Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GMER Logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.02.2009, 18:21   #1
Proof-Fan
 
GMER Logfile - Standard

GMER Logfile



Hey.
Jetzt poste ich noch mein GMER Logfile:
Bitte auch auswerten.
Vielen Dank..


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-28 18:08:41
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAD4E48D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAD4E16E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAD4EE490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAD4E4E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAD4EBC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAD4EBE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAD4EFD50]
SSDT F7B456F4 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAD4E4F80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAD4E1C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAD4EED10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAD4EEAC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAD4EB600]
SSDT spfg.sys ZwEnumerateKey [0xF72A5CA2]
SSDT spfg.sys ZwEnumerateValueKey [0xF72A6030]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xAD4DE3B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAD4EF230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAD4EF2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xAD4EFFD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAD4E1AD0]
SSDT spfg.sys ZwOpenKey [0xF72870C0]
SSDT F7B456E0 ZwOpenProcess
SSDT F7B456E5 ZwOpenThread
SSDT spfg.sys ZwQueryKey [0xF72A6108]
SSDT spfg.sys ZwQueryValueKey [0xF72A5F88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAD4EF970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAD4EF3D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAD4E44F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAD4EF7C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAD4E4AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAD4E1EA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xAD4DE190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAD4EE800]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAD4EC580]
SSDT F7B456EF ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xAD4DE5D0]
SSDT F7B456EA ZwWriteVirtualMemory

INT 0x20 srescan.sys F6F28C80
INT 0x62 ? 86F78BF8
INT 0x63 ? 86F7BF00
INT 0x73 ? 86F7BF00
INT 0x82 ? 86F78BF8
INT 0xA4 ? 86DC0F00
INT 0xB4 ? 86DC0F00

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [ 90, 4E, 4E, AD, 80, BC, 4E, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 12 Bytes [ B0, E3, 4D, AD, 30, F2, 4E, ... ]
? spfg.sys Das System kann die angegebene Datei nicht finden. !
? srescan.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F59B28AC 5 Bytes JMP 86DC04E0

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[756] ntdll.dll!KiFastSystemCall + 2 7C91E4F2 2 Bytes [ CD, 20 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] spfg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] spfg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] spfg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] spfg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] spfg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spfg.sys
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [AD4E7780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [AD4E9B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [AD4E9220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [AD4E9410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F761F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Fastfat \FatCdrom 85D65500
Device \Driver\usbstor \Device\0000009c 858231F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbstor \Device\0000009d 858231F8
Device \Driver\usbstor \Device\0000009e 858231F8
Device \Driver\usbohci \Device\USBPDO-0 86DB81F8
Device \Driver\usbehci \Device\USBPDO-1 86E2C4A8
Device \Driver\usbstor \Device\000000a0 858231F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbstor \Device\000000a1 858231F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{71F42B00-A380-45B9-B78E-0DF767C6891E} 856B8500
Device \Driver\usbstor \Device\000000a2 858231F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F791F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbstor \Device\000000a3 858231F8
Device \Driver\usbstor \Device\000000a4 858231F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F791F8

Weiter geht's in Post # 2

Alt 28.02.2009, 18:22   #2
Proof-Fan
 
GMER Logfile - Standard

GMER Logfile



Post #2


AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 86E2D1F8
Device \Driver\usbstor \Device\000000a5 858231F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F791F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbstor \Device\000000a6 858231F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F791F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snman380.sys (Acronis Snapshot API/Acronis)

Device \Driver\NetBT \Device\NetBT_Tcpip_{AFE8F905-A709-4203-A20B-0D1D33E4F6A4} 856B8500
Device \Driver\usbstor \Device\000000a7 858231F8
Device \Driver\usbstor \Device\000000a8 858231F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 856B8500
Device \Driver\nvata \Device\00000091 86F781F8
Device \Driver\nvata \Device\00000091 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBFDO-0 86DB81F8
Device \Driver\usbehci \Device\USBFDO-1 86E2C4A8
Device \Driver\nvata \Device\NvAta0 86F781F8
Device \Driver\nvata \Device\NvAta0 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 858501F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 858501F8
Device \Driver\Ftdisk \Device\FtControl 86F791F8
Device \Driver\nvgts \Device\Scsi\nvgts2Port2Path0Target0Lun0 86FD11F8
Device \Driver\nvgts \Device\Scsi\nvgts1 86FD11F8
Device \Driver\nvgts \Device\Scsi\nvgts2 86FD11F8
Device \FileSystem\Fastfat \Fat 85D65500

AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm140.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device \FileSystem\Cdfs \Cdfs 86CBC500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -513871396
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1728907231
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x81 0x09 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0x81 0xF4 0x02 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x1C 0xDF 0xA1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 2E33ED1A9BEEEF458E907E71E6D0C4DECCB85E639218B7CD55B3F04533BAADFD80246647E081A8DE2D5C69067A2E4EBDB7108C30BDB0492CB3961434B16D717F02328506E097CD59ADF490 F2DC925B409F2B40801C6CAC4E1C5D01E09CE2D4E5145A767462762703C6599C5E3D98BF1031A73E25DE5A6153CF67BB65C83724682CDB9994016CEDCC42C96A531A5C42F4AAE702518D06 5DFEA1D7F8BDE30B2065D3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D BA7FD869164D6794FEBC9E127BECC74C0AB3DCBECF48B148E9F0F25B797B712C2FA4C3CA33348C0E6906F9813DE1B5CC7B59F662D8747071A26D4567D547C5FCFE7318992661928AB42362 D98381DCBF172F75F92676C60BED0835238B508037BC745B90CF5C57CBA67047980F6CCF3AD6666382DDFACFE007329730539256DB06744897988A4BA65DB66C8A18175607F8E5304E2B22 4A53EB8C240666779F023A7102E96EC6FE0639F3FE4F5DE75A067FC5AF03BB7E1C57E06FF6EF85E25A50FC9F0C98BFDDA8E8DFD50CDD20BA6C2B30D4989BC399CBF4EBE2918CF428A68537 66D2858394A1E03B4305FCA6DC3DFC16928764F86F85C759A7D8CD7C90CAF214E121E9B09D6813F6D3C2CA3913A497FEB6F9FE166F9902B7AF13FBE65A2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 03ECD8DDC8D5530769FD221B9C3E71BEC3B7BC910EFDB58AA7110FAD7637511AAC529ADD343CEE8A31BD0470A340200A73C2F6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6A0AC4980AC7933A6A0AC4980AC7933FE2EF801A3EE13810BEB9717A6D06F84DC0C0C 00BCAAEAE36E3B776D170B6563653615517DD21AB56D3DE94DEE485ED61FD2847B5685643B7C4BC603CAAC914C7DB0CB78E0F0E632287051969171F5723BDB35C3A95FE7DDE87888DE4B76 1348A2A42B6D84C8A31A7281790AEDCFD029E2380EA95D5F21687E890C33AB56C561D8AC825E83A7FD03A5805570C6B70CBD680E41367E0040EC29D6E562DE890B17C5F468ACDAB4A67B43 8F1B46C3D34CE74514C6A1FC10786E7ACD6E04C025475A31C2B4E9EDE7D47E6D66C53EEFA0365594165ADBADB182E8A66EC1648B9062118B6A06E0028E4081E9CF123E3BF0F5A49575F907 C85C184607D0C0026407CA16E5563C8E43C7A8EAA4AB035EF8EA39E9AD26697A6ADAF96A971C8D90CC1AEEB575857D21BE0BCD962DEC5EED6087B32DE330AE3E13CBEB287A8D92F7B1ABC4 B4150A33FEE59E7651B49BAE6C0E159BEB642F1793A821B549F477F9D3DE7444464209894012A06BDF92524211FEB32B14FED52F6C71A3228B6E3E35740
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION EBC6DCE8561845F3D0A051B567B65945AFB3B6262DA43D329BB9FB9E78F2C6B1E351B49BA88D051602A0A699EA8ECE6B9E535BCF815C6515A461CB461F1C9B4762A411A552F19BC73D47AE 6D0090328672746A6CE99A2CFC6AE92D8E5151C6E59CC77EF71798AD4101BE8A7202C5082B900735A8FDBC99FA5B29C335FBE5EFB9A99292FCDFEB206DAC86DC5D73CA17A042CE8FA575B5 75D2C946B36834C001278434E211B665A06883714DD7F7D1EC61B5E353FA300C4D7E6DC0A7C9305D27408B2E8902CC171C07B0A6887F5920D71E7B305C32AD5A7129DEE64DF1C94BD45184 562595F524464EBE203CE2038EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6 E6675D575E7D6A3B98085D575E7D6A3B9808FEB791272812C20D5B6B87DE4B769645F3B7D3800182E485A6E6728BEC7AE61C911340F09B664D0690296746130977C1CCC267B5E014416FD8 48A4484137D741E2608B015AFD29BCF1BDC1447E7CDEC830AB6A0D0447611252F778FA2DC8FCB6FC2210A69AD3044CC766FACAD5958F2CCC8CA8BFE6534393428E43BF79F12C192E8D4D81 16572EE62416DC22E31474508EB4D55904DF082F9658BF87F4E86216888B270A0CEC194FD77314E3F8A79AAF2EA8853A5C8D76B386578B97F05ABB72E0B
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI03.00.00.01PRO B4BBD9BB22CC708C0A35CA884B6597437399C945184D76EE708062EE5554EFEAF9DD10EA9E31CF9A00902C6B45475ACDB87894D8039322BDBA213051FD1A2F8AE98140B89F6BF958343EFD D43434B1769C8C0DFE6761D60E1C15BD5E0050A271C976973CFB18C06ED647405CED51D3B2DEB62B6FB782524A023714900B8CAE1A52B156D1C0314C828ED80CDFF9A2FEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6FE67 394016FA570D8CFDB02571EF733CADD8F7A3FE24D4566E0A2406B2C278FB255EEFBC5E61E0CC0318047ED7AB2AA8BF7DD0351E502D4F4DB27AC41F4A2EC31FE5D29581F4A70580D062F908 719299FB7D085AF954CFE651EA1A3AA7B598D6F9712D81747A01D44407D1A7F6008A9374C5F919298F46A5FD4B5B00A21E8665CCE5EF506D67A631938CFCA8DD4E54EEBD332B078491F969 DADFBA422CD22EF12C99B160EA6835E038282F34B982965AF21AC24F2BA03C63F1A75640A3D6A653B45C2AA7AB5C2F00FC92DC934C7ADB54AF410BB1FE37BE9B5198F2D0AA5FEB33076F35 B134D7F8FEB37B9B2599C6123397E3F10126029AE98B19F8D929576091C505D5994CA1DDA03003A35D6CAA0D1ECEAF8CA40AE1CA7C388673584ADDC6419
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 38
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@bbgkbnmdmcjnfenhkckbjogjhlcobjlfejhp 0x6A 0x61 0x6B 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@abiklmfgaggnfijpbfkdbelkbjodinhioj 0x6A 0x61 0x6B 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@abkhfpimdlmocckglkffiphgaoiefalkll 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@madhooeneacpdjeneojlpoflco 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@iagkbnmdmcjnfenhkc 0x61 0x61 0x00 0x01
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@haiklmfgaggnfijp 0x61 0x61 0x00 0x01
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F45A74D-74AE-8295-417E-EAB148F154B4}@iakhfopiffhkhkcphh 0x61 0x61 0x00 0x01
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6444B71D-DDCC-AEBF-6AB5-C26F4EFDD55C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6444B71D-DDCC-AEBF-6AB5-C26F4EFDD55C}@oapjcfcginamebaejkdkeaoocilcfd 0x6A 0x61 0x64 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6444B71D-DDCC-AEBF-6AB5-C26F4EFDD55C}@najkeflgegofdpjfepdjdcjnhmda 0x69 0x61 0x67 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6444B71D-DDCC-AEBF-6AB5-C26F4EFDD55C}@gbhibjkdcadbmicfjeoojnbacjkhflahiffiblaijipapg 0x6D 0x61 0x6A 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6444B71D-DDCC-AEBF-6AB5-C26F4EFDD55C}@bbbidfllkomhncimiciagchecbgemlgmjhjp 0x6F 0x61 0x67 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A04AC96-BB97-CFA2-457C-EFD7E4B0E536}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A04AC96-BB97-CFA2-457C-EFD7E4B0E536}@iafhcbdmchbhooifnp 0x6A 0x61 0x65 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A04AC96-BB97-CFA2-457C-EFD7E4B0E536}@hahfebdfnmjbompg 0x6A 0x61 0x65 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}@bbacbcnecimdhhicibjkhigjadnldoeiknec 0x6A 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}@abobhfnplmlaelcpdnpdpjkkhidolgblhk 0x6A 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}@iaacbcnecimdhhicib 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}@haobhfnplmlaelcp 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91B5B811-428E-D31A-E707-D2B12E7B250E}@iamdbejlahkoiipehk 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{983CA25E-ED3D-D6B0-38E4-F28E222FD2AD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{983CA25E-ED3D-D6B0-38E4-F28E222FD2AD}@iadgkofcdfbgpakbjl 0x6A 0x61 0x68 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{983CA25E-ED3D-D6B0-38E4-F28E222FD2AD}@hajhiodllhgjbplf 0x6A 0x61 0x68 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{983CA25E-ED3D-D6B0-38E4-F28E222FD2AD}@iahhkcjoiapekhgdan 0x63 0x61 0x67 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D912C5BF-371C-F1BC-4163-FF764B0E38CF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D912C5BF-371C-F1BC-4163-FF764B0E38CF}@iahehkkfgcbccjcgej 0x6A 0x61 0x61 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D912C5BF-371C-F1BC-4163-FF764B0E38CF}@hajebkpnehidhhbj 0x6A 0x61 0x61 0x6C ...

---- EOF - GMER 1.0.14 ----
__________________


Antwort

Themen zu GMER Logfile
acronis, antivir, atapi.sys, avg, avira, avira antivir, bytes, c:\windows, cdrom, code, datei, device, devices, filter, gmer, gmer logfile, hal.dll, i8042prt.sys, kernel, logfile, ntdll.dll, port, poste, scan, service, software, system, system32, usbport.sys, zonelabs, zwcreatekey, zwopenkey




Ähnliche Themen: GMER Logfile


  1. GMER Logfile - bitte um Analyse
    Log-Analyse und Auswertung - 19.05.2015 (11)
  2. GMER Logfile
    Log-Analyse und Auswertung - 13.09.2014 (9)
  3. GMER Logfile
    Log-Analyse und Auswertung - 17.02.2014 (17)
  4. logfile GMER -was ist noch zu tun?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (3)
  5. Experte zum LogFile Auswerten gesucht ! OTL, Gmer
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (7)
  6. Möglicherweise Rootkit - GMER Logfile Analyse
    Log-Analyse und Auswertung - 18.12.2012 (6)
  7. Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc
    Log-Analyse und Auswertung - 29.06.2012 (34)
  8. gmer logfile nach befall von systemcheck trojaner
    Log-Analyse und Auswertung - 10.02.2012 (44)
  9. GMER Logfile - Java Virus?
    Log-Analyse und Auswertung - 21.11.2011 (21)
  10. Bitte um Analyse Gmer Logfile
    Log-Analyse und Auswertung - 09.06.2011 (1)
  11. Rootkit Virus eingefangen? Bewertung GMER Logfile
    Log-Analyse und Auswertung - 17.12.2010 (9)
  12. GMER Logfile
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  13. gmer logfile: sector 63: rootkit-like behavior; copy of MBR
    Plagegeister aller Art und deren Bekämpfung - 19.05.2010 (3)
  14. GMER Logfile Auswertung
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (1)
  15. Logfile Gmer kenne ich mich nicht aus
    Plagegeister aller Art und deren Bekämpfung - 14.02.2010 (4)
  16. GMER Logfile - alles i.O.?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (0)
  17. Gmer Logfile
    Alles rund um Windows - 17.10.2009 (4)

Zum Thema GMER Logfile - Hey. Jetzt poste ich noch mein GMER Logfile: Bitte auch auswerten. Vielen Dank.. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-28 18:08:41 Windows 5.1.2600 Service Pack 3 ---- System - GMER - GMER Logfile...
Archiv
Du betrachtest: GMER Logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.