 0x09d0 IPBusEnum - ok
13:17:49.0904 0x09d0 IpFilterDriver - ok
13:17:49.0905 0x09d0 iphlpsvc - ok
13:17:49.0907 0x09d0 IPMIDRV - ok
13:17:49.0908 0x09d0 IPNAT - ok
13:17:49.0909 0x09d0 IRENUM - ok
13:17:49.0911 0x09d0 isapnp - ok
13:17:49.0912 0x09d0 iScsiPrt - ok
13:17:49.0914 0x09d0 iusb3hcs - ok
13:17:49.0915 0x09d0 iusb3hub - ok
13:17:49.0917 0x09d0 iusb3xhc - ok
13:17:49.0919 0x09d0 jhi_service - ok
13:17:49.0920 0x09d0 kbdclass - ok
13:17:49.0922 0x09d0 kbdhid - ok
13:17:49.0923 0x09d0 KeyIso - ok
13:17:49.0925 0x09d0 KSecDD - ok
13:17:49.0926 0x09d0 KSecPkg - ok
13:17:49.0928 0x09d0 ksthunk - ok
13:17:49.0929 0x09d0 KtmRm - ok
13:17:49.0931 0x09d0 LanmanServer - ok
13:17:49.0932 0x09d0 LanmanWorkstation - ok
13:17:49.0935 0x09d0 lltdio - ok
13:17:49.0936 0x09d0 lltdsvc - ok
13:17:49.0938 0x09d0 lmhosts - ok
13:17:49.0939 0x09d0 LMS - ok
13:17:49.0942 0x09d0 LSI_FC - ok
13:17:49.0943 0x09d0 LSI_SAS - ok
13:17:49.0945 0x09d0 LSI_SAS2 - ok
13:17:49.0947 0x09d0 LSI_SCSI - ok
13:17:49.0948 0x09d0 luafv - ok
13:17:49.0950 0x09d0 MBAMProtector - ok
13:17:49.0975 0x09d0 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler H:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
13:17:49.0994 0x09d0 MBAMScheduler - ok
13:17:50.0013 0x09d0 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService H:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
13:17:50.0027 0x09d0 MBAMService - ok
13:17:50.0029 0x09d0 MBAMWebAccessControl - ok
13:17:50.0031 0x09d0 Mcx2Svc - ok
13:17:50.0034 0x09d0 megasas - ok
13:17:50.0036 0x09d0 MegaSR - ok
13:17:50.0038 0x09d0 MEIx64 - ok
13:17:50.0040 0x09d0 MMCSS - ok
13:17:50.0042 0x09d0 Modem - ok
13:17:50.0044 0x09d0 monitor - ok
13:17:50.0046 0x09d0 mouclass - ok
13:17:50.0048 0x09d0 mouhid - ok
13:17:50.0051 0x09d0 mountmgr - ok
13:17:50.0054 0x09d0 MozillaMaintenance - ok
13:17:50.0056 0x09d0 mpio - ok
13:17:50.0057 0x09d0 mpsdrv - ok
13:17:50.0059 0x09d0 MpsSvc - ok
13:17:50.0060 0x09d0 MRxDAV - ok
13:17:50.0062 0x09d0 mrxsmb - ok
13:17:50.0063 0x09d0 mrxsmb10 - ok
13:17:50.0065 0x09d0 mrxsmb20 - ok
13:17:50.0066 0x09d0 msahci - ok
13:17:50.0068 0x09d0 msdsm - ok
13:17:50.0069 0x09d0 MSDTC - ok
13:17:50.0072 0x09d0 Msfs - ok
13:17:50.0073 0x09d0 mshidkmdf - ok
13:17:50.0075 0x09d0 msisadrv - ok
13:17:50.0076 0x09d0 MSiSCSI - ok
13:17:50.0078 0x09d0 msiserver - ok
13:17:50.0080 0x09d0 MSKSSRV - ok
13:17:50.0081 0x09d0 MSPCLOCK - ok
13:17:50.0083 0x09d0 MSPQM - ok
13:17:50.0084 0x09d0 MsRPC - ok
13:17:50.0086 0x09d0 mssmbios - ok
13:17:50.0088 0x09d0 MSTEE - ok
13:17:50.0089 0x09d0 MTConfig - ok
13:17:50.0091 0x09d0 Mup - ok
13:17:50.0092 0x09d0 napagent - ok
13:17:50.0094 0x09d0 NativeWifiP - ok
13:17:50.0095 0x09d0 NDIS - ok
13:17:50.0097 0x09d0 NdisCap - ok
13:17:50.0099 0x09d0 NdisTapi - ok
13:17:50.0100 0x09d0 Ndisuio - ok
13:17:50.0102 0x09d0 NdisWan - ok
13:17:50.0103 0x09d0 NDProxy - ok
13:17:50.0105 0x09d0 NetBIOS - ok
13:17:50.0106 0x09d0 NetBT - ok
13:17:50.0109 0x09d0 Netlogon - ok
13:17:50.0111 0x09d0 Netman - ok
13:17:50.0113 0x09d0 NetMsmqActivator - ok
13:17:50.0116 0x09d0 NetPipeActivator - ok
13:17:50.0118 0x09d0 netprofm - ok
13:17:50.0120 0x09d0 NetTcpActivator - ok
13:17:50.0123 0x09d0 NetTcpPortSharing - ok
13:17:50.0125 0x09d0 nfrd960 - ok
13:17:50.0127 0x09d0 NlaSvc - ok
13:17:50.0129 0x09d0 NPF - ok
13:17:50.0130 0x09d0 Npfs - ok
13:17:50.0132 0x09d0 nsi - ok
13:17:50.0133 0x09d0 nsiproxy - ok
13:17:50.0136 0x09d0 Ntfs - ok
13:17:50.0137 0x09d0 Null - ok
13:17:50.0139 0x09d0 nusb3hub - ok
13:17:50.0140 0x09d0 nusb3xhc - ok
13:17:50.0142 0x09d0 nvraid - ok
13:17:50.0143 0x09d0 nvstor - ok
13:17:50.0145 0x09d0 nv_agp - ok
13:17:50.0147 0x09d0 ohci1394 - ok
13:17:50.0148 0x09d0 p2pimsvc - ok
13:17:50.0150 0x09d0 p2psvc - ok
13:17:50.0151 0x09d0 Parport - ok
13:17:50.0153 0x09d0 partmgr - ok
13:17:50.0155 0x09d0 PcaSvc - ok
13:17:50.0156 0x09d0 pci - ok
13:17:50.0158 0x09d0 pciide - ok
13:17:50.0159 0x09d0 pcmcia - ok
13:17:50.0161 0x09d0 pcw - ok
13:17:50.0163 0x09d0 PEAUTH - ok
13:17:50.0164 0x09d0 PeerDistSvc - ok
13:17:50.0166 0x09d0 PerfHost - ok
13:17:50.0170 0x09d0 pla - ok
13:17:50.0172 0x09d0 PlugPlay - ok
13:17:50.0174 0x09d0 PNRPAutoReg - ok
13:17:50.0175 0x09d0 PNRPsvc - ok
13:17:50.0177 0x09d0 PolicyAgent - ok
13:17:50.0180 0x09d0 postgresql-8.4 - ok
13:17:50.0182 0x09d0 Power - ok
13:17:50.0183 0x09d0 PptpMiniport - ok
13:17:50.0185 0x09d0 Processor - ok
13:17:50.0186 0x09d0 ProfSvc - ok
13:17:50.0188 0x09d0 ProtectedStorage - ok
13:17:50.0189 0x09d0 Psched - ok
13:17:50.0191 0x09d0 ql2300 - ok
13:17:50.0193 0x09d0 ql40xx - ok
13:17:50.0194 0x09d0 QWAVE - ok
13:17:50.0195 0x09d0 QWAVEdrv - ok
13:17:50.0197 0x09d0 RasAcd - ok
13:17:50.0199 0x09d0 RasAgileVpn - ok
13:17:50.0201 0x09d0 RasAuto - ok
13:17:50.0202 0x09d0 Rasl2tp - ok
13:17:50.0204 0x09d0 RasMan - ok
13:17:50.0206 0x09d0 RasPppoe - ok
13:17:50.0207 0x09d0 RasSstp - ok
13:17:50.0209 0x09d0 rdbss - ok
13:17:50.0210 0x09d0 rdpbus - ok
13:17:50.0212 0x09d0 RDPCDD - ok
13:17:50.0214 0x09d0 RDPDR - ok
13:17:50.0216 0x09d0 RDPENCDD - ok
13:17:50.0219 0x09d0 RDPREFMP - ok
13:17:50.0222 0x09d0 RdpVideoMiniport - ok
13:17:50.0223 0x09d0 RDPWD - ok
13:17:50.0225 0x09d0 rdyboost - ok
13:17:50.0227 0x09d0 RemoteAccess - ok
13:17:50.0229 0x09d0 RemoteRegistry - ok
13:17:50.0230 0x09d0 rpcapd - ok
13:17:50.0232 0x09d0 RpcEptMapper - ok
13:17:50.0233 0x09d0 RpcLocator - ok
13:17:50.0235 0x09d0 RpcSs - ok
13:17:50.0237 0x09d0 rspndr - ok
13:17:50.0239 0x09d0 RTL8167 - ok
13:17:50.0241 0x09d0 s3cap - ok
13:17:50.0242 0x09d0 SamSs - ok
13:17:50.0251 0x09d0 [ D2FA15AED5CEB66259F24B656A76B663, 009D273CFA4B2D7BBBFB69C7F722DC5F7AB3AA2562A66695ECAE6D30D5B997CD ] SbieDrv G:\Program Files\Sandboxie\SbieDrv.sys
13:17:50.0253 0x09d0 SbieDrv - ok
13:17:50.0258 0x09d0 [ B93AC7F63D395F19B3C77680FD84833D, BBCC7BA27A305E4E07F82AF11FF8A0E258DDB67E36BE5E74389A27A7D2DD5A05 ] SbieSvc G:\Program Files\Sandboxie\SbieSvc.exe
13:17:50.0261 0x09d0 SbieSvc - ok
13:17:50.0262 0x09d0 sbp2port - ok
13:17:50.0264 0x09d0 SCardSvr - ok
13:17:50.0265 0x09d0 scfilter - ok
13:17:50.0267 0x09d0 Schedule - ok
13:17:50.0269 0x09d0 SCPolicySvc - ok
13:17:50.0270 0x09d0 SDRSVC - ok
13:17:50.0272 0x09d0 secdrv - ok
13:17:50.0274 0x09d0 seclogon - ok
13:17:50.0275 0x09d0 SENS - ok
13:17:50.0277 0x09d0 SensrSvc - ok
13:17:50.0279 0x09d0 Serenum - ok
13:17:50.0281 0x09d0 Serial - ok
13:17:50.0283 0x09d0 sermouse - ok
13:17:50.0287 0x09d0 SessionEnv - ok
13:17:50.0288 0x09d0 sffdisk - ok
13:17:50.0290 0x09d0 sffp_mmc - ok
13:17:50.0292 0x09d0 sffp_sd - ok
13:17:50.0293 0x09d0 sfloppy - ok
13:17:50.0295 0x09d0 SharedAccess - ok
13:17:50.0296 0x09d0 ShellHWDetection - ok
13:17:50.0298 0x09d0 SiSRaid2 - ok
13:17:50.0300 0x09d0 SiSRaid4 - ok
13:17:50.0301 0x09d0 Smb - ok
13:17:50.0305 0x09d0 SNMPTRAP - ok
13:17:50.0307 0x09d0 spldr - ok
13:17:50.0308 0x09d0 Spooler - ok
13:17:50.0310 0x09d0 sppsvc - ok
13:17:50.0312 0x09d0 sppuinotify - ok
13:17:50.0314 0x09d0 sptd - ok
13:17:50.0315 0x09d0 srv - ok
13:17:50.0317 0x09d0 srv2 - ok
13:17:50.0318 0x09d0 srvnet - ok
13:17:50.0320 0x09d0 SSDPSRV - ok
13:17:50.0322 0x09d0 SstpSvc - ok
13:17:50.0324 0x09d0 Steam Client Service - ok
13:17:50.0325 0x09d0 stexstor - ok
13:17:50.0327 0x09d0 stisvc - ok
13:17:50.0329 0x09d0 storflt - ok
13:17:50.0330 0x09d0 StorSvc - ok
13:17:50.0332 0x09d0 storvsc - ok
13:17:50.0334 0x09d0 swenum - ok
13:17:50.0336 0x09d0 swprv - ok
13:17:50.0338 0x09d0 SysMain - ok
13:17:50.0339 0x09d0 TabletInputService - ok
13:17:50.0341 0x09d0 TapiSrv - ok
13:17:50.0343 0x09d0 TBS - ok
13:17:50.0345 0x09d0 Tcpip - ok
13:17:50.0347 0x09d0 TCPIP6 - ok
13:17:50.0349 0x09d0 tcpipreg - ok
13:17:50.0352 0x09d0 TDPIPE - ok
13:17:50.0353 0x09d0 TDTCP - ok
13:17:50.0355 0x09d0 tdx - ok
13:17:50.0357 0x09d0 TermDD - ok
13:17:50.0358 0x09d0 TermService - ok
13:17:50.0360 0x09d0 Themes - ok
13:17:50.0362 0x09d0 THREADORDER - ok
13:17:50.0364 0x09d0 TrkWks - ok
13:17:50.0366 0x09d0 trufos - ok
13:17:50.0368 0x09d0 TrustedInstaller - ok
13:17:50.0371 0x09d0 tssecsrv - ok
13:17:50.0373 0x09d0 TsUsbFlt - ok
13:17:50.0375 0x09d0 TsUsbGD - ok
13:17:50.0377 0x09d0 tunnel - ok
13:17:50.0379 0x09d0 uagp35 - ok
13:17:50.0380 0x09d0 udfs - ok
13:17:50.0384 0x09d0 UI0Detect - ok
13:17:50.0386 0x09d0 uliagpkx - ok
13:17:50.0387 0x09d0 umbus - ok
13:17:50.0389 0x09d0 UmPass - ok
13:17:50.0391 0x09d0 UmRdpService - ok
13:17:50.0393 0x09d0 UPDATESRV - ok
13:17:50.0395 0x09d0 upnphost - ok
13:17:50.0397 0x09d0 usbccgp - ok
13:17:50.0399 0x09d0 usbcir - ok
13:17:50.0400 0x09d0 usbehci - ok
13:17:50.0402 0x09d0 usbhub - ok
13:17:50.0404 0x09d0 usbohci - ok
13:17:50.0406 0x09d0 usbprint - ok
13:17:50.0408 0x09d0 usbscan - ok
13:17:50.0410 0x09d0 USBSTOR - ok
13:17:50.0412 0x09d0 usbuhci - ok
13:17:50.0414 0x09d0 UxSms - ok
13:17:50.0415 0x09d0 VaultSvc - ok
13:17:50.0417 0x09d0 VClone - ok
13:17:50.0419 0x09d0 vdrvroot - ok
13:17:50.0421 0x09d0 vds - ok
13:17:50.0424 0x09d0 veracrypt - ok
13:17:50.0426 0x09d0 vga - ok
13:17:50.0427 0x09d0 VgaSave - ok
13:17:50.0429 0x09d0 vhdmp - ok
13:17:50.0431 0x09d0 viaide - ok
13:17:50.0432 0x09d0 vmbus - ok
13:17:50.0434 0x09d0 VMBusHID - ok
13:17:50.0436 0x09d0 volmgr - ok
13:17:50.0437 0x09d0 volmgrx - ok
13:17:50.0439 0x09d0 volsnap - ok
13:17:50.0441 0x09d0 vsmraid - ok
13:17:50.0442 0x09d0 VSS - ok
13:17:50.0444 0x09d0 VSSERV - ok
13:17:50.0446 0x09d0 vwifibus - ok
13:17:50.0448 0x09d0 W32Time - ok
13:17:50.0451 0x09d0 WacomPen - ok
13:17:50.0453 0x09d0 WANARP - ok
13:17:50.0455 0x09d0 Wanarpv6 - ok
13:17:50.0456 0x09d0 wbengine - ok
13:17:50.0458 0x09d0 WbioSrvc - ok
13:17:50.0460 0x09d0 wcncsvc - ok
13:17:50.0462 0x09d0 WcsPlugInService - ok
13:17:50.0463 0x09d0 Wd - ok
13:17:50.0465 0x09d0 Wdf01000 - ok
13:17:50.0467 0x09d0 WdiServiceHost - ok
13:17:50.0468 0x09d0 WdiSystemHost - ok
13:17:50.0470 0x09d0 WebClient - ok
13:17:50.0472 0x09d0 Wecsvc - ok
13:17:50.0474 0x09d0 wercplsupport - ok
13:17:50.0476 0x09d0 WerSvc - ok
13:17:50.0477 0x09d0 WfpLwf - ok
13:17:50.0479 0x09d0 WIMMount - ok
13:17:50.0481 0x09d0 WinDefend - ok
13:17:50.0485 0x09d0 WinHttpAutoProxySvc - ok
13:17:50.0487 0x09d0 Winmgmt - ok
13:17:50.0489 0x09d0 WinRM - ok
13:17:50.0493 0x09d0 WinUsb - ok
13:17:50.0495 0x09d0 Wlansvc - ok
13:17:50.0497 0x09d0 WmiAcpi - ok
13:17:50.0499 0x09d0 wmiApSrv - ok
13:17:50.0502 0x09d0 WMPNetworkSvc - ok
13:17:50.0503 0x09d0 WPCSvc - ok
13:17:50.0505 0x09d0 WPDBusEnum - ok
13:17:50.0507 0x09d0 ws2ifsl - ok
13:17:50.0509 0x09d0 wscsvc - ok
13:17:50.0511 0x09d0 WSearch - ok
13:17:50.0513 0x09d0 wuauserv - ok
13:17:50.0515 0x09d0 WudfPf - ok
13:17:50.0518 0x09d0 WUDFRd - ok
13:17:50.0519 0x09d0 wudfsvc - ok
13:17:50.0521 0x09d0 WwanSvc - ok
13:17:50.0524 0x09d0 ================ Scan global ===============================
13:17:50.0524 0x09d0 [ Global ] - ok
13:17:50.0525 0x09d0 ================ Scan MBR ==================================
13:17:50.0526 0x09d0 [ D491C1A68235950313B436BD1ED4CC04 ] \Device\Harddisk0\DR0
13:17:50.0937 0x09d0 \Device\Harddisk0\DR0 - ok
13:17:50.0940 0x09d0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:17:50.0944 0x09d0 \Device\Harddisk1\DR1 - ok
13:17:50.0945 0x09d0 [ 017E003AB27B155B3A606EB18257FC5D ] \Device\Harddisk2\DR2
13:17:51.0016 0x09d0 \Device\Harddisk2\DR2 - ok
13:17:51.0017 0x09d0 ================ Scan VBR ==================================
13:17:51.0020 0x09d0 [ A5A0E0F872BECFC93126FBE5E8A72988 ] \Device\Harddisk0\DR0\Partition1
13:17:51.0021 0x09d0 \Device\Harddisk0\DR0\Partition1 - ok
13:17:51.0025 0x09d0 [ 2049B06B1D48AD3B710F37A5F19FB60A ] \Device\Harddisk0\DR0\Partition2
13:17:51.0027 0x09d0 \Device\Harddisk0\DR0\Partition2 - ok
13:17:51.0034 0x09d0 [ 8028AB451C831416C2EF0B11A17D7F86 ] \Device\Harddisk1\DR1\Partition1
13:17:51.0037 0x09d0 \Device\Harddisk1\DR1\Partition1 - ok
13:17:51.0039 0x09d0 [ E41CF0948EDDE5F2FC42519ABB6262AC ] \Device\Harddisk1\DR1\Partition2
13:17:51.0040 0x09d0 \Device\Harddisk1\DR1\Partition2 - ok
13:17:51.0042 0x09d0 [ 6077C790CF31B3466A46025C5918B301 ] \Device\Harddisk2\DR2\Partition1
13:17:51.0043 0x09d0 \Device\Harddisk2\DR2\Partition1 - ok
13:17:51.0043 0x09d0 ================ Scan generic autorun ======================
13:17:51.0043 0x09d0 Bdagent - ok
13:17:51.0045 0x09d0 StartCN - ok
13:17:51.0066 0x09d0 [ C6187854FFDB7B45831BE4372754F301, B007846CA450F3B5E18A10656357E991CBC385C1B883185CAF977005BF3E21CE ] F:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
13:17:51.0081 0x09d0 Sound Blaster Z-Series Control Panel - ok
13:17:51.0082 0x09d0 Sidebar - ok
13:17:51.0084 0x09d0 mctadmin - ok
13:17:51.0085 0x09d0 Sidebar - ok
13:17:51.0086 0x09d0 mctadmin - ok
13:17:51.0088 0x09d0 Bitdefender-Geldbörse-Agent - ok
13:17:51.0104 0x09d0 [ 8559C71A3253D15506A61F8F508219CA, 7126635F6D9295178966949FA1E91E4B6F83040095F5346729EBEF0657FCFED2 ] G:\Program Files\Sandboxie\SbieCtrl.exe
13:17:51.0113 0x09d0 SandboxieControl - ok
13:17:51.0158 0x09d0 [ 7AB06BB56EA5AAB7340CDCED56A0486F, 2992F9DD854ADE90EA734F01B41FEE12C4080A82B564BF3D20B08ED54380AFB9 ] F:\Program Files (x86)\Steam\steam.exe
13:17:51.0193 0x09d0 Steam - ok
13:17:51.0195 0x09d0 Report - ok
13:17:51.0210 0x09d0 [ 8559C71A3253D15506A61F8F508219CA, 7126635F6D9295178966949FA1E91E4B6F83040095F5346729EBEF0657FCFED2 ] G:\Program Files\Sandboxie\SbieCtrl.exe
13:17:51.0219 0x09d0 SandboxieControl - ok
13:17:51.0219 0x09d0 Bitdefender-Geldbörse-Agent - ok
13:17:51.0342 0x09d0 [ 40335C8877B6B84842AF03A40E1BB206, 33433ED8961B1AEEBD30F8DD53A541C711C403D019F1074406FF9C9D1E9F4113 ] H:\Program Files\CCleaner\CCleaner64.exe
13:17:51.0438 0x09d0 CCleaner Monitoring - ok
13:17:51.0443 0x09d0 Sidebar - ok
13:17:51.0444 0x09d0 mctadmin - ok
13:17:51.0445 0x09d0 Sidebar - ok
13:17:51.0462 0x09d0 [ 8559C71A3253D15506A61F8F508219CA, 7126635F6D9295178966949FA1E91E4B6F83040095F5346729EBEF0657FCFED2 ] G:\Program Files\Sandboxie\SbieCtrl.exe
13:17:51.0471 0x09d0 SandboxieControl - ok
13:17:51.0472 0x09d0 Bitdefender-Geldbörse-Agent - ok
13:17:51.0516 0x09d0 [ 7AB06BB56EA5AAB7340CDCED56A0486F, 2992F9DD854ADE90EA734F01B41FEE12C4080A82B564BF3D20B08ED54380AFB9 ] F:\Program Files (x86)\Steam\steam.exe
13:17:51.0550 0x09d0 Steam - ok
13:17:51.0615 0x09d0 [ 3D5D4137594D2EBA8868EAD504B89366, D5FEB5B8303B083A79A4617E59B2FB34FAD71BE72F3F8DD6E4B69B3D03FE658A ] H:\Program Files\DAEMON Tools Lite\DTAgent.exe
13:17:51.0665 0x09d0 DAEMON Tools Lite Automount - ok
13:17:51.0669 0x09d0 mctadmin - ok
13:17:51.0670 0x09d0 CTAutoUpdate - ok
13:17:51.0671 0x09d0 InetReg - ok
13:17:51.0672 0x09d0 Waiting for KSN requests completion. In queue: 14
13:17:52.0672 0x09d0 Waiting for KSN requests completion. In queue: 14
13:17:53.0672 0x09d0 Waiting for KSN requests completion. In queue: 14
13:17:54.0015 0x0f84 Object required for P2P: [ 7AB06BB56EA5AAB7340CDCED56A0486F ] F:\Program Files (x86)\Steam\steam.exe
13:17:54.0672 0x09d0 Waiting for KSN requests completion. In queue: 4
13:17:55.0672 0x09d0 Waiting for KSN requests completion. In queue: 4
13:17:56.0563 0x0f84 Object send P2P result: true
13:17:56.0563 0x0f84 Object required for P2P: [ 7AB06BB56EA5AAB7340CDCED56A0486F ] F:\Program Files (x86)\Steam\steam.exe
13:17:56.0672 0x09d0 Waiting for KSN requests completion. In queue: 3
13:17:57.0672 0x09d0 Waiting for KSN requests completion. In queue: 3
13:17:58.0672 0x09d0 Waiting for KSN requests completion. In queue: 3
13:17:59.0046 0x0f84 Object send P2P result: true
13:17:59.0714 0x09d0 AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41000 ( enabled : updated )
13:17:59.0717 0x09d0 FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41010 ( enabled )
13:18:02.0083 0x09d0 ============================================================
13:18:02.0083 0x09d0 Scan finished
13:18:02.0083 0x09d0 ============================================================
13:18:02.0099 0x0af0 Detected object count: 0
13:18:02.0099 0x0af0 Actual detected object count: 0
Alles komisch... Geändert von Timm09 (21.12.2015 um 13:40 Uhr) |
| Themen zu PE:Malware.Generic(Thunder)!1.A1C4 [F] in mehreren Exe-Dateien |
| bitdefender, daten, deaktiviert, defender, down, eingestuft, erkennt, exe, exe-dateien, explorer, funktion, infiziert, infizierte, malware, mehreren, monitoring, pe:malware.generic(thunder)!1.a1c4 [f], process, selbstständig, selbständig, tagen, verdacht, verteilt, virus, virustotal, wichtige, win7, windows-update |
![PE:Malware.Generic(Thunder)!1.A1C4 [F] in mehreren Exe-Dateien](iconimages/log-analyse-auswertung/pe-malware-generic-thunder-1-a1c4-f-mehreren-exe-dateien_ltr.gif)
Baum-Darstellung