Home » Spyware & Browser Hijacker Support Forum » Google Redirection Malware … Bitte um Log-Auswertung » Themenansicht
Google Redirection Malware … Bitte um Log-Auswertung |
||
|---|---|---|
| #0
| ||
|
10.04.2010, 17:15
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
10.04.2010, 17:28
Member
Beiträge: 3716 |
#2
erst mal runter mit
SpyNoMore ist mc afee das programm, welches sie sonst nutzt? poste ein gmer logfile. |
|
|
|
|
|
|
11.04.2010, 16:33
...neu hier
Themenstarter Beiträge: 7 |
#3
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-11 16:29:56 Windows 5.1.2600 Service Pack 3 Running: wntv8kn8.exe; Driver: d:\usr\RHAVIN~1\LOKALE~1\Temp\pgtdypow.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF858587E] SSDT sppr.sys ZwEnumerateKey [0xF8433CA2] SSDT sppr.sys ZwEnumerateValueKey [0xF8434030] SSDT sppr.sys ZwOpenKey [0xF84150C0] SSDT sppr.sys ZwQueryKey [0xF8434108] SSDT sppr.sys ZwQueryValueKey [0xF8433F88] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8585BFE] INT 0x62 ? 823DFBF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x82 ? 823DFBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sppr.sys Das System kann die angegebene Datei nicht finden. ! .text F:\XPSRPRO\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7E2A360, 0x24BBAD, 0xE8000020] .text USBPORT.SYS!DllUnload F7B8C8AC 5 Bytes JMP 821831D8 .text a6s459z2.SYS F7B2A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a6s459z2.SYS F7B2A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a6s459z2.SYS F7B2A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a6s459z2.SYS F7B2A3C9 1 Byte [2E] .text a6s459z2.SYS F7B2A3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text F:\Programme\SpyNoMore\SNM.exe[1340] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044EE4D F:\Programme\SpyNoMore\SNM.exe (SpyNoMore Anti-Spyware/Illysoft LLC) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \XPSRPRO\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823745E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8446C4C] sppr.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8446CA0] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8416040] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841613C] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84160BE] sppr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84167FC] sppr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84166D2] sppr.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821832D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8426048] sppr.sys IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeCancelTimer] C6000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!sprintf] 1CBD8688 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwClose] F6317300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartTimer] 86880547 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!strstr] 8D08758B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_strupr] 8D51FC4D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!memmove] 5DE58B5E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 ---- User IAT/EAT - GMER 1.0.15 ---- IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823DE1F8 Device \FileSystem\Fastfat \FatCdrom 820353C0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FEE8165F-CA7A-440B-B7CD-8FACE243AE41} 82079500 Device \Driver\usbuhci \Device\USBPDO-0 821891F8 Device \Driver\PCI_PNP6844 \Device\00000044 sppr.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 823721F8 Device \Driver\dmio \Device\DmControl\DmConfig 823721F8 Device \Driver\dmio \Device\DmControl\DmPnP 823721F8 Device \Driver\dmio \Device\DmControl\DmInfo 823721F8 Device \Driver\usbuhci \Device\USBPDO-1 821891F8 Device \Driver\usbuhci \Device\USBPDO-2 821891F8 Device \Driver\usbehci \Device\USBPDO-3 821631F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume2 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2 823721F8 Device \Driver\sptd \Device\2821311844 sppr.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 823E01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 823E01F8 Device \Driver\Cdrom \Device\CdRom0 8214F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 823E01F8 Device \Driver\Cdrom \Device\CdRom1 8214F1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 823E01F8 Device \Driver\Cdrom \Device\CdRom2 8214F1F8 Device \Driver\Cdrom \Device\CdRom3 8214F1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 82079500 Device \Driver\NetBT \Device\NetbiosSmb 82079500 Device \Driver\usbuhci \Device\USBFDO-0 821891F8 Device \Driver\usbuhci \Device\USBFDO-1 821891F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8221B500 Device \Driver\usbuhci \Device\USBFDO-2 821891F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{25F59523-4C89-4B44-BCA8-E23217193258} 82079500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8221B500 Device \Driver\usbehci \Device\USBFDO-3 821631F8 Device \Driver\Ftdisk \Device\FtControl 823E01F8 Device \Driver\a6s459z2 \Device\Scsi\a6s459z21 81FC01F8 Device \Driver\a6s459z2 \Device\Scsi\a6s459z21Port3Path0Target0Lun0 81FC01F8 Device \FileSystem\Fastfat \Fat 820353C0 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 82218500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0x35 0xD7 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF6 0xC3 0xAC 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x4D 0x8E 0x6D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0x35 0xD7 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF6 0xC3 0xAC 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x4D 0x8E 0x6D ... ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
11.04.2010, 19:42
...neu hier
Themenstarter Beiträge: 7 |
#4
Nochmal ohne Spynomore:
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-11 19:37:58 Windows 5.1.2600 Service Pack 3 Running: wntv8kn8.exe; Driver: d:\usr\RHAVIN~1\LOKALE~1\Temp\pgtdypow.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF858587E] SSDT sppr.sys ZwEnumerateKey [0xF8433CA2] SSDT sppr.sys ZwEnumerateValueKey [0xF8434030] SSDT sppr.sys ZwOpenKey [0xF84150C0] SSDT sppr.sys ZwQueryKey [0xF8434108] SSDT sppr.sys ZwQueryValueKey [0xF8433F88] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8585BFE] INT 0x62 ? 823DFBF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x73 ? 82183BF8 INT 0x82 ? 823DFBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sppr.sys Das System kann die angegebene Datei nicht finden. ! .text F:\XPSRPRO\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7E2A360, 0x24BBAD, 0xE8000020] .text USBPORT.SYS!DllUnload F7B8C8AC 5 Bytes JMP 821831D8 .text a6s459z2.SYS F7B2A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a6s459z2.SYS F7B2A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a6s459z2.SYS F7B2A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a6s459z2.SYS F7B2A3C9 1 Byte [2E] .text a6s459z2.SYS F7B2A3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAC4 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136473F F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364671 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413646DC F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364542 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413645A4 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413647A2 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364606 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] ws2_32.dll!select 71A130A8 5 Bytes JMP 021B0010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 02090010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] ws2_32.dll!connect 71A14A07 5 Bytes JMP 02270010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] ws2_32.dll!send 71A14C27 5 Bytes JMP 02260010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3272] ws2_32.dll!recv 71A1676F 5 Bytes JMP 02250010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269A75 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D101 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAC4 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466E F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136473F F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364671 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413646DC F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364542 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413645A4 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413647A2 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364606 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126DB20 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41364AA7 F:\XPSRPRO\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ws2_32.dll!select 71A130A8 5 Bytes JMP 01DC0010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01DB0010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ws2_32.dll!connect 71A14A07 5 Bytes JMP 01DF0010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ws2_32.dll!send 71A14C27 5 Bytes JMP 01DE0010 .text F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] ws2_32.dll!recv 71A1676F 5 Bytes JMP 01DD0010 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \XPSRPRO\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823745E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8446C4C] sppr.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8446CA0] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8416040] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841613C] sppr.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84160BE] sppr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84167FC] sppr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84166D2] sppr.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821832D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8426048] sppr.sys IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeCancelTimer] C6000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!sprintf] 1CBD8688 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwClose] F6317300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartTimer] 86880547 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!strstr] 8D08758B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!_strupr] 8D51FC4D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!memmove] 5DE58B5E IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\a6s459z2.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 ---- User IAT/EAT - GMER 1.0.15 ---- IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\XPSRPRO\Explorer.EXE[704] @ F:\XPSRPRO\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] F:\XPSRPRO\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT F:\Programme\Internet Explorer\IEXPLORE.EXE[3376] @ F:\XPSRPRO\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] F:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823DE1F8 Device \FileSystem\Fastfat \FatCdrom 820353C0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FEE8165F-CA7A-440B-B7CD-8FACE243AE41} 82079500 Device \Driver\PCI_PNP6844 \Device\00000044 sppr.sys Device \Driver\usbuhci \Device\USBPDO-0 821891F8 Device \Driver\usbuhci \Device\USBPDO-1 821891F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 823721F8 Device \Driver\dmio \Device\DmControl\DmConfig 823721F8 Device \Driver\dmio \Device\DmControl\DmPnP 823721F8 Device \Driver\dmio \Device\DmControl\DmInfo 823721F8 Device \Driver\usbuhci \Device\USBPDO-2 821891F8 Device \Driver\usbehci \Device\USBPDO-3 821631F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume2 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 823721F8 Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2 823721F8 Device \Driver\sptd \Device\2821311844 sppr.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 823E01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 823E01F8 Device \Driver\Cdrom \Device\CdRom0 8214F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 823E01F8 Device \Driver\Cdrom \Device\CdRom1 8214F1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F8368B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 823E01F8 Device \Driver\Cdrom \Device\CdRom2 8214F1F8 Device \Driver\Cdrom \Device\CdRom3 8214F1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 82079500 Device \Driver\NetBT \Device\NetbiosSmb 82079500 Device \Driver\usbuhci \Device\USBFDO-0 821891F8 Device \Driver\usbuhci \Device\USBFDO-1 821891F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8221B500 Device \Driver\usbuhci \Device\USBFDO-2 821891F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{25F59523-4C89-4B44-BCA8-E23217193258} 82079500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8221B500 Device \Driver\usbehci \Device\USBFDO-3 821631F8 Device \Driver\Ftdisk \Device\FtControl 823E01F8 Device \Driver\a6s459z2 \Device\Scsi\a6s459z21 81FC01F8 Device \Driver\a6s459z2 \Device\Scsi\a6s459z21Port3Path0Target0Lun0 81FC01F8 Device \FileSystem\Fastfat \Fat 820353C0 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 82218500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0x35 0xD7 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF6 0xC3 0xAC 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x4D 0x8E 0x6D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0x35 0xD7 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF6 0xC3 0xAC 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x4D 0x8E 0x6D ... ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
11.04.2010, 20:00
Member
Beiträge: 3716 |
#5
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html
bitte den norman tdss cleaner nutzen. das oder die logs, je nach dem ob neustart, posten. |
|
|
|
|
|
|
12.04.2010, 00:56
...neu hier
Themenstarter Beiträge: 7 |
#6
hab den tdss-cleaner mal ausprobiert und ihn über das gesammte windows-drive (F:\XPSRPRO\*.*), die Prog-Verzeichnisse (C:\Programme\*.*; F:\Programme\*.*) und die User-Verzeihnisse (D:\usr\*.*; F:\Dokumente und Einstellungen\*.*) laufen lassen…
hat nix gefunden. ;-/ _____________________________________________________________ Norman Scanner Engine Version: 6.04.03 Nvcbin.def Version: 6.04.00, Date: 2010/03/24 15:16:01, Variants: 53473 Scan started: 11/04/2010 23:47:42 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Logged on user: JRA\.rhavin Running anti-TDSS module: No TDSS infection detected TDSS scan complete. Will now scan for related malware Scanning bootsectors... Number of sectors found: 2 Number of sectors scanned: 2 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 1s 516ms Scanning running processes and process memory... Number of processes/threads found: 2682 Number of processes/threads scanned: 2682 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 42s Scanning file system... Scanning: prescan Scanning: F:\Dokumente und Einstellungen\*.* Scanning: F:\XPSRPRO\*.* Scanning: F:\Programme\*.* Scanning: C:\Programme\*.* Scanning: D:\usr\*.* Scanning: postscan Running post-scan cleanup routine: Number of files found: 178356 Number of archives unpacked: 1281 Number of files scanned: 178356 Number of files not scanned: 0 Number of files skipped due to exclude list: 0 Number of infected files found: 0 Number of infected files repaired/deleted: 0 Number of infections removed: 0 Total scanning time: 54m 48s |
|
|
|
|
|
|
12.04.2010, 12:40
Member
Beiträge: 3716 |
||
|
|
|
|
|
12.04.2010, 18:19
...neu hier
Themenstarter Beiträge: 7 |
#8
Danke erstmal bisher für Deine Hilfe, aaaber… nüscht 8-//
Kleinigkeit am Rande… die cmd.exe macht bei Druck auf die Tab-Taste tatsächlich einen Tabulator, anstatt den Namen des Ordners zu vervollständigen… ist das normal bzw. kann man das irgendwo einstellen? Bei meinem Sys zuhause ist das bash-mäßig. Ein hint? __________________________________________________________ 18:22:50:421 2700 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 18:22:50:421 2700 ================================================================================ 18:22:50:421 2700 SystemInfo: 18:22:50:421 2700 OS Version: 5.1.2600 ServicePack: 3.0 18:22:50:421 2700 Product type: Workstation 18:22:50:437 2700 ComputerName: JRA 18:22:50:437 2700 UserName: .rhavin 18:22:50:437 2700 Windows directory: F:\XPSRPRO 18:22:50:437 2700 Processor architecture: Intel x86 18:22:50:437 2700 Number of processors: 1 18:22:50:437 2700 Page size: 0x1000 18:22:50:437 2700 Boot type: Normal boot 18:22:50:437 2700 ================================================================================ 18:22:50:437 2700 UnloadDriverW: NtUnloadDriver error 2 18:22:50:437 2700 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 18:22:50:546 2700 wfopen_ex: Trying to open file F:\XPSRPRO\system32\config\system 18:22:50:546 2700 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:22:50:546 2700 wfopen_ex: Trying to KLMD file open 18:22:50:546 2700 wfopen_ex: File opened ok (Flags 2) 18:22:50:546 2700 wfopen_ex: Trying to open file F:\XPSRPRO\system32\config\software 18:22:50:546 2700 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:22:50:546 2700 wfopen_ex: Trying to KLMD file open 18:22:50:546 2700 wfopen_ex: File opened ok (Flags 2) 18:22:50:546 2700 Initialize success 18:22:50:546 2700 18:22:50:546 2700 Scanning Services ... 18:22:51:031 2700 Raw services enum returned 303 services 18:22:51:031 2700 18:22:51:031 2700 Scanning Kernel memory ... 18:22:51:031 2700 Devices to scan: 9 18:22:51:031 2700 18:22:51:031 2700 Driver Name: Disk 18:22:51:031 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:031 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:031 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:031 2700 IRP_MJ_READ : F8575D1F 18:22:51:031 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:031 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:031 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:031 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:031 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:031 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:031 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:031 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:031 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:031 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:031 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:031 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:031 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:031 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:031 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:031 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:031 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:031 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:031 2700 IRP_MJ_POWER : F8577C82 18:22:51:031 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:031 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:031 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:031 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:046 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:046 2700 18:22:51:046 2700 Driver Name: USBSTOR 18:22:51:046 2700 IRP_MJ_CREATE : 82177500 18:22:51:046 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:046 2700 IRP_MJ_CLOSE : 82177500 18:22:51:046 2700 IRP_MJ_READ : 82177500 18:22:51:046 2700 IRP_MJ_WRITE : 82177500 18:22:51:046 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:046 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:046 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:046 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:046 2700 IRP_MJ_FLUSH_BUFFERS : 804FA88E 18:22:51:046 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:046 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:046 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:046 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:046 2700 IRP_MJ_DEVICE_CONTROL : 82177500 18:22:51:046 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82177500 18:22:51:046 2700 IRP_MJ_SHUTDOWN : 804FA88E 18:22:51:046 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:046 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:046 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:046 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:046 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:046 2700 IRP_MJ_POWER : 82177500 18:22:51:046 2700 IRP_MJ_SYSTEM_CONTROL : 82177500 18:22:51:046 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:046 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:046 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:062 2700 F:\XPSRPRO\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 18:22:51:062 2700 18:22:51:062 2700 Driver Name: Disk 18:22:51:062 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:062 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:062 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:062 2700 IRP_MJ_READ : F8575D1F 18:22:51:062 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:062 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:062 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:062 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:062 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:062 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:062 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_POWER : F8577C82 18:22:51:062 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:062 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:062 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:062 2700 18:22:51:062 2700 Driver Name: Disk 18:22:51:062 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:062 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:062 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:062 2700 IRP_MJ_READ : F8575D1F 18:22:51:062 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:062 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:062 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:062 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:062 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:062 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:062 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_POWER : F8577C82 18:22:51:062 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:062 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:062 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:062 2700 18:22:51:062 2700 Driver Name: Disk 18:22:51:062 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:062 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:062 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:062 2700 IRP_MJ_READ : F8575D1F 18:22:51:062 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:062 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:062 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:062 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:062 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:062 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:062 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_POWER : F8577C82 18:22:51:062 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:062 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:062 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:062 2700 18:22:51:062 2700 Driver Name: Disk 18:22:51:062 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:062 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:062 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:062 2700 IRP_MJ_READ : F8575D1F 18:22:51:062 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:062 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:062 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:062 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:062 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:062 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:062 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_POWER : F8577C82 18:22:51:062 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:062 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:062 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:062 2700 18:22:51:062 2700 Driver Name: Disk 18:22:51:062 2700 IRP_MJ_CREATE : F857BBB0 18:22:51:062 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:062 2700 IRP_MJ_CLOSE : F857BBB0 18:22:51:062 2700 IRP_MJ_READ : F8575D1F 18:22:51:062 2700 IRP_MJ_WRITE : F8575D1F 18:22:51:062 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:062 2700 IRP_MJ_FLUSH_BUFFERS : F85762E2 18:22:51:062 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:062 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_DEVICE_CONTROL : F85763BB 18:22:51:062 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8579F28 18:22:51:062 2700 IRP_MJ_SHUTDOWN : F85762E2 18:22:51:062 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:062 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:062 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:062 2700 IRP_MJ_POWER : F8577C82 18:22:51:062 2700 IRP_MJ_SYSTEM_CONTROL : F857C99E 18:22:51:062 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:062 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:062 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:078 2700 F:\XPSRPRO\system32\DRIVERS\disk.sys - Verdict: 1 18:22:51:078 2700 18:22:51:078 2700 Driver Name: atapi 18:22:51:078 2700 IRP_MJ_CREATE : F8368B40 18:22:51:078 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:078 2700 IRP_MJ_CLOSE : F8368B40 18:22:51:078 2700 IRP_MJ_READ : 804FA88E 18:22:51:078 2700 IRP_MJ_WRITE : 804FA88E 18:22:51:078 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:078 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:078 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:078 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:078 2700 IRP_MJ_FLUSH_BUFFERS : 804FA88E 18:22:51:078 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:078 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:078 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:078 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:078 2700 IRP_MJ_DEVICE_CONTROL : F8368B40 18:22:51:078 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8368B40 18:22:51:078 2700 IRP_MJ_SHUTDOWN : 804FA88E 18:22:51:078 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:078 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:078 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:078 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:078 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:078 2700 IRP_MJ_POWER : F8368B40 18:22:51:078 2700 IRP_MJ_SYSTEM_CONTROL : F8368B40 18:22:51:078 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:078 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:078 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:093 2700 F:\XPSRPRO\system32\DRIVERS\atapi.sys - Verdict: 1 18:22:51:093 2700 18:22:51:093 2700 Driver Name: atapi 18:22:51:093 2700 IRP_MJ_CREATE : F8368B40 18:22:51:093 2700 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 18:22:51:093 2700 IRP_MJ_CLOSE : F8368B40 18:22:51:093 2700 IRP_MJ_READ : 804FA88E 18:22:51:093 2700 IRP_MJ_WRITE : 804FA88E 18:22:51:093 2700 IRP_MJ_QUERY_INFORMATION : 804FA88E 18:22:51:093 2700 IRP_MJ_SET_INFORMATION : 804FA88E 18:22:51:093 2700 IRP_MJ_QUERY_EA : 804FA88E 18:22:51:093 2700 IRP_MJ_SET_EA : 804FA88E 18:22:51:093 2700 IRP_MJ_FLUSH_BUFFERS : 804FA88E 18:22:51:093 2700 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 18:22:51:093 2700 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 18:22:51:093 2700 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 18:22:51:093 2700 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 18:22:51:093 2700 IRP_MJ_DEVICE_CONTROL : F8368B40 18:22:51:093 2700 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8368B40 18:22:51:093 2700 IRP_MJ_SHUTDOWN : 804FA88E 18:22:51:093 2700 IRP_MJ_LOCK_CONTROL : 804FA88E 18:22:51:093 2700 IRP_MJ_CLEANUP : 804FA88E 18:22:51:093 2700 IRP_MJ_CREATE_MAILSLOT : 804FA88E 18:22:51:093 2700 IRP_MJ_QUERY_SECURITY : 804FA88E 18:22:51:093 2700 IRP_MJ_SET_SECURITY : 804FA88E 18:22:51:093 2700 IRP_MJ_POWER : F8368B40 18:22:51:093 2700 IRP_MJ_SYSTEM_CONTROL : F8368B40 18:22:51:093 2700 IRP_MJ_DEVICE_CHANGE : 804FA88E 18:22:51:093 2700 IRP_MJ_QUERY_QUOTA : 804FA88E 18:22:51:093 2700 IRP_MJ_SET_QUOTA : 804FA88E 18:22:51:093 2700 F:\XPSRPRO\system32\DRIVERS\atapi.sys - Verdict: 1 18:22:51:093 2700 18:22:51:093 2700 Completed 18:22:51:093 2700 18:22:51:093 2700 Results: 18:22:51:093 2700 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 18:22:51:093 2700 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 18:22:51:093 2700 File objects infected / cured / cured on reboot: 0 / 0 / 0 18:22:51:093 2700 18:22:51:093 2700 fclose_ex: Trying to close file F:\XPSRPRO\system32\config\system 18:22:51:093 2700 fclose_ex: Trying to close file F:\XPSRPRO\system32\config\software 18:22:51:093 2700 KLMD(ARK) unloaded successfully Dieser Beitrag wurde am 12.04.2010 um 18:27 Uhr von .rhavin editiert.
|
|
|
|
|
|
|
12.04.2010, 19:39
Member
Beiträge: 3716 |
#9
weis ich jetzt gar nicht.
http://www.computerschutz.net/tutorials/3094-kaspersky-avp-tool.html im normalen modus durchführen, log posten. bitte schalte während des scans alles an laufenden programmen ab |
|
|
|
|
|
|
13.04.2010, 22:09
...neu hier
Themenstarter Beiträge: 7 |
#10
hat nix gefunden :-/
Habs sowohl im 'normalen modus' ausgeführt, als auch im angesicherten, mit wirlich *allen* HDs, deepscann und so ziemlich allem was man damit scannen kann. Das maximum, was ich finden konnte, war das: ___________________________________ 13.04.2010 17:42:42 Task started 13.04.2010 19:25:18 Detected: http://www.viruslist.com/en/advisories/37255 F:\Programme\Java\jre6\bin\java.exe 13.04.2010 19:36:56 Detected: http://www.viruslist.com/en/advisories/37255 F:\XPSRPRO\system32\java.exe 13.04.2010 19:43:21 Detected: http://www.viruslist.com/en/advisories/39133 F:\Programme\QuickTime\QuickTimePlayer.exe 13.04.2010 21:03:13 Detected: http://www.viruslist.com/en/advisories/37255 F:\Programme\Java\jre6\bin\java.exe 13.04.2010 21:15:04 Detected: http://www.viruslist.com/en/advisories/37255 F:\XPSRPRO\system32\java.exe 13.04.2010 21:46:36 Task completed ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ Was mich ein wenig wundert ist, daß ich java frisch installiert habe, also die wirlich neueste (heute!) version drauf habe. Was ich etwas seltsam finde, ist das verhalten der cmd.exe… kannst Du oder jmd anderes mal bitte verifizieren, ob es normal ist, daß das Standard-Input-Verhalten bei 5.01.2600 overwrite ist und das bei Tab *keine* vervollständigung des Pfades erfolgt? kannst Du mir eine cleane cmd.exe mal bitte an r (at) rhavin.de senden oder wenigstens die folgenden checksums überprüfen…? md5: 9B890F756D087991322464912FE68E75 sha-1: 1BCE682E638F9EE949B344D22011F5840145F985 Dieser Beitrag wurde am 13.04.2010 um 23:26 Uhr von .rhavin editiert.
|
|
|
|
|
|
|
14.04.2010, 01:32
...neu hier
Themenstarter Beiträge: 7 |
||
|
|
|
|
|
14.04.2010, 02:04
Ehrenmitglied
 Beiträge: 6028 |
#12
Damit wird angegeben das dein Java veraltet ist
Zitat 13.04.2010 19:25:18 Detected: http://www.viruslist.com/en/advisories/37255 F:\Programme\Java\jre6\bin\java.exeUpdate Java http://board.protecus.de/t32385.htm __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Bei meiner Freundin (XPsp3pro… ihr Rechner, nicht die Freundin! ;-Þ) hat sich der Google-Redirection eingeschlichen, und ich kann das Teil nicht aufspüren…
Ich habs mit Malewarebytes, Spynomore und Adaware versucht, da erfolglos, poste ich nun mal das HJT und CBFX-log mit der Bitte um Hilfe.
An (legitimen) Prozessen läuft H20 (ihr wisst schon…) und die Soundcard is tatsächlich eine M-Audio Delta. Die SHTC-EU ist ein selbstgebastelter Tastaturtreiber (http://doc.rhavin.de/keys.html).
Das Combofix-log zeigt folgendes an:
__________________________________________________________
ComboFix 10-04-09.06 - .rhavin 10.04.2010 16:41:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.512.322 [GMT 2:00]
ausgeführt von:: d:\usr\.rhavin\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\usr\.rhavin\Recent\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-10 bis 2010-04-10 ))))))))))))))))))))))))))))))
.
2010-04-10 14:28 . 2010-04-10 14:28 -------- d-----w- f:\programme\HJThis
2010-04-10 04:46 . 2010-04-10 04:46 -------- d-----w- d:\usr\Common\Anwendungsdaten\McAfee Security Scan
2010-04-10 04:46 . 2010-04-10 04:46 -------- d-----w- d:\usr\Common\Anwendungsdaten\McAfee
2010-04-10 04:46 . 2010-04-10 04:46 -------- d-----w- f:\programme\McAfee Security Scan
2010-04-10 03:47 . 2010-04-10 03:47 1152 ----a-w- f:\xpsrpro\system32\windrv.sys
2010-04-10 03:47 . 2010-04-10 03:48 -------- d-----w- f:\programme\SpyNoMore
2010-04-09 14:34 . 2010-04-10 05:43 -------- d-----w- d:\usr\Jerrah\Anwendungsdaten\BitTorrent
2010-04-09 00:22 . 2010-04-09 00:22 -------- d-----w- d:\usr\.rhavin\Anwendungsdaten\Malwarebytes
2010-04-08 22:22 . 2010-04-08 22:22 -------- d-----w- d:\usr\Jerrah\Anwendungsdaten\Malwarebytes
2010-04-08 22:22 . 2010-03-29 22:46 38224 ----a-w- f:\xpsrpro\system32\drivers\mbamswissarmy.sys
2010-04-08 22:22 . 2010-04-08 22:22 -------- d-----w- d:\usr\Common\Anwendungsdaten\Malwarebytes
2010-04-08 22:22 . 2010-04-08 22:22 -------- d-----w- f:\programme\Malwarebytes' Anti-Malware
2010-04-08 22:22 . 2010-03-29 22:45 20824 ----a-w- f:\xpsrpro\system32\drivers\mbam.sys
2010-03-30 23:02 . 2010-03-30 23:02 7168 ----a-w- f:\xpsrpro\system32\SHTC-EU9.dll
2010-03-22 21:55 . 2010-03-22 21:55 -------- d-----w- F:\Videos
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 14:07 . 2009-11-23 18:39 -------- d-----w- f:\programme\EditPlus 3
2010-04-09 12:33 . 2009-03-23 12:44 -------- d-----w- d:\usr\.rhavin\Anwendungsdaten\FRITZ!
2010-04-01 22:43 . 2002-12-31 12:00 48156 ----a-w- f:\xpsrpro\system32\perfc007.dat
2010-04-01 22:43 . 2002-12-31 12:00 316594 ----a-w- f:\xpsrpro\system32\perfh007.dat
2010-03-29 20:19 . 2009-11-23 18:39 -------- d-----w- d:\usr\Common\Anwendungsdaten\EditPlus 3
2010-03-25 02:27 . 2009-03-28 15:50 -------- d-----w- d:\usr\Common\Anwendungsdaten\CanonIJPLM
2010-03-22 13:44 . 2009-05-31 16:26 -------- d-----w- f:\programme\Windows Media Connect 2
2010-03-10 00:24 . 2010-01-27 15:22 -------- d-----w- f:\programme\Haushaltsbuch
2010-02-25 06:15 . 2008-04-14 06:52 916480 ----a-w- f:\xpsrpro\system32\wininet.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Delta Taskbar Icon"="f:\xpsrpro\System32\DeltTray.exe" [2004-08-26 56320]
"NeroFilterCheck"="f:\xpsrpro\system32\NeroCheck.exe" [2001-07-09 155648]
"CanonSolutionMenu"="f:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"H2O"="f:\programme\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"NvCplDaemon"="f:\xpsrpro\system32\NvCpl.dll" [2006-11-17 7700480]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-11-17 86016]
"CanonMyPrinter"="f:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SNM"="f:\programme\SpyNoMore\SNM.exe" [2010-04-10 1067472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\xpsrpro\system32\CTFMON.EXE" [2008-04-14 15360]
d:\usr\.rhavin\Startmen\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\Fritz\FwebProt.exe [2009-3-23 913408]
FRITZ!DSL Startcenter.lnk - c:\programme\Fritz\StCenter.exe [2009-3-23 651264]
MagicDisc.lnk - f:\programme\MagicDisc\MagicDisc.exe [2010-2-9 576000]
d:\usr\Common\Startmen\Programme\Autostart\
McAfee Security Scan Plus.lnk - f:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Fritz\\IGDCTRL.EXE"=
"c:\\Programme\\Fritz\\FBOXUPD.EXE"=
"f:\\Programme\\DNA\\btdna.exe"=
"c:\\Programme\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programme\\BitTorrent\\bittorrent.exe"=
"f:\\Programme\\Windows Media Player\\wmplayer.exe"=
"f:\\Programme\\Bonjour\\mDNSResponder.exe"=
"f:\\Programme\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;f:\xpsrpro\system32\drivers\Lbd.sys [04.10.2009 01:09 64160]
R1 Asapi;Asapi;f:\xpsrpro\system32\drivers\asapi.sys [25.03.2009 10:27 11264]
R3 AVMUNET;AVM FRITZ!Box;f:\xpsrpro\system32\drivers\avmunet.sys [23.03.2009 14:30 15104]
R3 CLEDX;Team H2O CLEDX service;f:\xpsrpro\system32\drivers\cledx.sys [23.08.2009 17:25 33792]
S0 sptd;sptd;f:\xpsrpro\system32\drivers\sptd.sys [02.04.2009 12:36 717296]
S2 gupdate1c9daa68daf70e2;Google Update Service (gupdate1c9daa68daf70e2);f:\programme\Google\Update\GoogleUpdate.exe [22.05.2009 08:28 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;f:\xpsrpro\system32\drivers\ASPI32.SYS [03.04.2009 03:20 25244]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;f:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
.
Inhalt des "geplante Tasks" Ordners
2010-04-03 f:\xpsrpro\Tasks\Ad-Aware Update (Weekly).job
- f:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:11]
2010-03-20 f:\xpsrpro\Tasks\AppleSoftwareUpdate.job
- f:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-04-10 f:\xpsrpro\Tasks\GoogleUpdateTaskMachineCore.job
- f:\programme\Google\Update\GoogleUpdate.exe [2009-05-22 06:28]
2010-04-10 f:\xpsrpro\Tasks\GoogleUpdateTaskMachineUA.job
- f:\programme\Google\Update\GoogleUpdate.exe [2009-05-22 06:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
LSP: c:\programme\Fritz\sarah.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-Ad-Aware - d:\usr\Common\Anwendungsdaten\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
AddRemove-Mozilla Firefox (3.6.3) - c:\programme\Mozilla Firefox\uninstall\helper.exe
AddRemove-Steinberg Cubase SX v3.1.1.944 - f:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - d:\usr\Common\Anwendungsdaten\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 16:45
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(864)
c:\programme\Fritz\sarah.dll
c:\programme\Fritz\block.dll
c:\programme\Fritz\avmcsock.dll
c:\programme\Fritz\avmufc.dll
.
Zeit der Fertigstellung: 2010-04-10 16:47:45
ComboFix-quarantined-files.txt 2010-04-10 14:47
Vor Suchlauf: 2.333.110.272 Bytes frei
Nach Suchlauf: 2.301.702.144 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\XPSRPRO
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\XPSRPRO="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3ACAEF5C144FA69CFA997C46DABD82EC
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Hier noch das HJT-Log:
__________________________________________________________
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:13:19, on 10.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\XPSRPRO\System32\smss.exe
F:\XPSRPRO\system32\winlogon.exe
F:\XPSRPRO\system32\services.exe
F:\XPSRPRO\system32\lsass.exe
F:\XPSRPRO\system32\svchost.exe
F:\XPSRPRO\System32\svchost.exe
F:\XPSRPRO\system32\spoolsv.exe
F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Fritz\IGDCTRL.EXE
F:\Programme\Bonjour\mDNSResponder.exe
F:\XPSRPRO\system32\nvsvc32.exe
F:\XPSRPRO\system32\svchost.exe
F:\XPSRPRO\explorer.exe
F:\Programme\Internet Explorer\IEXPLORE.EXE
F:\Programme\Internet Explorer\IEXPLORE.EXE
F:\Programme\HJThis\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] F:\XPSRPRO\System32\DeltTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\XPSRPRO\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] F:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [H2O] F:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\XPSRPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] F:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SNM] F:\Programme\SpyNoMore\SNM.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\XPSRPRO\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\XPSRPRO\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\Fritz\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\Fritz\StCenter.exe
O4 - Startup: MagicDisc.lnk = F:\Programme\MagicDisc\MagicDisc.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\XPSRPRO\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\XPSRPRO\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\XPSRPRO\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\XPSRPRO\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - c:\programme\Fritz\IGDCTRL.EXE
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - F:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - F:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9daa68daf70e2) (gupdate1c9daa68daf70e2) - Google Inc. - F:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - F:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - F:\Programme\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - F:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\XPSRPRO\system32\nvsvc32.exe
--
End of file - 5238 bytes
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Vielen Dank im Voraus :-)