Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
win32.tdss.rtk entfernen

win32.tdss.rtk entfernen


Plagegeister aller Art und deren Bekämpfung: win32.tdss.rtk entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.10.2010, 15:28   #1
prronto
 
win32.tdss.rtk entfernen - Standard

win32.tdss.rtk entfernen


hier mal gmer:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-24 16:22:30
Windows 5.1.2600 Service Pack 3
Running: wmiyhk88.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\ffqoqpod.sys


---- System - GMER 1.0.15 ----

SSDT            F8C14CCE                                                                                                            ZwCreateKey
SSDT            F8C14CC4                                                                                                            ZwCreateThread
SSDT            F8C14CD3                                                                                                            ZwDeleteKey
SSDT            F8C14CDD                                                                                                            ZwDeleteValueKey
SSDT            F8C14CE2                                                                                                            ZwLoadKey
SSDT            F8C14CB0                                                                                                            ZwOpenProcess
SSDT            F8C14CB5                                                                                                            ZwOpenThread
SSDT            F8C14CEC                                                                                                            ZwReplaceKey
SSDT            F8C14CE7                                                                                                            ZwRestoreKey
SSDT            F8C14CD8                                                                                                            ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                                            entry point in "init" section [0xF7918590]
?               System32\Drivers\hiber_WMILIB.SYS                                                                                   Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x37 0xA4 0xAA 0xC3 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
und hier osam:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:40:13 on 24.10.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DIRECTX.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\DIRECTX.CPL
"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"slcpappl.cpl" - ? - C:\WINDOWS\system32\slcpappl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys
"catchme" (catchme) - ? - C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ffqoqpod" (ffqoqpod) - ? - C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\ffqoqpod.sys  (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NTSIM" (NTSIM) - "VIA Networking, Inc.                    " - C:\WINDOWS\system32\ntsim.sys
"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pinnacle Marvin Bus" (MarvinBus) - ? - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys  (File not found)
"Radeon Probe Driver" (RadProbe) - ? - C:\WINDOWS\System32\DRIVERS\RadProbe.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Plugable Protocal mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\WLANUT~1\html\owc10.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{35B2861B-2B26-4691-9FF0-09083722C736} "RadExeExt Class" - ? - C:\WINDOWS\system32\RadExe.dll
{88485281-8b4b-4f8d-9ede-82e29a064277} "ShellHook Class" - "MarkAny Cooperation." - C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{8E1851DD-8FE3-44AE-B158-E9349BB9A50B} "CWEInfoShlExt Class" - "Sierra Wireless, Inc." - C:\Programme\Sierra Wireless Inc\3G Watcher\cweInfoTip.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{DCED20BE-3645-11D4-BC95-00C04F0E0588} "InoShell" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{D00900BC-23F7-4FD6-BFA2-8232112C5C49} "NRadExt Class" - ? - C:\WINDOWS\system32\NRad.dll
{75B8D633-9021-442C-9EA4-FF4BE72CE20F} "NRadExt2 Class" - ? - C:\WINDOWS\system32\NRad.dll
{5744432A-1871-4254-A4CF-7132AD56F5D6} "PropPage Class" - "Sierra Wireless, Inc." - C:\Programme\Sierra Wireless Inc\3G Watcher\cweprop.dll
{D2FD83AE-994A-4D4B-9097-2C9E11ED85F0} "RadClkRExt Class" - ? - C:\WINDOWS\system32\RadClkR.dll
{7700EB62-DB7C-47AF-A092-04376CA1D24C} "RadMnuExt Class" - ? - C:\WINDOWS\system32\RadMnu.dll
{5380C14E-C0A1-4D66-87DB-5995E6FF4623} "RadPropExt Class" - ? - C:\WINDOWS\system32\Rad.dll
{36518101-49AC-42CB-8E4C-40C1F328A565} "RadPropExt2 Class" - ? - C:\WINDOWS\system32\Rad.dll
{C6844A1E-2C59-415A-84B3-C6A458372779} "RadTypeExt Class" - ? - C:\WINDOWS\system32\RadType.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.5.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"HP Image Zone Schnellstart.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe  (Shortcut exists | File exists)
"NkbMonitor.exe.lnk" - "Nikon Corporation" - C:\Programme\Nikon\PictureProject\NkbMonitor.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Christian Hoffmann\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AtiPTA" - "ATI Technologies, Inc." - atiptaxx.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"FlashIcon" - "Neodio Corp." - C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.EXE
"SMSTray" - "SAMSUNG ELECTRONICS" - C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Ereignisprotokoll-Überwachung" (LogWatch) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und mbrcheck:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 128):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xF8AA6000 \WINDOWS\system32\KDCOM.DLL
  0xF89B6000 \WINDOWS\system32\BOOTVID.dll
  0xF8476000 ACPI.sys
  0xF8AA8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF8465000 pci.sys
  0xF85A6000 isapnp.sys
  0xF85B6000 ohci1394.sys
  0xF85C6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF89BA000 compbatt.sys
  0xF89BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF8AAA000 viaide.sys
  0xF8826000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF8447000 pcmcia.sys
  0xF85D6000 MountMgr.sys
  0xF8428000 ftdisk.sys
  0xF89C2000 ACPIEC.sys
  0xF8B6E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF882E000 PartMgr.sys
  0xF85E6000 VolSnap.sys
  0xF8410000 atapi.sys
  0xF85F6000 disk.sys
  0xF8606000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF83F0000 fltmgr.sys
  0xF83DE000 sr.sys
  0xF83C7000 KSecDD.sys
  0xF833A000 Ntfs.sys
  0xF830D000 NDIS.sys
  0xF8836000 viaagp1.sys
  0xF82F3000 Mup.sys
  0xF8616000 gagp30kx.sys
  0xF7BFB000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF7A7C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xF7A68000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7A39000 \SystemRoot\system32\DRIVERS\M2500.sys
  0xF88C6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF7A15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF88CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF7BEB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF79E9000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF8AC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF88D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF88DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF8A6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF7BDB000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF88E6000 \SystemRoot\system32\drivers\ASAPIW2k.sys
  0xF7BCB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7BBB000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF79C6000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7945000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xF7921000 \SystemRoot\system32\drivers\portcls.sys
  0xF7BAB000 \SystemRoot\system32\drivers\drmk.sys
  0xF78C1000 \SystemRoot\system32\drivers\ALCXSENS.SYS
  0xF786D000 \SystemRoot\system32\DRIVERS\slntamr.sys
  0xF8A72000 \SystemRoot\system32\DRIVERS\SlWdmSup.sys
  0xF784E000 \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
  0xF88EE000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7B9B000 \SystemRoot\system32\DRIVERS\fetnd5b.sys
  0xF8BF7000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF8AC8000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xF7B8B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF8A7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF7837000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7B7B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7B6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF88F6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF7826000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF8636000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF88FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF8906000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF890E000 \SystemRoot\system32\DRIVERS\swivspnt.sys
  0xF8916000 \SystemRoot\system32\DRIVERS\RadProbe.sys
  0xF8646000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF8ACA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF778C000 \SystemRoot\system32\DRIVERS\update.sys
  0xF8A82000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF8656000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF8696000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF8ACE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8BB8000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8AD0000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF8946000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF894E000 \SystemRoot\System32\drivers\vga.sys
  0xF8AD2000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8AD4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF8956000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF895E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF82AE000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xBA7A5000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xBA74C000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xBA724000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xBA702000 \SystemRoot\System32\drivers\afd.sys
  0xF86A6000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF8966000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xBA6D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF8A3A000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
  0xBA667000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF86C6000 \SystemRoot\System32\Drivers\Fips.SYS
  0xBA641000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF86D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xBA61F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF8AE2000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xBA5D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xBA5C2000 \SystemRoot\System32\Drivers\Udfs.SYS
  0xBA5AA000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8AFC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xBA7CC000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF8996000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8CF2000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvag.dll
  0xBF04D000 \SystemRoot\System32\ati2cqag.dll
  0xBF089000 \SystemRoot\System32\ati3duag.dll
  0xBF29B000 \SystemRoot\System32\ativvaxx.dll
  0xB847D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xB8479000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB8130000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB80F3000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB82A5000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF8B3E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
  0xB7E65000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB7AB4000 \SystemRoot\System32\Drivers\HTTP.sys
  0xF8AEC000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
  0xB768A000 \??\C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\ffqoqpod.sys
  0xB760C000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
       0 System Idle Process
       4 System
     652 C:\WINDOWS\system32\smss.exe
     724 csrss.exe
     748 C:\WINDOWS\system32\winlogon.exe
     792 C:\WINDOWS\system32\services.exe
     804 C:\WINDOWS\system32\lsass.exe
     972 C:\WINDOWS\system32\ati2evxx.exe
     988 C:\WINDOWS\system32\svchost.exe
    1076 svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1284 svchost.exe
    1380 svchost.exe
    1808 C:\WINDOWS\system32\BRSVC01A.EXE
    1840 C:\WINDOWS\system32\BRSS01A.EXE
    1832 C:\WINDOWS\system32\spoolsv.exe
    1880 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1952 svchost.exe
    1632 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1716 C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
    2036 C:\WINDOWS\system32\svchost.exe
     264 wdfmgr.exe
     576 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    2020 C:\WINDOWS\system32\ati2evxx.exe
     408 C:\WINDOWS\explorer.exe
    1348 C:\WINDOWS\SOUNDMAN.EXE
    1376 C:\Programme\Generic\USB Card Reader Driver v2.2e5\FlashIcon.exe
    1028 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    1592 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
     152 C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe
     272 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1316 C:\Programme\Nikon\PictureProject\NkbMonitor.exe
    1344 alg.exe
    2544 C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
     480 C:\WINDOWS\system32\ctfmon.exe
    2508 C:\WINDOWS\system32\wscntfy.exe
    2516 C:\Dokumente und Einstellungen\Christian Hoffmann\Desktop\antivir\osam\osam.exe
     700 <unknown>
     388 C:\Dokumente und Einstellungen\Christian Hoffmann\Desktop\antivir\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`53eb2e00  (FAT32)

PhysicalDrive0 Model Number: SAMSUNGMP0804H, Rev: UE100-11

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!
Geändert von prronto (24.10.2010 um 15:44 Uhr)

Antwort

Themen zu win32.tdss.rtk entfernen
antivir guard, bho, browser, combofix, entfernen, fehler, google, hijack, hijackthis, hkus\s-1-5-18, home, hotfix.exe, installation, internet explorer, ip-adresse, logfile, nodrives, officejet, port, problem, procexp113.sys, prozesse, registry, rootkit.win32.tdss, rundll, scan, security, security update, sierra, software, studio, system, usb, vlc media player, win32.tdss.rtk, windows, windows recovery, windows xp, wireless lan


« Rechner mit GOZI infiziert - online bankingdaten ausgespäht | TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe »


Ähnliche Themen: win32.tdss.rtk entfernen


  1. Bin ich Win32.TDSS.rtk los?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (3)
  2. Rootkit.Win32.TDSS.mbr - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (13)
  3. Trojan.Win32.TDSS.qdw
    Plagegeister aller Art und deren Bekämpfung - 27.06.2010 (9)
  4. Rootkit.Win32.TDSS.d lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (15)
  5. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (2)
  6. win32.tdss.rtk
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (5)
  7. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (1)
  8. Rootkit.Win32.TDSS.d
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (28)
  9. Trojaner win32.tdss!IK
    Plagegeister aller Art und deren Bekämpfung - 25.12.2009 (1)
  10. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  11. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  12. win32.tdss.rtk von s&d gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (11)
  13. Win32.TDSS.reg
    Plagegeister aller Art und deren Bekämpfung - 20.08.2009 (1)
  14. win32.tdss.rtk eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2009 (16)
  15. Trojaner WIN32.TDSS.rtk
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  16. Packed.Win32.Tdss.m ; Win32.WhenU.a
    Plagegeister aller Art und deren Bekämpfung - 29.06.2009 (2)
  17. Rootkit.Win32.TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema win32.tdss.rtk entfernen - hier mal gmer: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net Rootkit scan 2010-10-24 16:22:30 Windows 5.1.2600 Service Pack 3 Running: wmiyhk88.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\ffqoqpod.sys ---- System - GMER 1.0.15 - win32.tdss.rtk entfernen...
Archiv
Du betrachtest: win32.tdss.rtk entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19