![]() |
|
Plagegeister aller Art und deren Bekämpfung: TR Click.Cycler.ajts läßt sich mit bootkit remover oder GMER nicht beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #3 |
| ![]() TR Click.Cycler.ajts läßt sich mit bootkit remover oder GMER nicht beseitigen Hallo Markus,
__________________vielen Dank für die rasche Antwort. Habe das Programm installiert. Nur ein schwarzes Fenster = Fehlanzeige. Ich kann Dir eine Logdatei anhängen: .\main.cpp(4298) : Debug log started at 15.07.2010 - 14:34:48 .\main.cpp(4299) : Program Version: 1.7.5.1 .\main.cpp(4303) : OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) .\main.cpp(4311) : --------------------------------------- .\service.cpp(90) : Creating service... .\service.cpp(109) : Allready exists .\service.cpp(128) : Starting service... .\service.cpp(131) : OK .\service.cpp(22) : Opening '\\.\Global\tdrmvr'... .\driver.cpp(2384) : SDT.NtResumeThread : 0x00ce .\driver.cpp(2390) : SDT.NtSuspendThread : 0x00fe .\driver.cpp(2396) : SDT.NtShutdownSystem : 0x00f9 .\driver.cpp(2402) : SDT.NtOpenFile : 0x0074 .\driver.cpp(2408) : SDT.NtCreateFile : 0x0025 .\driver.cpp(1676) : SetUpDiskHooks(): '\Driver\PartMgr' at 0x8a495500 .\driver.cpp(1677) : SetUpDiskHooks(): Hooking IRP_MJ_DEVICE_CONTROL: 0xb83325db -> 0xa1f36c90 .\loader.cpp(536) : LoadSystemImage(): Loading '\Device\HarddiskVolume1\WINDOWS\system32\ntkrnlpa.exe' .\loader.cpp(541) : 2023424 bytes of image readed .\loader.cpp(546) : Image loaded at 0x8899d000 (size: 0x0020c000) .\loader.cpp(740) : UnhookModuleIat() 0x80500ae0 => 0x889c6ae0 ZwQueryValueKey .\loader.cpp(740) : UnhookModuleIat() 0x80500040 => 0x889c6040 ZwCreateKey .\loader.cpp(740) : UnhookModuleIat() 0x8052e554 => 0x889f4554 RtlInitUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x80500b08 => 0x889c6b08 ZwQueryVolumeInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x80526440 => 0x889ec440 ObfDereferenceObject .\loader.cpp(740) : UnhookModuleIat() 0x80500b58 => 0x889c6b58 ZwReadFile .\loader.cpp(740) : UnhookModuleIat() 0x80500e8c => 0x889c6e8c ZwSetInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x8050039c => 0x889c639c ZwFsControlFile .\loader.cpp(740) : UnhookModuleIat() 0x80500234 => 0x889c6234 ZwDeviceIoControlFile .\loader.cpp(740) : UnhookModuleIat() 0x805baaa8 => 0x88a80aa8 ObOpenObjectByPointer .\loader.cpp(740) : UnhookModuleIat() 0x804fae80 => 0x889c0e80 KeWaitForMutexObject .\loader.cpp(740) : UnhookModuleIat() 0x804ef1a0 => 0x889b51a0 IofCallDriver .\loader.cpp(740) : UnhookModuleIat() 0x804f1520 => 0x889b7520 IoBuildSynchronousFsdRequest .\loader.cpp(740) : UnhookModuleIat() 0x804fa182 => 0x889c0182 KeInitializeEvent .\loader.cpp(740) : UnhookModuleIat() 0x805ba2ce => 0x88a802ce ObReferenceObjectByHandle .\loader.cpp(740) : UnhookModuleIat() 0x805008d8 => 0x889c68d8 ZwQueryInformationFile .\loader.cpp(740) : UnhookModuleIat() 0x8050061c => 0x889c661c ZwOpenFile .\loader.cpp(740) : UnhookModuleIat() 0x80539480 => 0x889ff480 _allmul .\loader.cpp(740) : UnhookModuleIat() 0x80526270 => 0x889ec270 ObfReferenceObject .\loader.cpp(740) : UnhookModuleIat() 0x804f1320 => 0x889b7320 IoBuildDeviceIoControlRequest .\loader.cpp(740) : UnhookModuleIat() 0x805392e0 => 0x889ff2e0 _alldiv .\loader.cpp(740) : UnhookModuleIat() 0x80539500 => 0x889ff500 _allrem .\loader.cpp(740) : UnhookModuleIat() 0x805750ea => 0x88a3b0ea IoGetDeviceObjectPointer .\loader.cpp(740) : UnhookModuleIat() 0x80540750 => 0x88a06750 KeInitializeSpinLock .\loader.cpp(740) : UnhookModuleIat() 0x805e0920 => 0x88aa6920 RtlEqualUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x805e0740 => 0x88aa6740 RtlFreeAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x8053b210 => 0x88a01210 strncpy .\loader.cpp(740) : UnhookModuleIat() 0x805e0740 => 0x88aa6740 RtlFreeAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x805e101a => 0x88aa701a RtlUnicodeStringToAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x8052b82e => 0x889f182e RtlAppendUnicodeToString .\loader.cpp(740) : UnhookModuleIat() 0x8052b7c8 => 0x889f17c8 RtlCopyUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x80500298 => 0x889c6298 ZwEnumerateKey .\loader.cpp(740) : UnhookModuleIat() 0x80500658 => 0x889c6658 ZwOpenKey .\loader.cpp(740) : UnhookModuleIat() 0x8053b72d => 0x88a0172d wcsncmp .\loader.cpp(740) : UnhookModuleIat() 0x80500860 => 0x889c6860 ZwQueryDirectoryFile .\loader.cpp(740) : UnhookModuleIat() 0x805ba722 => 0x88a80722 ObOpenObjectByName .\loader.cpp(740) : UnhookModuleIat() 0x80513756 => 0x889d9756 MmIsAddressValid .\loader.cpp(740) : UnhookModuleIat() 0x8053b6ca => 0x88a016ca wcslen .\loader.cpp(740) : UnhookModuleIat() 0x805001f8 => 0x889c61f8 ZwDeleteKey .\loader.cpp(740) : UnhookModuleIat() 0x804ffff0 => 0x889c5ff0 ZwCreateFile .\loader.cpp(740) : UnhookModuleIat() 0x80539890 => 0x889ff890 _except_handler3 .\loader.cpp(740) : UnhookModuleIat() 0x8054a968 => 0x88a10968 ExAllocatePoolWithTag .\loader.cpp(740) : UnhookModuleIat() 0x805bab8a => 0x88a80b8a ObReferenceObjectByName .\loader.cpp(740) : UnhookModuleIat() 0x80559d60 => 0x88a1fd60 IoDriverObjectType .\loader.cpp(740) : UnhookModuleIat() 0x804ef230 => 0x889b5230 IofCompleteRequest .\loader.cpp(740) : UnhookModuleIat() 0x804fc930 => 0x889c2930 KeReleaseMutex .\loader.cpp(740) : UnhookModuleIat() 0x805e0f68 => 0x88aa6f68 RtlAnsiStringToUnicodeString .\loader.cpp(740) : UnhookModuleIat() 0x8052e51c => 0x889f451c RtlInitAnsiString .\loader.cpp(740) : UnhookModuleIat() 0x804f18d4 => 0x889b78d4 IoDeleteDevice .\loader.cpp(740) : UnhookModuleIat() 0x80572bb4 => 0x88a38bb4 IoCreateSymbolicLink .\loader.cpp(740) : UnhookModuleIat() 0x80574830 => 0x88a3a830 IoCreateDevice .\loader.cpp(740) : UnhookModuleIat() 0x804fc830 => 0x889c2830 KeInitializeMutex .\loader.cpp(740) : UnhookModuleIat() 0x8054c0e8 => 0x88a120e8 NtBuildNumber .\loader.cpp(740) : UnhookModuleIat() 0x8052adda => 0x889f0dda PsGetCurrentProcessId .\loader.cpp(740) : UnhookModuleIat() 0x804f86ae => 0x889be6ae KeUnstackDetachProcess .\loader.cpp(740) : UnhookModuleIat() 0x804f8bfc => 0x889bebfc KeStackAttachProcess .\loader.cpp(740) : UnhookModuleIat() 0x805d1dbe => 0x88a97dbe PsLookupProcessByProcessId .\loader.cpp(740) : UnhookModuleIat() 0x8052b9c6 => 0x889f19c6 RtlEqualString .\loader.cpp(740) : UnhookModuleIat() 0x8056113c => 0x88a2713c MmHighestUserAddress .\loader.cpp(740) : UnhookModuleIat() 0x8057382e => 0x88a3982e IoRegisterFsRegistrationChange .\loader.cpp(740) : UnhookModuleIat() 0x80544d14 => 0x88a0ad14 KeGetCurrentThread .\loader.cpp(740) : UnhookModuleIat() 0x80500f90 => 0x889c6f90 ZwSetSecurityObject .\loader.cpp(740) : UnhookModuleIat() 0x805e20d2 => 0x88aa80d2 RtlSetDaclSecurityDescriptor .\loader.cpp(740) : UnhookModuleIat() 0x805dae16 => 0x88aa0e16 RtlSelfRelativeToAbsoluteSD2 .\loader.cpp(740) : UnhookModuleIat() 0x805db7c6 => 0x88aa17c6 RtlAddAccessAllowedAce .\loader.cpp(740) : UnhookModuleIat() 0x805e1b86 => 0x88aa7b86 RtlLengthSid .\loader.cpp(740) : UnhookModuleIat() 0x805e1a44 => 0x88aa7a44 RtlValidSid .\loader.cpp(740) : UnhookModuleIat() 0x805e213a => 0x88aa813a RtlGetDaclSecurityDescriptor .\loader.cpp(740) : UnhookModuleIat() 0x80500a2c => 0x889c6a2c ZwQuerySecurityObject .\loader.cpp(740) : UnhookModuleIat() 0x805c370c => 0x88a8970c ObQueryNameString .\loader.cpp(740) : UnhookModuleIat() 0x8053b0a0 => 0x88a010a0 strncat .\loader.cpp(740) : UnhookModuleIat() 0x8053b1d0 => 0x88a011d0 strncmp .\loader.cpp(740) : UnhookModuleIat() 0x80500a90 => 0x889c6a90 ZwQuerySystemInformation .\loader.cpp(740) : UnhookModuleIat() 0x8052b646 => 0x889f1646 DbgPrint .\loader.cpp(740) : UnhookModuleIat() 0x80501274 => 0x889c7274 ZwWriteFile .\loader.cpp(740) : UnhookModuleIat() 0x804fd246 => 0x889c3246 KeSetSystemAffinityThread .\loader.cpp(740) : UnhookModuleIat() 0x805cfe38 => 0x88a95e38 PsCreateSystemThread .\loader.cpp(740) : UnhookModuleIat() 0x805a02be => 0x88a662be KeQueryActiveProcessors .\loader.cpp(740) : UnhookModuleIat() 0x8053ad48 => 0x88a00d48 sprintf .\loader.cpp(740) : UnhookModuleIat() 0x8053b563 => 0x88a01563 vsprintf .\loader.cpp(740) : UnhookModuleIat() 0x80501058 => 0x889c7058 ZwSetValueKey .\loader.cpp(740) : UnhookModuleIat() 0x804fff00 => 0x889c5f00 ZwClose .\loader.cpp(740) : UnhookModuleIat() 0x80500d38 => 0x889c6d38 ZwSaveKey .\loader.cpp(740) : UnhookModuleIat() 0x8054a2e0 => 0x88a102e0 ExFreePoolWithTag .\loader.cpp(536) : LoadSystemImage(): Loading '\Device\HarddiskVolume1\WINDOWS\system32\HAL.DLL' .\loader.cpp(541) : 134400 bytes of image readed .\loader.cpp(546) : Image loaded at 0x88d76000 (size: 0x00020d00) .\loader.cpp(740) : UnhookModuleIat() 0x806e5830 => 0x88d78830 KfAcquireSpinLock .\loader.cpp(740) : UnhookModuleIat() 0x806e5900 => 0x88d78900 KfReleaseSpinLock .\loader.cpp(740) : UnhookModuleIat() 0x806e5428 => 0x88d78428 KeGetCurrentIrql .\driver.cpp(2423) : Unhooked kernel image loaded at 0x8899d000 .\diskio.cpp(667) : nt!IofCallDriver(): 0x804ef1a0 .\diskio.cpp(634) : IoGetDeviceObjectPointer() fails; status: 0xc0000043 .\main.cpp(4517) : 1 0x804d7000 \Device\HarddiskVolume1\WINDOWS\system32\ntkrnlpa.exe .\main.cpp(4517) : 2 0x806e3000 \Device\HarddiskVolume1\WINDOWS\system32\HAL.DLL .\main.cpp(4517) : 3 0xb85a8000 \Device\HarddiskVolume1\WINDOWS\system32\kdcom.dll .\main.cpp(4517) : 4 0xb84b8000 \Device\HarddiskVolume1\WINDOWS\system32\bootvid.dll .\main.cpp(4517) : 5 0xb7ea6000 spej.sys .\main.cpp(4517) : 6 0xb85aa000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\wmilib.sys .\main.cpp(4517) : 7 0xb7e8e000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\scsiport.sys .\main.cpp(4517) : 8 0xb7e5f000 ACPI.sys .\main.cpp(4517) : 9 0xb7e4e000 pci.sys .\main.cpp(4517) : 10 0xb80a8000 ohci1394.sys .\main.cpp(4517) : 11 0xb80b8000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\1394bus.sys .\main.cpp(4517) : 12 0xb80c8000 isapnp.sys .\main.cpp(4517) : 13 0xb8670000 pciide.sys .\main.cpp(4517) : 14 0xb8328000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\pciidex.sys .\main.cpp(4517) : 15 0xb85ac000 intelide.sys .\main.cpp(4517) : 16 0xb80d8000 MountMgr.sys .\main.cpp(4517) : 17 0xb7e2f000 ftdisk.sys .\main.cpp(4517) : 18 0xb8330000 PartMgr.sys .\main.cpp(4517) : 19 0xb80e8000 VolSnap.sys .\main.cpp(4517) : 20 0xb7e17000 atapi.sys .\main.cpp(4517) : 21 0xb7dfe000 adpu160m.sys .\main.cpp(4517) : 22 0xb80f8000 disk.sys .\main.cpp(4517) : 23 0xb8108000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\classpnp.sys .\main.cpp(4517) : 24 0xb7dde000 fltMgr.sys .\main.cpp(4517) : 25 0xb7dc7000 KSecDD.sys .\main.cpp(4517) : 26 0xb7d3a000 Ntfs.sys .\main.cpp(4517) : 27 0xb7d0d000 NDIS.sys .\main.cpp(4517) : 28 0xb7cf1000 Teefer.sys .\main.cpp(4517) : 29 0xb7cd7000 Mup.sys .\main.cpp(4517) : 30 0xb8288000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\intelppm.sys .\main.cpp(4517) : 31 0xb6fd1000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\nv4_mini.sys .\main.cpp(4517) : 32 0xb6fbd000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\videoprt.sys .\main.cpp(4517) : 33 0xb8410000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbuhci.sys .\main.cpp(4517) : 34 0xb6f99000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbport.sys .\main.cpp(4517) : 35 0xb8418000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbehci.sys .\main.cpp(4517) : 36 0xb6e63000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\Hdaudbus.sys .\main.cpp(4517) : 37 0xb6e43000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\Rtenicxp.sys .\main.cpp(4517) : 38 0xb82b8000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\AFS2K.SYS .\main.cpp(4517) : 39 0xb8308000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdrom.sys .\main.cpp(4517) : 40 0xb6e32000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\serial.sys .\main.cpp(4517) : 41 0xb7c93000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\serenum.sys .\main.cpp(4517) : 42 0xb6dbc000 \SystemRoot\System32\Drivers\aq3r7c2c.SYS .\main.cpp(4517) : 43 0xb8791000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\audstub.sys .\main.cpp(4517) : 44 0xb8148000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rasl2tp.sys .\main.cpp(4517) : 45 0xb8554000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndistapi.sys .\main.cpp(4517) : 46 0xb6cc2000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndiswan.sys .\main.cpp(4517) : 47 0xb8188000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspppoe.sys .\main.cpp(4517) : 48 0xb8198000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspptp.sys .\main.cpp(4517) : 49 0xb8488000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\tdi.sys .\main.cpp(4517) : 50 0xb6cb1000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\psched.sys .\main.cpp(4517) : 51 0xb81a8000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\msgpc.sys .\main.cpp(4517) : 52 0xb0b01000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ptilink.sys .\main.cpp(4517) : 53 0xb0af9000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\raspti.sys .\main.cpp(4517) : 54 0xb01e2000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\termdd.sys .\main.cpp(4517) : 55 0xb0af1000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\kbdclass.sys .\main.cpp(4517) : 56 0xb0ae9000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mouclass.sys .\main.cpp(4517) : 57 0xb8646000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\swenum.sys .\main.cpp(4517) : 58 0xaf749000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ks.sys .\main.cpp(4517) : 59 0xaf715000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\update.sys .\main.cpp(4517) : 60 0xb7cb3000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mssmbios.sys .\main.cpp(4517) : 61 0xb01d2000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndproxy.sys .\main.cpp(4517) : 62 0xad557000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbhub.sys .\main.cpp(4517) : 63 0xb865e000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbd.sys .\main.cpp(4517) : 64 0xa9783000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\RtkHDAud.sys .\main.cpp(4517) : 65 0xa9761000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\portcls.sys .\main.cpp(4517) : 66 0xb6bd1000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmk.sys .\main.cpp(4517) : 67 0xb8640000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\fs_rec.sys .\main.cpp(4517) : 68 0xa6939000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\null.sys .\main.cpp(4517) : 69 0xb863e000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\beep.sys .\main.cpp(4517) : 70 0xb0b09000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidparse.sys .\main.cpp(4517) : 71 0xb3782000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\vga.sys .\main.cpp(4517) : 72 0xb8650000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mnmdd.sys .\main.cpp(4517) : 73 0xb8652000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rdpcdd.sys .\main.cpp(4517) : 74 0xb377a000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\msfs.sys .\main.cpp(4517) : 75 0xaf980000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\npfs.sys .\main.cpp(4517) : 76 0xa7955000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rasacd.sys .\main.cpp(4517) : 77 0xa6555000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipsec.sys .\main.cpp(4517) : 78 0xa64fd000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\tcpip.sys .\main.cpp(4517) : 79 0xa64db000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipnat.sys .\main.cpp(4517) : 80 0xaf978000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\wpsdrvnt.sys .\main.cpp(4517) : 81 0xa64b3000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\netbt.sys .\main.cpp(4517) : 82 0xa6491000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\afd.sys .\main.cpp(4517) : 83 0xb6915000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\netbios.sys .\main.cpp(4517) : 84 0xaf968000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ssmdrv.sys .\main.cpp(4517) : 85 0xa6466000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rdbss.sys .\main.cpp(4517) : 86 0xa63f7000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxsmb.sys .\main.cpp(4517) : 87 0xa6857000 \Device\HarddiskVolume1\WINDOWS\system32\mbmiodrvr.sys .\main.cpp(4517) : 88 0xb68e5000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\fips.sys .\main.cpp(4517) : 89 0xa63d5000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\avipbb.sys .\main.cpp(4517) : 90 0xb864e000 \Device\HarddiskVolume1\Programme\Avira\AntiVir Desktop\avgio.sys .\main.cpp(4517) : 91 0xb68a5000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdfs.sys .\main.cpp(4517) : 92 0xaf958000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbccgp.sys .\main.cpp(4517) : 93 0xa66f6000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidusb.sys .\main.cpp(4517) : 94 0xb6639000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\hidclass.sys .\main.cpp(4517) : 95 0xad842000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\USBSTOR.SYS .\main.cpp(4517) : 96 0xb6619000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\wanarp.sys .\main.cpp(4517) : 97 0xa66ea000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\kbdhid.sys .\main.cpp(4517) : 98 0xa63bc000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ewusbmdm.sys .\main.cpp(4517) : 99 0xad83a000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\modem.sys .\main.cpp(4517) : 100 0xb7798000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mouhid.sys .\main.cpp(4517) : 101 0xb7794000 \SystemRoot\System32\Drivers\dump_diskdump.sys .\main.cpp(4517) : 102 0xa63a3000 \SystemRoot\System32\Drivers\dump_adpu160m.sys .\main.cpp(4517) : 103 0xbf800000 \Device\HarddiskVolume1\WINDOWS\system32\win32k.sys .\main.cpp(4517) : 104 0xb8598000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxapi.sys .\main.cpp(4517) : 105 0xad832000 \Device\HarddiskVolume1\WINDOWS\system32\watchdog.sys .\main.cpp(4517) : 106 0xbd000000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxg.sys .\main.cpp(4517) : 107 0xb8761000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxgthk.sys .\main.cpp(4517) : 108 0xbd012000 \Device\HarddiskVolume1\WINDOWS\system32\nv4_disp.dll .\main.cpp(4517) : 109 0xa6180000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\fastfat.sys .\main.cpp(4517) : 110 0xa6143000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\avgntflt.sys .\main.cpp(4517) : 111 0xa795d000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\ndisuio.sys .\main.cpp(4517) : 112 0xb68d5000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rspndr.sys .\main.cpp(4517) : 113 0xa612b000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\wg3n.sys .\main.cpp(4517) : 114 0xa5fff000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxdav.sys .\main.cpp(4517) : 115 0xa5e95000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\srv.sys .\main.cpp(4517) : 116 0xa5b38000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\wdmaud.sys .\main.cpp(4517) : 117 0xb8238000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\sysaudio.sys .\main.cpp(4517) : 118 0xb85e4000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\splitter.sys .\main.cpp(4517) : 119 0xa5a75000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\aec.sys .\main.cpp(4517) : 120 0xa5c6d000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\swmidi.sys .\main.cpp(4517) : 121 0xa5c4d000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\DMusic.sys .\main.cpp(4517) : 122 0xa5a4a000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\kmixer.sys .\main.cpp(4517) : 123 0xb86c2000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmkaud.sys .\main.cpp(4517) : 124 0xa6053000 \Device\HarddiskVolume1\WINDOWS\gdrv.sys .\main.cpp(4517) : 125 0xa3ab9000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\http.sys .\main.cpp(4517) : 126 0xa3768000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\GVTDrv.sys .\main.cpp(4517) : 127 0xb4888000 \Device\HarddiskVolume1\Programme\GIGABYTE\ET6\i386\AODDriver.sys .\main.cpp(4517) : 128 0xa1f33000 \Device\HarddiskVolume1\WINDOWS\system32\drivers\rk_remover.sys .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet001\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1413 objects found .\main.cpp(1106) : CheckForHiddenRegistryKeys() Blocked key: '\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet002\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1229 objects found .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 2138 objects found .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32\drivers'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 217 objects found .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1197) : Scanning for hidden drivers... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\driver.cpp(852) : GetHiddenDriversList(): Parsing system objects information... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\main.cpp(1442) : ScanForAutorunObjects(): Checking for C:\autorun.inf .\common.cpp(101) : Error 2 while reading 'C:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for D:\autorun.inf .\common.cpp(101) : Error 2 while reading 'D:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for G:\autorun.inf .\common.cpp(101) : Error 2 while reading 'G:\autorun.inf' .\diskapi.cpp(832) : \\.\C: -> \??\PhysicalDrive0, Volume Offset: 0x00000000`00007e00 .\driver.cpp(2219) : IoGetDeviceObjectPointer() fails; status: 0xc0000043 .\diskapi.cpp(117) : SPTI_Read(): CallDevice() fails .\diskapi.cpp(856) : CheckPartition(): Error while reading boot block from volume \\.\C: .\main.cpp(1641) : ScanForChangedFileData() ERROR: Invalid volume format for directory C:\WINDOWS\system32\drivers\ .\main.cpp(2938) : ScanForHidenObjectsThread(): 8 hidden objects found .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet001\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1413 objects found .\main.cpp(1106) : CheckForHiddenRegistryKeys() Blocked key: '\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet002\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1229 objects found .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 2138 objects found .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32\drivers'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 217 objects found .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1197) : Scanning for hidden drivers... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\driver.cpp(852) : GetHiddenDriversList(): Parsing system objects information... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\main.cpp(1442) : ScanForAutorunObjects(): Checking for C:\autorun.inf .\common.cpp(101) : Error 2 while reading 'C:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for D:\autorun.inf .\common.cpp(101) : Error 2 while reading 'D:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for G:\autorun.inf .\common.cpp(101) : Error 2 while reading 'G:\autorun.inf' .\diskapi.cpp(832) : \\.\C: -> \??\PhysicalDrive0, Volume Offset: 0x00000000`00007e00 .\diskapi.cpp(117) : SPTI_Read(): CallDevice() fails .\diskapi.cpp(856) : CheckPartition(): Error while reading boot block from volume \\.\C: .\driver.cpp(2219) : IoGetDeviceObjectPointer() fails; status: 0xc0000043 .\main.cpp(1641) : ScanForChangedFileData() ERROR: Invalid volume format for directory C:\WINDOWS\system32\drivers\ .\main.cpp(2938) : ScanForHidenObjectsThread(): 8 hidden objects found .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet001\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1414 objects found .\main.cpp(1106) : CheckForHiddenRegistryKeys() Blocked key: '\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg' .\main.cpp(1202) : Scanning '\Registry\Machine\SYSTEM\ControlSet002\Services'... .\driver.cpp(458) : ScanRegistryKey(): 1229 objects found .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=1, ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC' .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 2138 objects found .\main.cpp(1202) : Scanning '\Device\HarddiskVolume1\WINDOWS\system32\drivers'... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\driver.cpp(715) : ScanDirectory(): 217 objects found .\main.cpp(1024) : CheckForHiddenFiles() Blocked file: 'C:\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1261) : ScanObjectsDirectory(): AlertType=2, ObjectType=1, Path='\Device\HarddiskVolume1\WINDOWS\system32\drivers\sptd.sys' .\main.cpp(1197) : Scanning for hidden drivers... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef1a0 => 0x889b51a0) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCallDriver' 0x804ef168 => 0x889b5168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x804ef230 => 0x889b5230) .\unhook.cpp(606) : UnhookIrpFunc(): 'IofCompleteRequest' 0x804f1600 => 0x889b7600 .\driver.cpp(852) : GetHiddenDriversList(): Parsing system objects information... .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b51a0 => 0x804ef1a0) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCallDriver' 0x889b5168 => 0x804ef168 .\unhook.cpp(120) : ProcessFunctionIat(): IAT of 5 modules processed (0x889b5230 => 0x804ef230) .\unhook.cpp(675) : RevertUnhookedIrpFunc(): 'IofCompleteRequest' 0x889b7600 => 0x804f1600 .\main.cpp(1442) : ScanForAutorunObjects(): Checking for C:\autorun.inf .\common.cpp(101) : Error 2 while reading 'C:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for D:\autorun.inf .\common.cpp(101) : Error 2 while reading 'D:\autorun.inf' .\main.cpp(1442) : ScanForAutorunObjects(): Checking for G:\autorun.inf .\common.cpp(101) : Error 2 while reading 'G:\autorun.inf' .\diskapi.cpp(832) : \\.\C: -> \??\PhysicalDrive0, Volume Offset: 0x00000000`00007e00 .\driver.cpp(2219) : IoGetDeviceObjectPointer() fails; status: 0xc0000043 .\diskapi.cpp(117) : SPTI_Read(): CallDevice() fails .\diskapi.cpp(856) : CheckPartition(): Error while reading boot block from volume \\.\C: .\main.cpp(1641) : ScanForChangedFileData() ERROR: Invalid volume format for directory C:\WINDOWS\system32\drivers\ .\main.cpp(2938) : ScanForHidenObjectsThread(): 8 hidden objects found .\main.cpp(2385) : ScanOnVirusTotal(): '\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0' .\driver.cpp(1218) : RmFile(): '\SystemRoot\Temp\dmphive.bin' .\main.cpp(2295) : DumpObject(): ObjectType=2, Path='\Registry\Machine\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0', Size=8192 .\vt_check.cpp(189) : SendHttpRequest(): 'hxxp://www.virustotal.com/vt/en/recepcionf'; Size=8382 .\vt_check.cpp(111) : VtSendRequestThread(): Code=303 .\vt_check.cpp(138) : Location: hxxp://www.virustotal.com/analisis/b78d96ba11b5e8 esage hat etwas gefunden: 8 hidden files, sende ich diese aber an Virus Total com, erhalte ich die Antwort, daß diese völlig unschädlich sind. Ich habe meinen Rechner durchforstet und finde diese tollen smss und services jeweils exe unter System Volume. Diese beiden Dateien sind äußerst Löschungsresistent. Alle Versuche, Ihnen beizukommen, sind bisher gescheitert. Esage erkennt sie überhaupt nicht und führt sie auch im Logfile nicht an. Was nun? Chrys |
Themen zu TR Click.Cycler.ajts läßt sich mit bootkit remover oder GMER nicht beseitigen |
avira, benötige, beseitigen, beseitigung, bootkit remover, dringend, euren, funktionier nicht, gewisse, gmer, guten, hijack, hijackthis, installieren, komplett, morgen, neu, programme, remover, thema, threads, total, troja, trojaner, verschwunden, virus, windows |