| |
| |||||||
Log-Analyse und Auswertung: AVCare, Win32Trojan.TDss und mehr ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.08.2009, 13:44
| #1 |
 |  AVCare, Win32Trojan.TDss und mehr ? Hallo, ich habe mir gestern so gegen 23.00 AVCare eingefangen, des weiteren fielen mir ein Prozess msa.exe und eine beim Systemstart ausgeführte b.exe auf. Symptome waren neben dem nervenden AVCare ein paar Systemabstürze und beim darauffolgenden Neustart ein schwarzer Bildschirm mit bewegbarer Maus (Icon:Uhrenglas) statt des Anmeldebildschirms, Ein weiterer Neustart verlief dann "normal". Avira AntiVir startete seitdem aber den Guard nicht mehr. Die Dateien von AVCare habe ich nach einer Anleitung von www*411-spyware*com_de_avcare-entfernen gelöscht, ebenso die msa.exe aus C:\Windows. Unter C:\Dokumente und Einstellungen\*Name*\Lokale Einstellungen\Temp\ fanden sich; - a.exe, b.exe, c.exe - eine Launcher.exe (Icon:Borland C++ Builder) die höchstwahrscheinlich unschuldig war. Auch diese Dateien habe ich gelöscht und nach einem Neustart waren keine auffälligen Einträge mehr zu entdecken. Antivir startete aber immernoch nicht den Guard, also unter services.msc den StartTyp auf Auto gesetzt. Jetzt ist der Schirm zwar auf, aber so richtig traute ich dem ganzen nicht. AdAware zurategezogen und beim Intelligenten Scan "Win32Trojan.TDss" und ein paar Cookies gefunden, leider endete der Entfernvorgang aber mit einer Fehlermeldung und der zweimaligen Aufforderung einen Fehlerbericht an den Hersteller zu senden. Die Recherche im Internet führte mich dann wieder auf ein paar Threads hier im Forum, die Programme um das Rootkit (und was sonst noch so da ist) zu entfernen waren mir zu speziell und griffen zu stark ins System ein um sie auszuprobieren. Also liess ich die Finger davon. Vermutlich hätte ich so eine Idee schon ganz am Anfang haben sollen und nicht versuchen das ganze alleine zu lösen, ich hatte aber nicht mit einem solch schwerwiegenden und widerstandsfähigen Befall gerechnet. (Das Ding kann sich immerhin gegen viele Sachen wehren) Malware Bytes Programm liess sich zuerst natürlich nicht richtig installieren. Am Ende startet der Prozess mbam.exe und das Setup bleibt beim Beenden hängen, startet man das Programm so erscheint wieder besagter Prozess, dummerweise aber kein passendes Fenster. Das Starten von einer "Kopie von mbam.exe" funktioniert zwar aber der Entfernvorgang ist nutzlos, da nach dem notwendigen Neustart alles beim alten zu sein scheint, denn zumindest finden Prevx und AdAware immernoch Sachen. Den Rat im abges. Modus UAC****** und Co zu entfernen habe ich auch befolgen wollen, dummerweise konnte ich diese Einträge nicht finden (Prevx meldet aber 4x uac***.dll und 1x uac***.sys). Als Vorbereitung auf diesen Thread habe ich CCleaner durchlaufen lassen (und u.a. den Verlauf habe ich aber nicht löschen lassen) und dieser hat vermutlich auch die b.exe aus dem Autostart entfernt. Ich bin mir inzwischen unsicher was sich alles eingeschlichen hat, gehören -AVCare -msa.exe - a|b|c.exe -Win32Trojan.TDSss denn alle zusammen ? Benutzen kann ich im Moment die meisten Programme normal und ohne merkliche Geschwindigkeitseinbußen. Auch ein kleiner Blick auf den Netzwerkverkehr (Ethereal) bleibt ohne Befund. Hier im Forum habe ich bereits ein paar Beiträge gefunden die sich mit einem ähnlichen oder sogar demselben Krankheitsbild beschäftigen und wie geschildert habe ich versucht Teile davon umzusetzen. Ich werde jetzt versuchen mich am Riemen zu reißen und nicht mehr am System rumdoktorn. Ich hoffe das mir jemand hilft das System wieder von dem Befall oder den Befällen zu befreien. Bitte nicht schlagen, aber mit HijackThis habe ich ganz am Anfang auch schon ein wenig gearbeitet, weil ich damit mal vor längerer Zeit ein anderes Anhängsel losgeworden bin. Hier das aktuelle Log (CAPM4RSK.EXE und CAPM4SWK.EXE gehören zu einem Netzwerkdrucker): Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:29:00, on 08/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\WINDOWS\Explorer.EXE C:\Programme\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\taskswitch.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\Prevx\prevx.exe E:\HDV3\DTemp\DTemp.exe C:\Programme\Borland\InterBase\bin\ibguard.exe C:\WINDOWS\System32\svchost.exe C:\remindme\RemindMe.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Prevx\prevx.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\devldr32.exe C:\npp\notepad++.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Mozilla Firefox\firefox.exe D:\bases\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware (reboot)] "F:\Programme\Mabytes\Kopie von mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: *.otherchance.com O15 - Trusted Zone: *.whatsnew.name O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906 O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 1: (no name) - http://www.tomshardware.de/ O24 - Desktop Component 2: (no name) - C:\Dokumente und Einstellungen\*User*\Desktop\Neu Textdokument (4).html -- End of file - 8793 bytes Code:
ATTFilter O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
|
|
20.08.2009, 14:14
| #2 | |
| /// Helfer-Team    | AVCare, Win32Trojan.TDss und mehr ? Hallo und Herzlich Willkommen!
__________________ Was ist ein Rootkit? (Professionelle Erklärung von `Wikipedia` und Kaspersky - bitte unbedingt lesen!: (englisch etwa: „Administratorenbausatz“; root ist unter unixoiden und unixähnlichen Betriebssystemen der Benutzer mit Administratorrechten) ist eine Sammlung von Softwarewerkzeugen, die nach dem Einbruch in ein Computersystem auf dem kompromittierten System installiert wird, um zukünftige Logins des Eindringlings zu verbergen und Prozesse und Dateien zu verstecken) Wie übertragen sich Rootkits? ►Da eine hundertprozentige Erkennung von Rootkits unmöglich ist, ist die beste Methode zur Entfernung die komplette Neuinstallation. Rootkit/wikipedia.org Falls Du dein System doch reinigen möchtest: - Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen:: → Klicke unter Start auf Arbeitsplatz. → Klicke im Menü Extras auf Ordneroptionen. → Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen → Geschützte und Systemdateien ausblenden → Haken entfernen → Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen. → Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 2. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! 3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! 5. Lade und installiere das Tool RootRepeal herunter - setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK" - nach der Scan, klick auf "Save Report" - speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread ** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw gruß Coverflow |
|
20.08.2009, 21:25
| #3 |
| | AVCare, Win32Trojan.TDss und mehr ? Ich habe jetzt mehrmals versucht mit GMER das System zu scannen und jedesmal scheint er etwas weiter zu kommen, bevor er aufhört.
__________________Dann geht nichts mehr, ein paar Klicks sind vielleicht noch möglich, aber selbst die Systemuhr wird dabei schon nicht mehr aktualisiert und auch die Festplatte hat dann schon länger aufgehört zu rattern. Wie lange dauert ein erfolgreicher Scan bei ~20GB ungefähr auf einem P4 3 GHz, 3 oder eher 10 Stunden ? Wenn ich das Programm starte wird direkt angefangen zu scannen, dann wird ein Komplett-Scan empfohlen welcher wie gesagt noch nicht durchgelaufen ist. Ich werds weiter versuchen, die Punkte davor hab ich schon abgearbeitet, aber hier komm ich noch nicht voran da das scannen ja leider sehr langsam ist. Nur um sicherzugehen, dieser komplette Scan ist erforderlich die Einträge die ganz am Anfang oder innerhalb der ersten halben Stunde gefunden werden reichen nicht ? Es scheinen keine neuen Einträge hinzuzukommen oder zumindest sieht es so aus wenn man auf die dicke des Balkens in der Scrollleiste achtet. Ein weiterer Versuch dürfte gleich wieder scheitern, ich häng dann die Berichte der ersten drei Punkte an. |
|
21.08.2009, 00:11
| #4 |
| | AVCare, Win32Trojan.TDss und mehr ? Ich bzw. Gmer hat es wieder nicht geschafft, gibt es überhaupt eine Meldung wenn er fertig ist ? Bin ich einfach zu ungeduldig und nach 12h scheinbarem Nichtstun ist er dann durch ? Ich versuchs weiter. Aufgabenliste: 1. Ist (bei mir) Standard 2. filelist 1.Teil Code:
ATTFilter <----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8435-0B01
Verzeichnis von C:\
08/20/2009 17:30 43 filelist.txt
08/20/2009 17:21 2.146.226.176 hiberfil.sys
08/20/2009 17:21 805.306.368 pagefile.sys
08/20/2009 02:17 211 boot.ini
04/20/2009 22:12 206 Statistik.txt
04/06/2009 01:23 13.030 PDOXUSRS.NET
03/03/2009 01:48 3.361 LGSInst.Log
----- Windows --------------------------
Verzeichnis von C:\WINDOWS
08/20/2009 17:22 0 0.log
08/20/2009 17:22 157 wiadebug.log
08/20/2009 17:22 1.358.455 WindowsUpdate.log
08/20/2009 17:22 50 wiaservc.log
08/20/2009 17:22 2.256 axcapmon.log
08/20/2009 17:21 2.048 bootstat.dat
08/20/2009 14:45 2.582 axcapmon.bak
08/20/2009 14:45 32.540 SchedLgU.Txt
08/20/2009 12:08 121 WinInit.ini
08/20/2009 12:02 499.150 setupapi.log
08/20/2009 11:57 476.198 ntbtlog.txt
08/20/2009 02:17 261 SYSTEM.INI
08/20/2009 02:17 11.427 win.ini
08/19/2009 23:19 10 run.log
08/19/2009 23:19 12 srun.log
08/17/2009 21:41 49 NeroDigital.ini
08/17/2009 20:11 3.937 scad3.INI
08/14/2009 22:27 244.987 wmsetup.log
08/11/2009 23:23 54.156 QTFont.qfn
08/10/2009 21:20 197.737 War3Unin.dat
07/24/2009 12:41 199.608 setupact.log
07/16/2009 11:40 80.030 spupdsvc.log
07/16/2009 11:39 352 spupdsvc.log.1.log
07/15/2009 21:43 1.878.390 iis6.log
07/15/2009 21:43 486.633 comsetup.log
07/15/2009 21:43 300.715 ntdtcsetup.log
07/15/2009 21:43 1.374 imsins.log
07/15/2009 21:43 739.451 tsoc.log
07/15/2009 21:43 78.871 ocmsn.log
07/15/2009 21:43 78.175 tabletoc.log
07/15/2009 21:43 85.547 KB973346.log
07/15/2009 21:43 276.519 netfxocm.log
07/15/2009 21:43 106.872 medctroc.Log
07/15/2009 21:43 813.466 ocgen.log
07/15/2009 21:43 80.517 msgsocm.log
07/15/2009 21:43 1.556.892 FaxSetup.log
07/15/2009 21:43 517.138 msmqinst.log
07/15/2009 21:39 1.374 imsins.BAK
07/15/2009 21:39 93.473 KB961371.log
07/15/2009 21:38 283.545 updspapi.log
07/15/2009 21:38 92.852 KB971633.log
07/15/2009 21:37 121.409 ie8_main.log
07/15/2009 21:37 84.229 KB971930-IE8.log
07/15/2009 21:37 99.076 KB969897-IE8.log
07/15/2009 21:36 93.335 ie8.log
07/15/2009 21:17 37.201 WgaNotify.log
07/15/2009 21:15 8.263 KB961118.log
06/14/2009 00:39 44 rdrive.ini
06/10/2009 21:29 112.136 KB969897-IE7.log
06/10/2009 21:28 27.420 KB970238.log
06/10/2009 21:28 26.743 KB968537.log
06/10/2009 21:28 26.383 KB961501.log
06/10/2009 21:28 20.389 KB969898.log
06/10/2009 21:17 20.802 KB959426.log
06/10/2009 21:17 19.790 KB960803.log
06/10/2009 21:16 20.259 KB952004.log
06/10/2009 21:16 16.661 KB956572.log
06/10/2009 21:16 15.111 KB961373.log
06/10/2009 21:16 10.203 KB923561.log
06/10/2009 20:41 13.549 KB967715.log
06/10/2009 20:41 5.676 KB938464-v2.log
06/10/2009 20:41 13.153 KB960225.log
06/09/2009 19:15 8.067 KB893803v2.log
04/06/2009 23:53 605 ODBC.INI
03/03/2009 16:40 1.409 QTFont.for
03/03/2009 01:36 32.863 setuplog.txt
----- System ---
Verzeichnis von C:\WINDOWS\system
----- System 32 (Achtung: Zeitfenster beachten!) ---
Verzeichnis von C:\WINDOWS\system32
08/20/2009 17:22 12.598 wpa.dbl
08/20/2009 11:50 357.752 FNTCACHE.DAT
08/02/2009 23:34 4.096 crash
07/07/2009 17:10 24.539.592 MRT.exe
06/16/2009 16:36 81.920 fontsub.dll
06/16/2009 16:36 119.808 t2embed.dll
06/10/2009 21:40 434.838 perfh009.dat
06/10/2009 21:40 68.828 perfc009.dat
06/10/2009 21:40 452.038 perfh007.dat
06/10/2009 21:40 81.842 perfc007.dat
06/10/2009 21:40 1.051.804 PerfStringBackup.INI
06/10/2009 19:15 18.620 CCCInstall_200906101915151093.log
06/03/2009 21:09 1.296.896 quartz.dll
05/13/2009 07:02 915.456 wininet.dll
05/13/2009 07:02 5.936.128 mshtml.dll
05/07/2009 17:32 348.160 localspl.dll
04/30/2009 23:13 1.985.024 iertutil.dll
04/30/2009 23:13 11.064.832 ieframe.dll
04/30/2009 23:12 1.207.808 urlmon.dll
04/30/2009 23:12 1.469.440 inetcpl.cpl
04/30/2009 23:12 25.600 jsproxy.dll
04/30/2009 23:12 385.536 iedkcs32.dll
04/30/2009 13:21 173.056 ie4uinit.exe
04/29/2009 06:41 133.120 extmgr.dll
04/19/2009 21:46 1.847.296 win32k.sys
04/15/2009 16:51 585.216 rpcrt4.dll
03/21/2009 16:06 1.063.424 kernel32.dll
03/10/2009 22:18 1.482.112 LegitCheckControl.dll
03/10/2009 22:18 970.632 WgaTray.exe
03/10/2009 22:18 265.096 WgaLogon.dll
03/08/2009 14:29 1.302.528 ieframe.dll.mui
03/08/2009 14:29 57.344 msrating.dll.mui
03/08/2009 14:28 2.560 mshta.exe.mui
03/08/2009 14:27 4.096 ie4uinit.exe.mui
03/08/2009 14:27 12.288 advpack.dll.mui
03/08/2009 14:27 81.920 iedkcs32.dll.mui
03/08/2009 04:52 21.840 SIntfNT.dll
03/08/2009 04:52 17.212 SIntf32.dll
03/08/2009 04:52 12.067 SIntf16.dll
03/08/2009 04:35 385.024 html.iec
03/08/2009 04:34 208.384 WinFXDocObj.exe
03/08/2009 04:34 236.544 webcheck.dll
03/08/2009 04:34 43.008 licmgr10.dll
03/08/2009 04:34 105.984 url.dll
03/08/2009 04:34 193.536 msrating.dll
03/08/2009 04:34 109.568 occache.dll
03/08/2009 04:33 18.944 corpol.dll
03/08/2009 04:33 726.528 jscript.dll
03/08/2009 04:33 229.376 ieaksie.dll
03/08/2009 04:33 420.352 vbscript.dll
03/08/2009 04:33 125.952 ieakeng.dll
03/08/2009 04:32 72.704 admparse.dll
03/08/2009 04:32 163.840 ieakui.dll
03/08/2009 04:32 36.864 ieudinit.exe
03/08/2009 04:32 71.680 iesetup.dll
03/08/2009 04:32 55.808 iernonce.dll
03/08/2009 04:32 128.512 advpack.dll
03/08/2009 04:32 94.720 inseng.dll
03/08/2009 04:32 594.432 msfeeds.dll
03/08/2009 04:32 611.840 mstime.dll
03/08/2009 04:31 183.808 iepeers.dll
03/08/2009 04:31 13.312 msfeedssync.exe
03/08/2009 04:31 59.904 icardie.dll
03/08/2009 04:31 55.296 msfeedsbs.dll
03/08/2009 04:31 348.160 dxtmsft.dll
03/08/2009 04:31 34.816 imgutil.dll
03/08/2009 04:31 216.064 dxtrans.dll
03/08/2009 04:31 46.592 pngfilt.dll
03/08/2009 04:31 66.560 mshtmled.dll
03/08/2009 04:31 48.128 mshtmler.dll
03/08/2009 04:31 1.638.912 mshtml.tlb
03/08/2009 04:31 45.568 mshta.exe
03/08/2009 04:30 66.560 tdc.ocx
03/08/2009 04:22 164.352 ieui.dll
03/08/2009 04:22 156.160 msls31.dll
03/08/2009 04:15 57.667 ieuinit.inf
03/08/2009 04:11 445.952 ieapfltr.dll
03/06/2009 16:19 286.720 pdh.dll
03/03/2009 01:36 12.540 wpa.bak
02/25/2009 23:42 442.368 ATIDEMGX.dll
02/25/2009 23:41 325.120 ati2dvag.dll
02/25/2009 23:30 11.841.536 atioglxx.dll
02/25/2009 23:30 204.800 atipdlxx.dll
02/25/2009 23:29 155.648 Oemdspif.dll
02/25/2009 23:29 26.112 Ati2mdxx.exe
02/25/2009 23:29 43.520 ati2edxx.dll
02/25/2009 23:29 155.648 ati2evxx.dll
02/25/2009 23:27 602.112 ati2evxx.exe
02/25/2009 23:26 53.248 ATIDDC.DLL
02/25/2009 23:16 3.817.984 ati3duag.dll
02/25/2009 23:09 307.200 atiiiexx.dll
02/25/2009 22:59 2.670.080 ativvaxx.dll
02/25/2009 22:58 151.824 ativvaxx.cap
02/25/2009 22:58 3.107.788 ativva5x.dat
02/25/2009 22:58 887.724 ativva6x.dat
02/25/2009 22:44 49.664 amdpcom32.dll
02/25/2009 22:40 475.136 atikvmag.dll
02/25/2009 22:38 126.976 atiadlxx.dll
02/25/2009 22:38 17.408 atitvo32.dll
02/25/2009 22:35 290.816 atiok3x2.dll
02/25/2009 22:32 45.056 aticalrt.dll
02/25/2009 22:32 45.056 aticalcl.dll
02/25/2009 22:32 626.688 ati2cqag.dll
02/25/2009 22:30 3.227.648 aticaldd.dll
02/25/2009 15:15 593.920 ati2sgag.exe
02/12/2009 22:20 6.873 IE8Eula.rtf
10/30/1617 07:13 3.120 ALLFSAF5a.ocx
----- Prefetch -------------------------
Verzeichnis von C:\WINDOWS\Prefetch
08/20/2009 17:30 16.542 CMD.EXE-034B0549.pf
08/20/2009 17:29 65.042 NOTEPAD++.EXE-20E43543.pf
08/20/2009 17:29 31.034 VERCLSID.EXE-28F52AD2.pf
08/20/2009 17:29 20.928 EXPLORER.EXE-02121B1A.pf
08/20/2009 17:29 179.934 WINRAR.EXE-1A0EFB18.pf
08/20/2009 17:24 19.306 FLASHGOT.EXE-24301770.pf
08/20/2009 17:24 99.948 FIREFOX.EXE-28BE8AE1.pf
08/20/2009 17:23 29.912 LOGONUI.EXE-05FEDB13.pf
08/20/2009 17:23 19.514 AAWTRAY.EXE-11640CC2.pf
08/20/2009 17:23 28.724 WUAUCLT.EXE-1360D60A.pf
08/20/2009 17:23 21.566 ALG.EXE-275708CF.pf
08/20/2009 17:23 28.796 DEVLDR32.EXE-3266C67C.pf
08/20/2009 17:23 33.254 WMIPRVSE.EXE-0D449B4F.pf
08/20/2009 17:23 53.426 IMAPI.EXE-201490BB.pf
08/20/2009 17:23 21.710 UNSECAPP.EXE-16EB9856.pf
08/20/2009 17:23 22.500 IBSERVER.EXE-2134BE34.pf
08/20/2009 17:23 1.212.172 NTOSBOOT-B00DFAAD.pf
08/20/2009 14:29 20.562 NOTEPAD.EXE-2F2D61E1.pf
08/20/2009 14:29 61.714 HIJACKTHIS.EXE-0217D948.pf
08/20/2009 13:46 42.622 AD-AWAREADMIN.EXE-2E1F7B25.pf
08/20/2009 13:46 63.810 AAWSERVICE.EXE-03154300.pf
08/20/2009 13:30 28.780 TASKMGR.EXE-06144C13.pf
08/20/2009 13:25 30.360 SYSINT~1.SCR-1085C59C.pf
08/20/2009 13:04 18.058 RUNDLL32.EXE-6E8D4657.pf
08/20/2009 12:16 56.706 AVSCAN.EXE-068A2CAC.pf
08/20/2009 12:16 61.750 AVCENTER.EXE-377C5668.pf
08/20/2009 11:17 23.206 REGSVR32.EXE-396DEA2C.pf
08/20/2009 11:15 14.428 MBAMGUI.EXE-3688636F.pf
08/20/2009 11:15 16.584 MBAM.EXE-32061666.pf
08/20/2009 11:15 44.412 MSCONFIG.EXE-1EF1EA0F.pf
08/20/2009 11:04 64.782 AVNOTIFY.EXE-22D2A6A0.pf
08/20/2009 11:04 69.270 UPDATE.EXE-33FE454B.pf
08/20/2009 02:32 49.492 AVGUARD.EXE-0EBF8B13.pf
08/20/2009 02:00 19.240 CTFMON.EXE-05E57A5E.pf
08/20/2009 02:00 19.946 B.EXE-1FEED026.pf
08/20/2009 02:00 20.470 MSA.EXE-02AC1082.pf
08/20/2009 01:32 27.356 LAMBAM-SETUP.TMP-0B46C02C.pf
08/20/2009 01:32 20.168 LAMBAM-SETUP.EXE-132847CA.pf
08/20/2009 01:31 13.650 MBAM-SETUP.EXE-39A61CA3.pf
08/20/2009 01:28 18.826 REGEDIT.COM-0204AD01.pf
08/20/2009 01:19 59.114 WDFMGR.EXE-22A3D9C5.pf
08/20/2009 01:19 25.364 SVCHOST.EXE-2D5FBD18.pf
08/20/2009 01:19 14.700 SMAGENT.EXE-09FD679F.pf
08/20/2009 01:19 22.324 CAPM4SWK.EXE-0BF8F428.pf
08/20/2009 01:15 49.318 HH.EXE-104606B2.pf
08/20/2009 01:12 14.744 CAPM4RSK.EXE-1F94D2CB.pf
08/20/2009 01:12 15.586 CAPM4LAK.EXE-39D4C6BC.pf
08/20/2009 01:09 71.198 AAWDRIVERTOOL.EXE-16062C11.pf
08/20/2009 01:07 60.398 MSIEXEC.EXE-330626DC.pf
08/20/2009 01:07 49.240 AD-AWAREAE.EXE-0C9B0A78.pf
08/20/2009 01:07 16.200 LAVASOFTGCHELPER.EXE-03D94920.pf
08/20/2009 01:06 78.888 AD-AWAREAE.EXE-13863249.pf
08/20/2009 00:54 20.840 HJTINSTALL202.EXE-2DCBE448.pf
08/20/2009 00:53 24.434 HIJACKTHIS.EXE-3918B6A3.pf
08/20/2009 00:53 57.992 ACRORD32INFO.EXE-3AD69296.pf
08/20/2009 00:50 14.376 QTTASK.EXE-0C419446.pf
08/20/2009 00:23 113.324 IEXPLORE.EXE-360BBB5C.pf
08/19/2009 23:28 80.236 PROGDVB.EXE-1D681201.pf
08/19/2009 23:21 52.740 MSHTA.EXE-07121ECA.pf
08/19/2009 23:21 69.256 AVCARE.EXE-1F60CD5A.pf
08/19/2009 23:20 15.010 RMACWENOXS.TMP-06065F37.pf
08/19/2009 23:20 18.304 C.EXE-2F100D8C.pf
08/19/2009 23:20 31.118 OXNMRSEWAC.TMP-03850CC8.pf
08/19/2009 23:20 16.612 A.EXE-19DCBE1A.pf
08/19/2009 23:20 2.728 RASVSNET.TMP-36E5B046.pf
08/19/2009 23:20 13.704 SPOOLSV.EXE-3A613CE3.pf
08/19/2009 23:20 35.322 AVWSC.EXE-1742FD55.pf
08/19/2009 23:19 16.358 PING.EXE-30F9CA9D.pf
08/19/2009 23:19 5.220 INCOSNET.TMP-2B1B354C.pf
08/19/2009 23:19 19.934 GUARDGUI.EXE-1FA25B88.pf
08/19/2009 23:19 38.864 XWSARENCOM.TMP-37CCFB87.pf
08/19/2009 23:19 9.640 NXCAMOERSW.TMP-2C4179E0.pf
08/19/2009 23:09 31.000 ANSMXOWRCE.TMP-27004A67.pf
08/19/2009 23:09 31.790 SERR.TMP-073B206E.pf
08/19/2009 23:09 98.550 ACRORD32.EXE-0ABDA372.pf
08/19/2009 22:34 77.638 ACDSEE32.EXE-2D662CCB.pf
08/19/2009 22:34 101.534 7ZG.EXE-1175D9D1.pf
08/19/2009 22:34 40.246 7ZFM.EXE-1F4FC77C.pf
08/19/2009 20:17 111.356 HELPSVC.EXE-1C192440.pf
08/19/2009 20:16 57.614 DFRGNTFS.EXE-38C3807C.pf
08/19/2009 20:16 17.188 DEFRAG.EXE-2858C7E2.pf
08/19/2009 20:16 446.184 Layout.ini
08/19/2009 19:17 22.414 RUNDLL32.EXE-3C500167.pf
08/18/2009 23:50 18.096 SNDVOL32.EXE-0EC6FD20.pf
08/18/2009 22:56 12.986 RUNDLL32.EXE-4FF9832D.pf
08/18/2009 22:55 31.094 EAGLE.EXE-26660B75.pf
08/18/2009 17:06 22.976 REMINDME.EXE-24FF2143.pf
08/18/2009 17:06 80.312 THUNDERBIRD.EXE-05833C98.pf
08/18/2009 13:45 15.532 MCCS.EXE-20B31B1E.pf
08/18/2009 00:53 86.692 EXCEL.EXE-37225E3A.pf
08/18/2009 00:37 15.108 CALC.EXE-02A5B4B1.pf
08/17/2009 23:51 65.070 WMPLAYER.EXE-017735B2.pf
08/17/2009 21:41 86.902 WMPLAYER.EXE-017735B3.pf
08/17/2009 20:11 17.836 SCAD3.EXE-376C22AD.pf
08/17/2009 20:06 68.196 FLVPLAYER.EXE-0999C13C.pf
08/17/2009 11:36 95.642 I_VIEW32.EXE-3680CA15.pf
08/16/2009 20:36 16.394 ASUSPROB.EXE-00420C19.pf
08/16/2009 20:32 35.698 NTVDM.EXE-0A81AB7B.pf
08/15/2009 22:51 58.376 WAR3.EXE-1839AED7.pf
08/15/2009 22:51 26.790 FROZEN THRONE.EXE-1A98598B.pf
08/15/2009 22:50 50.646 WC3BANLIST.EXE-1D56D029.pf
08/14/2009 22:27 43.336 SETUP_WM.EXE-21CBB822.pf
08/14/2009 19:26 85.584 UTORRENT.EXE-00B6F9FC.pf
08/13/2009 00:04 19.916 MSPAINT.EXE-146E0237.pf
08/12/2009 19:35 132.990 VLC.EXE-0B96AEC3.pf
08/12/2009 19:23 63.204 WMPLAYER.EXE-017735B4.pf
08/12/2009 00:52 31.526 WISH84.EXE-37B3B1EA.pf
08/12/2009 00:18 17.904 AVRBURNER.EXE-11E40BCC.pf
08/11/2009 23:48 16.250 AVRDUDE-GUI.EXE-1ACC90D5.pf
08/11/2009 23:47 13.850 AVRDUDE.EXE-36055496.pf
08/11/2009 23:47 68.886 SINAPROG.EXE-3A6DC24E.pf
08/11/2009 23:47 18.330 AVRBURNER.EXE-02D44B03.pf
08/11/2009 23:24 66.260 EXPORTCONTROLLER.EXE-29DA913E.pf
08/11/2009 23:24 91.998 QUICKTIMEPLAYER.EXE-370268C9.pf
08/11/2009 22:59 21.642 WIAACMGR.EXE-335C1EE8.pf
08/11/2009 18:50 65.074 MPLAYERC.EXE-116F880F.pf
08/11/2009 18:50 20.894 MPLAYER2.EXE-2F0692F3.pf
08/11/2009 18:50 22.632 ZPLAYER.EXE-2230A905.pf
08/10/2009 22:46 42.828 CCC.EXE-2F3357A9.pf
08/10/2009 21:19 76.476 BNUPDATE.EXE-3A52293C.pf
08/10/2009 07:39 29.048 RUNDLL32.EXE-4EE39BB6.pf
08/08/2009 01:14 13.956 RICHVIDEO.EXE-22863F01.pf
08/08/2009 01:14 48.182 POWERDVD.EXE-28BB77AA.pf
08/08/2009 01:14 9.350 OLRSTATECHECK.EXE-2ACB7E03.pf
08/07/2009 22:45 10.082 SNETCAT.EXE-0A8C4AF8.pf
08/07/2009 22:34 17.896 RUNDLL32.EXE-3E20222E.pf
08/06/2009 22:26 31.650 DIVXSM.EXE-052AE590.pf
07/16/2009 11:46 34.524 AVWSC.EXE-124724D5.pf
07/15/2009 21:40 51.674 UPDATE.EXE-16715754.pf
07/15/2009 21:40 15.142 PREUPD.EXE-0B43CCF7.pf
130 Datei(en) 6.864.530 Bytes
0 Verzeichnis(se), 2.109.587.456 Bytes frei
----- Tasks ----------------------------
Verzeichnis von C:\WINDOWS\tasks
08/20/2009 17:21 6 SA.DAT
08/20/2009 01:09 458 Ad-Aware Update (Weekly).job
----- Windows/Temp -----------------------
Verzeichnis von C:\WINDOWS\Temp
08/20/2009 17:24 483 WGAErrLog.txt
08/20/2009 17:22 18.270 dbg_RA_proc.txt
08/20/2009 17:22 18.900 dbg_RA_printer.txt
06/09/2009 19:15 14.178 dd_netfx20UI4C5A.txt
01/25/2009 20:06 29.684 PQ_DEBUG.TXT
01/25/2009 19:11 1.607 PQ_BATCH.PQB
01/25/2009 16:55 9.575 PQ_DEBUG.001
01/16/2009 17:37 383 HPZIDS000.log
01/16/2009 17:37 1.232 hppldcoi.log
01/16/2009 17:37 607 update000.log
09/16/2008 19:33 20.425 PQ_DEBUG.002
09/16/2008 19:32 1.500 PQ_BATCH.002
|
|
21.08.2009, 00:16
| #5 |
| |  AVCare, Win32Trojan.TDss und mehr ? 2.filelist 2.Teil Code:
ATTFilter ----- Temp -----------------------------
Verzeichnis von C:\DOKUME~1\Jens\LOKALE~1\Temp
08/20/2009 17:22 16.384 ~DFC1AE.tmp
08/20/2009 12:32 16.384 ~DF20F8.tmp
08/20/2009 11:53 0 mmc20D13DAE.xml
08/20/2009 02:31 16.384 ~DF9E9B.tmp
08/20/2009 02:22 19.012 a.dat
08/20/2009 02:22 16.384 ~DFA757.tmp
08/20/2009 02:15 16.384 ~DFD530.tmp
08/20/2009 01:43 16.384 ~DFD6B6.tmp
08/20/2009 01:18 16.384 ~DF94E3.tmp
08/20/2009 01:15 28.644 Cab4.tmp
08/20/2009 01:15 0 Tar5.tmp
08/20/2009 01:11 16.384 ~DFC837.tmp
08/20/2009 00:48 16.384 ~DF8BC8.tmp
08/20/2009 00:23 0 ~DFDA35.tmp
08/20/2009 00:23 0 ~DFC7A9.tmp
08/20/2009 00:02 0 etilqs_fgKVBIWHlzQ1CKkIyWIi
08/19/2009 23:51 16.384 ~DFE3C4.tmp
08/19/2009 23:37 0 ~DF4B11.tmp
08/19/2009 23:37 0 ~DF2A1F.tmp
08/19/2009 23:27 16.384 ~DFAAEA.tmp
08/19/2009 23:24 0 ~DF65CA.tmp
08/19/2009 23:24 0 ~DF539F.tmp
08/19/2009 23:19 32.768 ~DFB9C7.tmp
08/19/2009 23:19 196.608 xwsarencom.tmp
08/19/2009 23:15 16.624.654 flaCA.tmp
08/19/2009 23:15 20.074.518 flaC9.tmp
08/19/2009 23:15 19.957.695 flaC8.tmp
08/19/2009 23:08 7.488 java_install_reg.log
08/18/2009 17:06 16.384 ~DF2524.tmp
08/18/2009 17:05 16.384 ~DF8AC2.tmp
08/18/2009 12:52 16.384 ~DF9C14.tmp
08/16/2009 20:35 16.384 ~DF3CE3.tmp
08/16/2009 20:32 215.449 wavetool.zip
08/16/2009 20:22 1.052 nscopy.tmp
08/16/2009 20:22 801 nsmail.eml
08/15/2009 22:00 0 2lx_TR24.pdf.part
08/14/2009 22:27 12.818 control.xml
08/12/2009 18:56 0 jblD1.tmp
08/11/2009 23:47 169 SinaProg_8.6.1_Jens_cur.txt
08/10/2009 22:45 16.384 ~DF4140.tmp
08/10/2009 20:55 0 etilqs_eU1hGyGITvaftUGQUO2Z
08/05/2009 19:41 2.439.487 card_installation_guide.pdf
08/05/2009 19:16 31.509 Elektroniklabor_Grundausrstung_3_tmp.xlsx
08/05/2009 19:16 28.014 Elektroniklabor_Grundausrstung_3.ods
08/03/2009 19:59 893 TWAIN.LOG
08/03/2009 19:59 2 Twain001.Mtx
08/03/2009 19:59 156 Twunk001.MTX
08/03/2009 18:50 16.384 ~DFB476.tmp
08/02/2009 23:36 16.384 ~DFF817.tmp
08/02/2009 18:37 16.384 ~DF6C6A.tmp
08/02/2009 18:34 16.384 Perflib_Perfdata_f2c.dat
08/02/2009 18:19 16.384 ~DF5ADF.tmp
08/02/2009 18:17 16.384 Perflib_Perfdata_c34.dat
08/02/2009 17:25 381.005 fla4D9.tmp
08/02/2009 17:25 392.923 fla4D8.tmp
08/02/2009 17:21 1.048.735 fla4AF.tmp
08/02/2009 13:52 1.509.741 JDAC.zip
07/28/2009 17:52 15.660 +~JF47275.tmp
07/28/2009 17:52 20.416 +~JF47276.tmp
07/28/2009 17:52 20.432 +~JF47274.tmp
07/28/2009 17:52 17.424 +~JF47273.tmp
07/28/2009 17:52 17.488 +~JF47267.tmp
07/28/2009 17:52 22.576 +~JF47262.tmp
07/28/2009 17:52 21.472 +~JF47263.tmp
07/28/2009 17:52 29.888 +~JF47261.tmp
07/28/2009 17:52 29.524 +~JF47260.tmp
07/28/2009 17:52 29.296 +~JF47258.tmp
07/28/2009 17:52 26.904 +~JF47259.tmp
07/28/2009 17:52 37.320 +~JF47255.tmp
07/28/2009 17:47 210.432 Schwingungen_Schwebungen.ppt
07/27/2009 23:34 1.116.630 ECv62aSj.zip.part
07/26/2009 18:44 16.384 ~DFBE32.tmp
07/25/2009 17:33 517.338 haax+0qu.rar.part
07/25/2009 17:22 16.384 ~DFE5E4.tmp
07/24/2009 12:31 16.384 ~DFCAA3.tmp
07/23/2009 23:29 860 options.vnc
07/23/2009 22:39 0 GJ3+LqG7.htm.part
07/22/2009 23:49 0 Twunk002.MTX
07/22/2009 18:58 16.384 ~DFA849.tmp
07/21/2009 18:48 16.384 ~DF1873.tmp
07/18/2009 08:11 16.384 ~DFA838.tmp
07/17/2009 21:48 2.439.673 L”sungen Klausur Monien-1.pdf
07/16/2009 19:41 2.439.673 L”sungen Klausur Monien.pdf
07/16/2009 11:59 16.411.176 Compatibility Pack for the 2007 Office system (1).log
07/16/2009 11:50 16.384 ~DF5FB7.tmp
07/16/2009 11:47 11.374 dd_vcredistUI3FE3.txt
07/16/2009 11:47 480.504 dd_vcredistMSI3FE3.txt
07/16/2009 11:39 16.384 ~DFD390.tmp
07/15/2009 22:43 14.782 Elektroniklabor_Grundausrstung_2_tmp2.xlsx
07/15/2009 22:43 0 c7jF29D+.ods.part
07/15/2009 22:23 14.782 Elektroniklabor_Grundausrstung_2_tmp1.xlsx
07/15/2009 22:21 11.659 Elektroniklabor_Grundausrstung_tmp.xlsx
07/15/2009 22:19 15.905.630 Compatibility Pack for the 2007 Office system (0).log
07/15/2009 21:38 76.370 Microsoft .NET Framework 3.5-KB963707_20090715_193846765.html
07/15/2009 21:38 424.072 Microsoft .NET Framework 3.5-KB963707_20090715_193846765-Msi0.txt
07/15/2009 21:17 383 HPZIDS000.log
07/15/2009 21:17 1.232 hppldcoi.log
07/15/2009 21:17 565 update000.log
07/15/2009 21:15 466 MSI39aa1.LOG
07/15/2009 20:56 14.782 Elektroniklabor_Grundausrstung_2_tmp.xlsx
07/15/2009 20:54 123 CFG5C3.tmp
07/15/2009 19:43 29.266 tmp7A3.tmp
07/15/2009 19:43 29.266 tmp7A2.tmp
07/15/2009 19:43 29.266 tmp79E.tmp
07/13/2009 23:53 0 FZ9YgIjj.wmv.part
07/13/2009 22:08 0 9mNOrdfg.wmv.part
07/13/2009 22:08 0 fyYxFWAX.wmv.part
07/13/2009 21:38 0 q0v55B.tmp
07/13/2009 21:33 0 neGvPQvb.wmv.part
07/13/2009 20:40 0 U9iIfqSu.wmv.part
07/12/2009 13:14 0 utt430.tmp
07/12/2009 13:14 68 utt430.tmp.bat
07/12/2009 13:14 0 utt42F.tmp
07/09/2009 00:45 0 HXT3pQf4.pdf.part
07/05/2009 22:36 0 _iUfJr9C.txt.part
07/05/2009 22:35 0 CET_X8Cm.txt.part
07/05/2009 22:35 0 0XO9PrYM.txt.part
07/05/2009 21:54 0 6qOEWhjn.zip.part
07/05/2009 21:47 0 hgCWnh52.wmv.part
07/05/2009 20:48 0 tx669f06.bmp
07/04/2009 21:02 16.384 ~DFB109.tmp
07/04/2009 02:25 0 jbl4B8.tmp
07/04/2009 01:26 0 zkw42D.tmp
07/04/2009 01:26 0 gok42C.tmp
07/04/2009 01:22 0 bf541B.tmp
07/04/2009 01:05 0 o5l3E6.tmp
07/04/2009 00:48 0 h4l3AB.tmp
07/04/2009 00:36 0 1v5387.tmp
07/04/2009 00:20 0 zvc343.tmp
07/04/2009 00:12 0 86z32F.tmp
07/04/2009 00:11 0 oj432D.tmp
07/04/2009 00:10 0 hwb32A.tmp
07/04/2009 00:05 0 4ou315.tmp
07/03/2009 23:53 0 26y2F8.tmp
07/03/2009 23:52 0 eyq2EF.tmp
07/03/2009 23:48 0 aph2E3.tmp
07/03/2009 23:21 0 esv2A6.tmp
07/03/2009 23:17 0 6fc29D.tmp
07/03/2009 23:17 0 21429C.tmp
07/03/2009 23:12 0 aee28C.tmp
07/03/2009 23:09 0 fdf27E.tmp
07/03/2009 23:03 0 25l275.tmp
07/03/2009 23:01 0 k5m271.tmp
07/03/2009 23:01 0 ynk270.tmp
07/03/2009 22:49 0 rzk25C.tmp
07/03/2009 22:42 0 nzh252.tmp
07/03/2009 22:38 0 0n424A.tmp
07/03/2009 21:39 0 rp51E5.tmp
07/03/2009 21:16 0 l3p1C8.tmp
07/03/2009 21:10 0 xth1BC.tmp
07/03/2009 20:59 0 6m91AC.tmp
07/03/2009 20:55 0 h0s1A6.tmp
07/03/2009 20:55 0 7ph1A3.tmp
07/03/2009 20:52 0 6bw1A1.tmp
07/03/2009 20:52 0 j9f1A0.tmp
07/03/2009 20:50 0 kk519B.tmp
07/03/2009 20:40 0 h0i18E.tmp
07/03/2009 20:40 0 lki18D.tmp
07/03/2009 20:07 0 im4167.tmp
07/03/2009 20:01 0 3db15E.tmp
07/03/2009 19:55 0 3d4154.tmp
07/03/2009 19:53 0 6vp14F.tmp
07/03/2009 19:50 0 14w148.tmp
07/03/2009 19:45 0 5x7134.tmp
07/03/2009 19:44 0 yxw133.tmp
07/03/2009 19:44 0 0g9131.tmp
07/03/2009 19:42 0 j1o12C.tmp
07/03/2009 19:37 0 shn120.tmp
07/01/2009 17:53 16.384 ~DF6261.tmp
06/27/2009 16:39 0 5+Wu9YeX.pdf.part
06/27/2009 16:36 813.835 USBASP-1.zip
06/27/2009 16:34 266.754 usbasp.2009-02-28.tar.gz
06/27/2009 16:23 813.835 USBASP.zip
06/26/2009 23:38 325.830 usbisp_v2.1_schematic.pdf
06/26/2009 23:35 359.000 AVRIsp.zip
06/26/2009 23:31 301.779 AVRUSB-ISP (DIL).zip
06/26/2009 20:05 144.406 mw0Wzt9O.rar.part
06/26/2009 18:07 898.351 Astaro_V7_Quick_Start_Guide.pdf
06/26/2009 00:08 0 kaCZLRdV.flv.part
06/25/2009 17:27 16.384 ~DF4613.tmp
06/22/2009 23:33 6.541 melody.zip
06/22/2009 20:16 113.664 Elektroniklabor_Bestellung_10.xls
06/22/2009 20:15 109.568 Elektroniklabor_Bestellung_11.xls
06/22/2009 20:13 103.936 Elektroniklabor_Bestellung_12_Conrad.xls
06/22/2009 16:25 375.479 USBasp_CH.zip
06/21/2009 06:54 70 3EE68A68.TMP
06/19/2009 20:41 0 js1A57.tmp
06/19/2009 20:41 0 in0A56.tmp
06/18/2009 18:19 435 TarTest.txt
06/15/2009 18:36 0 4a4763.tmp
06/13/2009 20:16 16.384 ~DF86B0.tmp
06/13/2009 16:48 16.384 ~DF3F7.tmp
06/11/2009 20:54 16.384 ~DF5F8B.tmp
06/11/2009 13:57 13.504 dd_msdnexpUI74BB.txt
06/11/2009 13:57 429.116 dd_msdnexpMSI74BB.txt
06/11/2009 13:33 16.384 ~DFD18E.tmp
06/10/2009 21:35 16.384 ~DFB318.tmp
06/10/2009 21:27 182.848 dd_dotnetfx35install_lp.txt
06/10/2009 21:27 177.688 uxeventlog.txt
06/10/2009 21:27 695.795 dd_depcheck_NETFX_EXP_35.txt
06/10/2009 21:27 17.042 dd_XPS_LP.txt
06/10/2009 21:27 471.272 dd_NET_Framework35_LangPack_MSI7F2B.txt
06/10/2009 21:27 952.808 dd_NET_Framework_30LP_Agile_Setup7F0E.txt
06/10/2009 21:26 1.765.380 dd_NET_Framework_20LP_Agile_Setup7ECC.txt
06/10/2009 21:26 2 dd_dotnetfx35error_lp.txt
06/10/2009 21:26 94.288 Microsoft .NET Framework 3.5-KB958484_20090610_192614406.html
06/10/2009 21:26 749.232 Microsoft .NET Framework 3.5-KB958484_20090610_192614406-Msi0.txt
06/10/2009 21:26 113.452 Microsoft .NET Framework 3.0-KB958483_20090610_192546781.html
06/10/2009 21:26 2.118.502 Microsoft .NET Framework 3.0-KB958483_20090610_192546781-Msi0.txt
06/10/2009 21:26 4.242 dd_wcf_retCA4254.txt
06/10/2009 21:25 506.154 Microsoft .NET Framework 2.0-KB958481_20090610_192324984.html
06/10/2009 21:25 9.407.584 Microsoft .NET Framework 2.0-KB958481_20090610_192324984-Msi0.txt
06/10/2009 21:25 5.158 ASPNETSetup_00001.log
06/10/2009 21:23 661.584 dd_dotnetfx35install.txt
06/10/2009 21:23 1.443.552 dd_NET_Framework35_MSI7BDD.txt
06/10/2009 21:22 3.225.840 dd_NET_Framework30_Setup7B37.txt
06/10/2009 21:22 4.377 dd_wcf_retCA725B.txt
06/10/2009 21:21 21.735 dd_XPS.txt
06/10/2009 21:21 383 HPZIDS004.log
06/10/2009 21:21 620 update003.log
06/10/2009 21:21 25.138.694 dd_NET_Framework20_Setup7841.txt
06/10/2009 21:19 5.158 ASPNETSetup_00000.log
06/10/2009 21:18 133.906 dd_RGB9RAST_x86.msi7837.txt
06/10/2009 21:18 15.915 dd_clwireg.txt
06/10/2009 20:03 16.384 ~DFECFD.tmp
06/10/2009 19:54 16.384 ~DF19A1.tmp
06/10/2009 19:39 16.384 ~DF9B42.tmp
06/10/2009 19:28 16.384 ~DFC37C.tmp
06/10/2009 19:00 16.384 ~DFAE91.tmp
06/09/2009 23:27 16.384 ~DFBA9E.tmp
06/09/2009 23:21 28.704 etilqs_HfdnEryT3Ed1tYYa5IVr
06/09/2009 23:17 16.384 ~DF450A.tmp
06/09/2009 23:05 12.304 etilqs_WDzEtZ3a11NwhBxWcEF7
06/09/2009 22:54 16.384 ~DFB9AA.tmp
06/09/2009 21:14 16.384 ~DFAE5.tmp
06/09/2009 21:08 16.384 ~DF5718.tmp
06/09/2009 20:55 16.384 ~DFA51E.tmp
06/09/2009 20:52 6.170 dd_dotnetfx35error.txt
06/09/2009 20:52 0 bch59.tmp
06/09/2009 20:52 0 bch56.tmp
06/09/2009 20:51 0 bch53.tmp
06/09/2009 20:51 0 bch50.tmp
06/09/2009 20:51 0 bch4D.tmp
06/09/2009 20:51 0 bch4A.tmp
06/09/2009 20:50 0 bch47.tmp
06/09/2009 20:50 0 bch44.tmp
06/09/2009 20:50 0 bch42.tmp
06/09/2009 20:50 0 bch3F.tmp
06/09/2009 20:50 0 bch3C.tmp
06/09/2009 20:38 0 bchE.tmp
06/09/2009 20:38 0 bchB.tmp
06/09/2009 20:38 0 bch8.tmp
06/09/2009 20:37 0 bch5.tmp
06/09/2009 20:27 16.384 ~DF14A4.tmp
06/09/2009 20:25 174 MSIdbaf4.LOG
06/09/2009 20:12 16.384 ~DFD6DE.tmp
06/09/2009 20:08 16.384 ~DFC86C.tmp
06/09/2009 20:04 438 MSIba255.LOG
06/09/2009 20:04 0 is56.tmp
06/09/2009 19:59 174 MSI781a1.LOG
06/09/2009 19:53 16.384 ~DF411.tmp
06/09/2009 19:50 174 MSIab219.LOG
06/09/2009 19:40 16.384 ~DF790F.tmp
06/09/2009 19:35 16.384 ~DF5525.tmp
06/09/2009 19:20 0 isF3.tmp
06/09/2009 19:12 16.384 ~DFE206.tmp
06/09/2009 18:45 16.384 ~DFE0CB.tmp
05/26/2009 00:37 16.384 ~DFDCAF.tmp
04/19/2009 14:48 196.781 270xA_datasheet.pdf
04/05/2009 18:31 1.637.636 ZEOSDBO-6.6.4-stable.zip
04/05/2009 17:49 716.800 Compact_Express_Comparison.doc
04/05/2009 17:41 100.352 sqlservercompactdatasheet_final.doc
04/05/2009 17:36 79.360 SSCEOverview.doc
03/22/2009 00:49 20.500 etilqs_rDKgRRNxgEECId8jpQdy
03/10/2009 01:46 295.410 doc6296.pdf
03/10/2009 01:07 7.992.685 datasheet-1.pdf
03/09/2009 22:40 168.497 054-07461-0-AT91R40008.pdf
03/09/2009 22:15 123.191 STM32_EVAL_rev00.pdf
03/09/2009 20:42 437.675 75016140.pdf
02/02/2009 17:33 12.304 etilqs_Xo8nblBcbInaI76HQcIr
Code:
ATTFilter "WPF/E" (codename) Community Technology Preview (Dec 2006)
7-Zip 4.59 beta
Abe's Oddysee
ACDSee 32
ACDSee 9 Photo Manager
Active Ports
Ad-Aware
Ad-Aware SE Personal
Adobe Audition 1.5
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Japanese Fonts
Advanced LAN Pump version 3.1
AGEIA PhysX v7.09.13
aGSM v2.35c, altSoft
Alcohol 120%
Aliens vs. Predator 2
Alt-Tab Task Switcher Powertoy for Windows XP
Antman 2
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.21.07
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATITool Overclocking Utility
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AXIS NetPilot
AXIS Print Monitor for Canon CAPT Printers
Battlefield 1942
BitTorrent 4.0.2
Bonjour
Bontago
Borland C++Builder 6
Borland Delphi 7
Bricx Command Center
Bullzip PDF Printer 5.0.0.609
Cain & Abel v2.69
Calculator Powertoy for Windows XP
Canon iR1510-1670
CCleaner (remove only)
CD Audio Reader Filter (remove only)
CloneCD
CmdHere Powertoy For Windows XP
Code::Blocks
Compatibility Pack for the 2007 Office system
Creative Treiber für Massenspeicher
DC++ 0.698
Derive 5
Digital Video
Direct Connect 1.0 Preview Build 9
DirectVobSub (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
Driver Sweeper 1.5.5
DS-MP3 Source 1.30
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.1.8.0
EAGLE 4.16r1
Ethereal 0.99.0
Ettercap NG 0.7.3
Express Rip
ffdshow [rev 988] [2007-03-04]
Firebird/InterBase(r) ODBC driver 2.0
FlashFXP
FlatOut2
FLV Player 1.3.3
Free Download Manager 2.1
Free Fire Screensaver
FreeBASIC 0.15b
G3 Torrent
GetASFStream
GetRight
GPL Ghostscript 8.54
GPL Ghostscript Fonts
GSview 4.8
GUI for dvdauthor 1.04
Haali Media Splitter
Half-Life(R) 2
HijackThis 2.0.2
HP Photosmart All-In-One Software 9.0
Huffyuv AVI lossless video codec (Remove Only)
Hurrican 1.0.0.4
HydraVision
Icy Tower v1.2 (11kHz)
IL-2 Sturmovik
IL-2 Sturmovik 1946
innovatek Leistungsrechner 2007
InterBase 6.5
InterVideo WinDVD 4
IrfanView (remove only)
iTunes
J2SE Development Kit 5.0 Update 1
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
JAlbum
Java 3D 1.5.1
Klingon Academy
LANLEECH R3
LANWalk Scanner 3.x
Lazarus 0.9.26.2
LC5
Logitech Gaming Software
Look@LAN 2.50 Build 29
LTspice IV
LTspice/SwCADIII
Macromedia Extension Manager
Macromedia Flash MX
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manufactoid (remove only)
Maple 11
Maya Fluid Effects Screensaver
Metal Slug Series with Enabled MAME 0.78
Metasploit Framework 3.0
Mic1 Emulator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft AppLocale
Microsoft Office Small Business Edition 2003
Microsoft Platform SDK (R2) (3790.2075)
Microsoft Rechner-Plus
Microsoft Rise Of Nations
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server Management Studio Express
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft XML Parser and SDK
MIDI File Converter
MilkShape 3D 1.8.0
MinGW 5.0.3
mIRC
mirkes.de Tiny Hexer
MIT MathML Fonts 1.0
Mozilla (1.6)
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.22)
mpowerplayer
MSN Gaming Zone
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MSXML4 Parser
Natural Selection 3.1
Nero OEM
NetBeans IDE 4.0
Network Chemistry Packetyzer 5.0.0
Nimo Codecs Pack v5.0 (Remove Only)
ODF Add-In für Microsoft Office
OpenSource Flash Video Splitter (remove only)
Origin 6.0G
PHP-GTK 2 (remove only)
PicaLoader 1.50.1201
PowerDVD
Prevx 3.0
Prism Video Converter
ProgDVB
PSpice Student 9.1
Python 2.4 pygame-1.7.1release
Python 2.4.3
Qtracker
Quake III Arena
QuickTime
RealMedia (remove only)
RealPlayer
Riva FLV Player
RivaTuner v2.24
Robotics Invention System 2.0
Serious Samurize
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SHOUTcast Source (remove only)
SketchUp 5
SketchUp 5 Mechanical Design Library
SketchUp 5 Symbols Library
SmartFTP Client
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SoundMAX
SpeechRedist
sPlan 6.0
SQL Server Command Line Query Tool
Star Trek Armada II
Star Wars JK II Jedi Outcast
Steam(TM)
Stereoscopic Player
Street Hacker Update 1.1.3
Switch
TARGET 3001! V12 discover
THE HOUSE OF THE DEAD 3
TmNationsForever
TortoiseSVN 1.6.0.15855 (32 bit)
TrackMania Nations ESWC 0.1.7.5
Tweak UI
Ultra RM Converter 2.3.4
UltraVNC v1.0.2
Unreal Tournament 2004
Uplink
ViewSonic Windows XP Signed Files
VisiBroker for Cpp 4.5
VLS
VNC 4.0
WavePad Uninstall
WC3Banlist
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live installer
Windows Live Messenger
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WinTV NOVA
XVID Codec Installation
Zoom Player (remove only)
 |
|
21.08.2009, 06:49
| #6 |
| /// Helfer-Team | AVCare, Win32Trojan.TDss und mehr ? hi 1. deinstalliere Gmer 2. Lade es erneut herunter, aber: Achtung!: wenn Gmer nicht ausgeführt werden kann (ein Rootkit kann es verhindern): - ** also bevor Du "gmer.exe" auf dem Desktop anlegst: - ** versuche gmer.exe umbenennen und dann ausführen - Wähle eine beliebige Dateiname, die Endung soll *.com sein! ca 30 Min. (max 60 Min.) Laufabschnitt sollte reichen! - wenn es wieder probleme gibt, fahre einfach mit Punkt 5. (Rootrepeal) fort |
|
21.08.2009, 10:41
| #7 |
| | AVCare, Win32Trojan.TDss und mehr ? Hi, von GMER habe ich mit zufällig generiertem Namen heruntergeladen und starten lässt es sich ja. Ich habe es diesmal angehalten bevor er sich wieder aufhing, vollständig ist die Liste also vermutlich nicht, auch wenn ich mir sicher bin dass in den darauffolgenden 40min keine weiteren Einträge in der folgenden Auflistung gemacht werden. Erstmal das was er ganz am Anfang meldet: Code:
ATTFilter GMER 1.0.15.15077 [2d1ohsw7.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-21 09:18:50
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 8A3AECD0 ZwEnumerateKey
Code 8A1A12E8 ZwFlushInstructionCache
Code 8A5B10AE IofCallDriver
Code 8A4F7D6E IofCompleteRequest
Code 8A51E68D ZwSaveKey
Code 8A5A900D ZwSaveKeyEx
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A80B1F8
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
---- Modules - GMER 1.0.15 ----
Module _________ F7A37000-F7A4F000 (98304 bytes)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACootjxyfoaw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
|
|
21.08.2009, 10:44
| #8 |
| | AVCare, Win32Trojan.TDss und mehr ? Hier besagter Teil des komplett Scans Code:
ATTFilter GMER 1.0.15.15077 [2d1ohsw7.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 11:34:37
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
INT 0x62 ? 8A79EBF8
INT 0x63 ? 8A430F00
INT 0x73 ? 8A430F00
INT 0x73 ? 8A430F00
INT 0x82 ? 8A79EBF8
INT 0x83 ? 8A79EBF8
INT 0x83 ? 8A79EBF8
INT 0x83 ? 8A430F00
INT 0x83 ? 8A79EBF8
INT 0xB4 ? 8A430F00
Code 8A30E1B0 ZwEnumerateKey
Code 8A2E6218 ZwFlushInstructionCache
Code 8A5DEAD6 IofCallDriver
Code 8A3E0256 IofCompleteRequest
Code 8A2E627D ZwSaveKey
Code 8A31A255 ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A5DEADB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A3E025B
.text ntoskrnl.exe!ZwSaveKey 804E42AE 1 Byte [E9]
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A2E6282
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A31A25A
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 8A30E1B4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A2E621C
? spfx.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8FBA8AC 5 Bytes JMP 8A4304E0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A80F2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spfx.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spfx.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A4305E0
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spfx.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A80B1F8
Device \Driver\sptd \Device\3220481158 spfx.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A2C2500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A80D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A80D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A80D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A80D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A2C2500
Device \Driver\usbuhci \Device\USBPDO-2 8A2C2500
Device \Driver\usbuhci \Device\USBPDO-3 8A2C2500
Device \Driver\usbehci \Device\USBPDO-4 8A319500
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\prodrv06 \Device\ProDrv06 E1C8E248
Device \Driver\NetBT \Device\NetBT_Tcpip_{31392642-2787-4AA7-A08C-85E146C00CA4} 8A38F500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A79F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1C71F34-1886-40B2-BDD7-41047B3AE2DF} 8A38F500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A79F1F8
Device \FileSystem\Rdbss \Device\FsWrap 8A401840
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A79F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 8A6343E8
Device \Driver\atapi \Device\Ide\IdePort0 8A6343E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A6343E8
Device \Driver\atapi \Device\Ide\IdePort1 8A6343E8
Device \Driver\atapi \Device\Ide\IdePort2 8A6343E8
Device \Driver\atapi \Device\Ide\IdePort3 8A6343E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c 8A6343E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A6343E8
Device \Driver\PCI_PNP9908 \Device\00000066 spfx.sys
Device \Driver\PCI_PNP9908 \Device\00000066 spfx.sys
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A79F1F8
Device \Driver\prohlp02 \Device\ProHlp02 E182A5F0
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A38F500
Device \Driver\NetBT \Device\NetbiosSmb 8A38F500
Device \FileSystem\Srv \Device\LanmanServer 8A41B698
Device \Driver\usbuhci \Device\USBFDO-0 8A2C2500
Device \Driver\usbuhci \Device\USBFDO-1 8A2C2500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3D0368
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A549030
Device \Driver\usbuhci \Device\USBFDO-2 8A2C2500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3D0368
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A549030
Device \Driver\usbuhci \Device\USBFDO-3 8A2C2500
Device \FileSystem\Npfs \Device\NamedPipe 8A475E70
Device \Driver\usbehci \Device\USBFDO-4 8A319500
Device \Driver\Ftdisk \Device\FtControl 8A79F1F8
Device \FileSystem\Msfs \Device\Mailslot 8A3153B0
Device \Driver\abezo9r8 \Device\Scsi\abezo9r81Port4Path0Target1Lun0 8A45A008
Device \Driver\abezo9r8 \Device\Scsi\abezo9r81 8A45A008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port5Path0Target0Lun0 89854AB0
Device \Driver\abezo9r8 \Device\Scsi\abezo9r81Port4Path0Target0Lun0 8A45A008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 89854AB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A344170
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A344170
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A344170
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A344170
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A344170
Device \FileSystem\Cdfs \Cdfs 8A3773C8
Device \FileSystem\Cdfs \Cdfs 8A2F01E8
---- Modules - GMER 1.0.15 ----
Module _________ F7A37000-F7A4F000 (98304 bytes)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [228] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [264] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [396] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [908] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [960] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1068] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1108] 0x10000000
Library \\?\globalroot\systemroot\system32\UACaxujnepyof.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1488] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACootjxyfoaw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xAA 0x42 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x16 0xAF 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0xFD 0x83 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x22 0x66 0xD1 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACootjxyfoaw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACootjxyfoaw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqcwooiyyvp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACaxujnepyof.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkkurhhtsar.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACocbirxjadt.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqerpbdogdk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACalitjljxoc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xAA 0x42 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x16 0xAF 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0xFD 0x83 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x22 0x66 0xD1 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACootjxyfoaw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACootjxyfoaw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqcwooiyyvp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACaxujnepyof.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkkurhhtsar.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACocbirxjadt.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqerpbdogdk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACalitjljxoc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0xA3 0x99 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x16 0xAF 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFB 0xBF 0x3C 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB6 0xA8 0xC8 0xF5 ...
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp 343040 bytes executable
---- EOF - GMER 1.0.15 ----
Geändert von Befallener (21.08.2009 um 10:57 Uhr) |
|
21.08.2009, 10:59
| #9 |
| | AVCare, Win32Trojan.TDss und mehr ? Als erstes meldet Root Repeal 5x "Could not read Boot sector. Try adjusting the Disk level in the Options dialog" (Ich habe 4 Partitionen). Deine Anleitung zu den Einstellungen die ich vornehmen soll, verstehe ich leider nicht. Wo soll ich ein Häkchen machen, die angegebenen Punkte existieren als Reiter. Scannen ergab folgendes: Edit: Jetzt hab ichs, unter Report und dann auf Scan. Drivers: Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 11:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name:
Image Path:
Address: 0x00000000 Size: -2141804192 File Visible: - Signed: -
Status: -
Name:
Image Path:
Address: 0xF7A37000 Size: 98304 File Visible: No Signed: -
Status: -
Name: a347bus.sys
Image Path: a347bus.sys
Address: 0xF7497000 Size: 158720 File Visible: - Signed: -
Status: -
Name: a347scsi.sys
Image Path: a347scsi.sys
Address: 0xF798D000 Size: 5248 File Visible: - Signed: -
Status: -
Name: a347scsi.sys
Image Path: a347scsi.sys
Address: 0xF798D000 Size: 5248 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: abezo9r8.SYS
Image Path: C:\WINDOWS\System32\Drivers\abezo9r8.SYS
Address: 0xB8EA6000 Size: 225280 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7858000 Size: 188800 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2265088 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA8B3E000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7697000 Size: 42368 File Visible: - Signed: -
Status: -
Name: aslm75.sys
Image Path: C:\WINDOWS\system32\drivers\aslm75.sys
Address: 0xBA5A8000 Size: 3488 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000 Size: 626688 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 339968 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB9002000 Size: 3891200 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CD000 Size: 3821568 File Visible: - Signed: -
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000 Size: 540672 File Visible: - Signed: -
Status: -
Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF182000 Size: 307200 File Visible: - Signed: -
Status: -
Name: ATITool.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ATITool.sys
Address: 0xF7466000 Size: 49152 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF572000 Size: 2670592 File Visible: - Signed: -
Status: -
Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xA6056000 Size: 165376 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xB8FDF000 Size: 3072 File Visible: - Signed: -
Status: -
Name: aujasnkj.sys
Image Path: C:\DOKUME~1\Jens\LOKALE~1\Temp\aujasnkj.sys
Address: 0xA5783000 Size: 84352 File Visible: No Signed: -
Status: -
Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xF79DD000 Size: 6144 File Visible: - Signed: -
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA66CC000 Size: 81920 File Visible: - Signed: -
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA8A4C000 Size: 114688 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79CF000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: CAPM4LP.SYS
Image Path: C:\WINDOWS\system32\Drivers\CAPM4LP.SYS
Address: 0xA6241000 Size: 15264 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF76F7000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7887000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7647000 Size: 53248 File Visible: - Signed: -
Status: -
Name: ctlfacem.sys
Image Path: C:\WINDOWS\system32\drivers\ctlfacem.sys
Address: 0xF79C1000 Size: 6912 File Visible: - Signed: -
Status: -
Name: ctljystk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctljystk.sys
Address: 0xB8FED000 Size: 3712 File Visible: - Signed: -
Status: -
Name: cvintdrv.SYS
Image Path: C:\WINDOWS\System32\Drivers\cvintdrv.SYS
Address: 0xB9C02000 Size: 3776 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7637000 Size: 36352 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7637000 Size: 36352 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7961000 Size: 154112 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798B000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7446000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8A34000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DF000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB8D4D000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A97000 Size: 4096 File Visible: - Signed: -
Status: -
Name: EL2K_XP.sys
Image Path: C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys
Address: 0xB8F7E000 Size: 147456 File Visible: - Signed: -
Status: -
Name: ElbyCDFL.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
Address: 0xB9AB0000 Size: 15360 File Visible: - Signed: -
Status: -
Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xA60E7000 Size: 9792 File Visible: - Signed: -
Status: -
Name: emu10k1m.sys
Image Path: C:\WINDOWS\system32\drivers\emu10k1m.sys
Address: 0xB8F38000 Size: 283904 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7787000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB9B5F000 Size: 44672 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xB943A000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7A17000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79CD000 Size: 7936 File Visible: - Signed: -
Status: -
Name: fsvga.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fsvga.sys
Address: 0xF794B000 Size: 12288 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7839000 Size: 126336 File Visible: - Signed: -
Status: -
Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xB9AC0000 Size: 10624 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xB9AAC000 Size: 9472 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x80700000 Size: 134400 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xB9BBF000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB942A000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBA5EC000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA58B0000 Size: 264832 File Visible: - Signed: -
Status: -
Name: hwinterface.sys
Image Path: C:\WINDOWS\System32\Drivers\hwinterface.sys
Address: 0xB9A6B000 Size: 2624 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7416000 Size: 52992 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBA7E0000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7456000 Size: 40448 File Visible: - Signed: -
Status: -
Name: io.sys
Image Path: C:\WINDOWS\system32\drivers\io.sys
Address: 0xB9995000 Size: 2944 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xA8B88000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xA8C07000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37632 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF777F000 Size: 25216 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5B01000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB8EF1000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA749000 Size: 92288 File Visible: - Signed: -
Status: -
Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7667000 Size: 57472 File Visible: - Signed: -
Status: -
Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF77B7000 Size: 18048 File Visible: - Signed: -
Status: -
Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xA679C000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79D1000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xB944A000 Size: 23552 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xBA5E8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xA6341000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xA8A68000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77E7000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xB9B9F000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBA610000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA650000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA68F000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA62C000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB8E8F000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA770000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xB9B7F000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xA8B60000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77EF000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA6BC000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2265088 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9C01000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xA659E000 Size: 88320 File Visible: - Signed: -
Status: -
Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xB8E6F000 Size: 63232 File Visible: - Signed: -
Status: -
Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xA64C6000 Size: 55936 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB8EDD000 Size: 80384 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79B1000 Size: 7040 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7486000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCI_PNP9908
Image Path: \Driver\PCI_PNP9908
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xBA7A0000 Size: 47360 File Visible: - Signed: -
Status: -
Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xB9AB4000 Size: 10368 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2265088 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8F14000 Size: 147456 File Visible: - Signed: -
Status: -
Name: prodrv06.sys
Image Path: C:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xA8AD8000 Size: 77184 File Visible: - Signed: -
Status: -
Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xF7687000 Size: 65504 File Visible: - Signed: -
Status: -
Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xF7991000 Size: 6944 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xB945A000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7677000 Size: 35648 File Visible: - Signed: -
Status: -
Name: pxscan.sys
Image Path: pxscan.sys
Address: 0xF7617000 Size: 36864 File Visible: - Signed: -
Status: -
Name: pxsec.sys
Image Path: pxsec.sys
Address: 0xF7657000 Size: 40960 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBA5CE000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBA7D0000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBA7C0000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBA7B0000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xB9452000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2265088 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xA8B13000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79D3000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB8DBF000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBA7F0000 Size: 57728 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA57A8000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF74BE000 Size: 98304 File Visible: - Signed: -
Status: -
Name: secdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Address: 0xA61B1000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xB9AB8000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF7406000 Size: 65536 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xBA66A000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xF798F000 Size: 4832 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF7717000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfmanm.sys
Image Path: C:\WINDOWS\system32\drivers\sfmanm.sys
Address: 0xF7436000 Size: 36480 File Visible: - Signed: -
Status: -
Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xBA67C000 Size: 77824 File Visible: - Signed: -
Status: -
Name: spfx.sys
Image Path: spfx.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7827000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xA5F14000 Size: 333952 File Visible: - Signed: -
Status: -
Name: SVKP.sys
Image Path: C:\WINDOWS\system32\SVKP.sys
Address: 0xF7AAB000 Size: 2368 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79C9000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA6614000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xA8BAE000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xB9462000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBA790000 Size: 40704 File Visible: - Signed: -
Status: -
Name: ttdvblcd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ttdvblcd.sys
Address: 0xF7426000 Size: 63520 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB8D61000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79CB000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF7777000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xB9BDF000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB8FA2000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF776F000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB9422000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8FC6000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7627000 Size: 53760 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xB9B8F000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77FF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6214000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: WmBEnum.sys
Image Path: C:\WINDOWS\system32\drivers\WmBEnum.sys
Address: 0xBA614000 Size: 10144 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2265088 File Visible: - Signed: -
Status: -
Name: WmXlCore.sys
Image Path: C:\WINDOWS\system32\drivers\WmXlCore.sys
Address: 0xBA780000 Size: 45504 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBA5C2000 Size: 12032 File Visible: - Signed: -
Status: -
Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 11:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden Services
-------------------
Service Name: UACd.sys
Image PathC:\WINDOWS\system32\drivers\UACootjxyfoaw.sys
Geändert von Befallener (21.08.2009 um 11:12 Uhr) |
|
21.08.2009, 11:01
| #10 |
| | AVCare, Win32Trojan.TDss und mehr ? Stealth Obj. Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 11:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Module [Name: UACqcwooiyyvp.dll]
Process: svchost.exe (PID: 836) Address: 0x00a60000 Size: 73728
Object: Hidden Module [Name: UACe051.tmpnepyof.dll]
Process: svchost.exe (PID: 836) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACalitjljxoc.dll]
Process: Explorer.EXE (PID: 3352) Address: 0x10000000 Size: 49152
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a80b1f8 Size: 121
Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x89854ab0 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a4c7b98 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a6343e8 Size: 99
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a80d1f8 Size: 121
Object: Hidden Code [Driver: prodrv06䵃慖쐐㶀అ瑎䱆ᙸ䏀, IRP_MJ_CREATE]
Process: System Address: 0xe1c8e248 Size: 1945
Object: Hidden Code [Driver: prodrv06䵃慖쐐㶀అ瑎䱆ᙸ䏀, IRP_MJ_CLOSE]
Process: System Address: 0xe1c8e248 Size: 1945
Object: Hidden Code [Driver: prodrv06䵃慖쐐㶀అ瑎䱆ᙸ䏀, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe1c8e248 Size: 1945
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a2c2500 Size: 121
Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_CLOSE]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_READ]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_WRITE]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SET_EA]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_CLEANUP]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_POWER]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Hard, IRP_MJ_PNP]
Process: System Address: 0x8a45a008 Size: 99
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a79f1f8 Size: 121
Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System Address: 0xe182a5f0 Size: 2580
Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System Address: 0xe182a5f0 Size: 2580
Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe182a5f0 Size: 2580
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a38f500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a319500 Size: 121
Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a401840 Size: 11
Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x8a41b698 Size: 11
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a549030 Size: 11
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a3d0368 Size: 121
Object: Hidden Code [Driver: Npfsȅః瑎て, IRP_MJ_READ]
Process: System Address: 0x8a475e70 Size: 11
Object: Hidden Code [Driver: MsfsЅఉ敓, IRP_MJ_READ]
Process: System Address: 0x8a3153b0 Size: 11
Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8a344170 Size: 11
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_CREATE]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_CLOSE]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_READ]
Process: System Address: 0x8a2f01e8 Size: 11
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3773c8 Size: 121
Object: Hidden Code [Driver: Cdfsఅ瑎獆ꒈ, IRP_MJ_PNP]
Process: System Address: 0x8a3773c8 Size: 121
Geändert von Befallener (21.08.2009 um 11:09 Uhr) |
|
21.08.2009, 16:30
| #11 |
| /// Helfer-Team | AVCare, Win32Trojan.TDss und mehr ? hi doch haben wir ja also: Rootkit/wikipedia.org Da eine hundertprozentige Erkennung von Rootkits unmöglich ist, ist die beste Methode zur Entfernung wäre die komplette Neuinstallation. Falls Du dein System doch reinigen möchtest: 1. - Kopiere den Text aus der Code-Box in ein Notepad-Dokument und speichere ihn als remove.txt auf deiner Festplatte C:\ Code:
ATTFilter Drivers to disable:
UACd.sys
Drivers to delete:
UACd.sys
Files to delete:
c:\windows\system32\drivers\UACootjxyfoaw.sys
c:\windows\system32\UACqcwooiyyvp.dll
c:\windows\system32\UACaxujnepyof.dll
c:\windows\system32\UACkkurhhtsar.dat
c:\windows\system32\UACocbirxjadt.db
c:\windows\system32\UACqerpbdogdk.dll
c:\windows\system32\UACalitjljxoc.dll
C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp
→ Lade den Avenger herunter und entzippe ihn auf den Desktop. (direkt als `EXE` *hier* erhältlich ) → die avenger.exe per Doppelklick starten → füge den Inhalt aus der Codebox vollständig und unverändert in das leere Textfeld bei "Input script here" ein → dann klicke auf "Execute" → wirst Du gefragt, ob Du das Script ausführen willst. Beantworte die Frage "Ja". → auf die Fragae ob dein Rechner jetzt neu starten soll "Rebot now" bejahe bitte auch → nach Neustart wird ein Dos Fenster aufgehen. → wenn wieder geschlossen ist, es öffnet sich der Editor mit die Scanergebnisse : C:\avenger.txt → kopiere und füge den Inhalt direkt aus der Textdatei hier rein Achtung!: Wenn Avenger nicht ausgeführt werden kann (ein Rootkit kann es verhindern), benenne avenger.exe um in "arniee.com" und versuche es erneut. (also wie vorher mit Gmer) 3.
poste erneut: Trend Micro HijackThis-Logfile Geändert von kira (21.08.2009 um 16:40 Uhr) |
|
22.08.2009, 21:27
| #12 |
| |  AVCare, Win32Trojan.TDss und mehr ? Hatte gestern und heute wenig Zeit, deshalb konnte ich erst jetzt weitermachen avenger.txt Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "a2vmuvj4" found!
Could not open driver a2vmuvj4 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Rootkit scan completed.
Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)
Driver "UACd.sys" deleted successfully.
File "c:\windows\system32\drivers\UACootjxyfoaw.sys" deleted successfully.
File "c:\windows\system32\UACqcwooiyyvp.dll" deleted successfully.
File "c:\windows\system32\UACaxujnepyof.dll" deleted successfully.
File "c:\windows\system32\UACkkurhhtsar.dat" deleted successfully.
File "c:\windows\system32\UACocbirxjadt.db" deleted successfully.
File "c:\windows\system32\UACqerpbdogdk.dll" deleted successfully.
File "c:\windows\system32\UACalitjljxoc.dll" deleted successfully.
File "C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\UACc96b.tmp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:16:47, on 08/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Prevx\prevx.exe C:\Programme\Borland\InterBase\bin\ibguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Borland\InterBase\bin\ibserver.exe C:\Programme\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\taskswitch.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe F:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\DAEMON Tools Lite\daemon.exe E:\HDV3\DTemp\DTemp.exe C:\remindme\RemindMe.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Mozilla Firefox\firefox.exe D:\bases\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906 O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 1: (no name) - http://www.tomshardware.de/ O24 - Desktop Component 2: (no name) - C:\Dokumente und Einstellungen\*User*\Desktop\Neu Textdokument (4).html -- End of file - 8542 bytes Die DelDomains.inf wird bei mir durch doppelklick nur geöffnet, ich hab dann mal installieren gewählt und jetzt sind diese Einträge von wegen Trusted Zone weg (von denen ich glaube das sie das Ziel dieser Maßnahme waren). Prevx findet aus irgendeinem Grund immernoch das Rootkit und dessen Dateien (sowie den Avenger), im Skript angegeben sind alle. Was soll ich davon halten ? AdAware findet keinen Win32Trojan.TDss mehr. Ich habe außerdem immernoch nicht herausgefunden woher ich dieses nette AddOn für meinen PC habe. Zwei Archive sind momentan heiße Kandidaten, kann ich diese Dateien wenigstens markieren und dann löschen oder sollte ich diese lieber über DOS/Knoppix/Avenger diese direkt löschen ? Eine Neuinfektion möchte ich vermeiden. Geändert von Befallener (22.08.2009 um 21:36 Uhr) |
|
23.08.2009, 16:49
| #13 | |
| /// Helfer-Team | AVCare, Win32Trojan.TDss und mehr ? hi Sind wir noch `lange` nicht fertig  1. den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw - Gmer entfernen - C:\avenger\backup.zip löschen– (mit den Inhalt der gelöschten Dateien) → Papierkorb leeren - Rootrepeal entfernen 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten): Zitat:
reinige dein System mit Ccleaner:
5. Schalte den Rechner ab und nach ca 2-3 Minuten fahre wieder hoch 6.
8. Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit! - Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung... - Falls danach noch alte Updates unter `Systemsteuerung → Software → Ändern/Entfernen...` existieren, deinstallieren: - Adobe Reader: sehe nach, ob neuere Versionen vorhanden sind 9. poste erneut: Trend Micro HijackThis-Logfile filelist.bat - den letzten sechs Monaten! ** Berichte wie es dein Rechner geht? Geändert von kira (23.08.2009 um 16:56 Uhr) |
|
23.08.2009, 20:04
| #14 |
| | AVCare, Win32Trojan.TDss und mehr ? Anti Malware hat beim ersten Start den Fehler 732 (0, 0) geworfen. Ich schätze das lag daran, dass das Netzwerkkabel abgesteckt war (Ein Update habe ich dann durchgeführt), 1. erledigt 2. Malwarebytes Anti-Malware Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2683
Windows 5.1.2600 Service Pack 3
08/23/2009 20:55:38
mbam-log-2009-08-23 (20-55-38).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 252283
Laufzeit: 49 minute(s), 4 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACalitjljxoc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkkurhhtsar.dat (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
23.08.2009, 22:04
| #15 |
| |  AVCare, Win32Trojan.TDss und mehr ? So, ich musste kurz unterbrechen und ich kann irgendwie den vorherigen Beitrag editieren. 3. Hijackthis: erledigt 4. CCleaner: erledigt 5. War deutlich länger 6. SUPERAntiSpyware FREE Edition: Den Bildschirmschoner hab ich draufgelassen Code:
ATTFilter SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/23/2009 at 10:35 PM
Application Version : 4.27.1002
Core Rules Database Version : 4067
Trace Rules Database Version: 2007
Scan type : Complete Scan
Total Scan Time : 00:43:32
Memory items scanned : 642
Memory threats detected : 0
Registry items scanned : 5843
Registry threats detected : 9
File items scanned : 31134
File threats detected : 34
Unclassified.PC MightyMax
HKU\S-1-5-21-606747145-920026266-839522115-1003\Software\PC MightyMax
C:\Programme\PC MightyMax\lic.conf
C:\Programme\PC MightyMax\lic.dat
C:\Programme\PC MightyMax\pcdocrx.conf
C:\Programme\PC MightyMax\tmp_res_x_101.tmp
C:\Programme\PC MightyMax\tmp_res_x_102.tmp
C:\Programme\PC MightyMax\tmp_res_x_103.tmp
C:\Programme\PC MightyMax\tmp_res_x_104.tmp
C:\Programme\PC MightyMax\tmp_res_x_105.tmp
C:\Programme\PC MightyMax\tmp_res_x_106.tmp
C:\Programme\PC MightyMax\tmp_res_x_107.tmp
C:\Programme\PC MightyMax\tmp_res_x_108.tmp
C:\Programme\PC MightyMax\tmp_res_x_109.tmp
C:\Programme\PC MightyMax\tmp_res_x_110.tmp
C:\Programme\PC MightyMax\tmp_res_x_111.tmp
C:\Programme\PC MightyMax\tmp_res_x_112.tmp
C:\Programme\PC MightyMax\tmp_res_x_113.tmp
C:\Programme\PC MightyMax\tmp_res_x_114.tmp
C:\Programme\PC MightyMax\tmp_res_x_115.tmp
C:\Programme\PC MightyMax\tmp_res_x_116.tmp
C:\Programme\PC MightyMax\tmp_res_x_117.tmp
C:\Programme\PC MightyMax\tmp_res_x_118.tmp
C:\Programme\PC MightyMax\tmp_res_x_119.tmp
C:\Programme\PC MightyMax\tmp_res_x_120.tmp
C:\Programme\PC MightyMax\tmp_res_x_121.tmp
C:\Programme\PC MightyMax\tmp_res_x_122.tmp
C:\Programme\PC MightyMax\tmp_res_x_123.tmp
C:\Programme\PC MightyMax\tmp_res_x_124.tmp
C:\Programme\PC MightyMax\tmp_res_x_125.tmp
C:\Programme\PC MightyMax\undo
C:\Programme\PC MightyMax
Rootkit.Agent/Gen
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#type
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#group
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACd
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACc
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\SYSINTERNALS BLUESCREEN.SCR
Trojan.Downloader-Gen/Suspicious
F:\PROGRAMME\FLASHFXP\TOOLS\WINRAR V3.50 BETA6\WDC-PATCH.EXE
Adware.Lop
F:\PROGRAMME\NETPUMPER\ZM\NP_0123_1.EXE
F:\SYSTEM VOLUME INFORMATION\_RESTORE{3D460867-A620-4D6C-88AC-A50227E74D0A}\RP1096\A0253968.EXE
7.  8.Java war wirklich deutlich älter als ich dachte, wurde also auch gleich ein Update eingeleitet 9. HijackThis Log Frage: Was sind eigentlich diese Einträge bei O16 ? Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:26, on 08/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Borland\InterBase\bin\ibguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\taskswitch.exe F:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\Borland\InterBase\bin\ibserver.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\HDV3\DTemp\DTemp.exe C:\remindme\RemindMe.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe D:\bases\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.thgweb.de/index.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programme\Free Download Manager\iefdmcks.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DTemp.lnk = E:\HDV3\DTemp\DTemp.exe O4 - Startup: RemindMe.lnk = C:\remindme\RemindMe.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://F:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228848741171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228848725906 O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS1\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS2\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O17 - HKLM\System\CS3\Services\Tcpip\..\{31392642-2787-4AA7-A08C-85E146C00CA4}: NameServer = 217.237.150.115,217.237.151.205 O20 - Winlogon Notify: !SASWinLogon - F:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8656 bytes Geändert von Befallener (23.08.2009 um 22:24 Uhr) |
|
| Themen zu AVCare, Win32Trojan.TDss und mehr ? |
| ad-aware, anfang, antivir, antivir guard, bho, bildschirm, browser, c.exe, desktop, einstellungen, excel, firefox, free download, helper, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, malwarebytes anti-malware, maus, mozilla, netzwerkverkehr, prozess, rootkit, scan, schwarzer bildschirm, software, starten, teile davon, trojan.tdss, windows xp |
Linear-Darstellung
