| |
| |||||||
Log-Analyse und Auswertung: Google redirect -> rootkit?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.12.2009, 10:54
| #1 |
 |  Google redirect -> rootkit? Hallo, wenn ich google links öffne werde ich sehr oft auf andere seiten geführt. habe ein wenig gesucht und was ich so gelesen hab hat sich nicht gut angehört. aber um auf nummer sicher zu gehen poste ich lieber. ich hab bereits CCleaner durchlaufen lassen und alles bereinigt, Malwarebytes Anti-Malware (ohne fund), und AVG (ohne fund). OS: win 7 wenn noch irgendwelche infos fehlen, einfach sagen, dann poste ich es. RSIT läuft unter win7 leider nich. Vielen Dank! Dosenfisch hier mein hijackthis-log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:00, on 08.12.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msxmlsysgfx] rundll32.exe "C:\Users\Jonas\AppData\Local\msxmlsysgfx\msxmlsysgfx.dll", DllInit O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm O8 - Extra context menu item: BID: Link in Queue einreihen - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: BID: Seite in &Queue einreihen - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: BID: Öffne aktuelle Seite - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm O8 - Extra context menu item: BID: Öffne diesen &Link - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download mit IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\iked.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 9302 bytes |
|
08.12.2009, 12:03
| #2 |
  | Google redirect -> rootkit? Hi,
__________________Gmer unter Win 7, mal sehen ob das geht (folge dem Link)... http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Wenn nicht, dann Dr. Web: http://www.trojaner-board.de/59299-a...eb-cureit.html chris
__________________ |
|
08.12.2009, 14:33
| #3 |
| | Google redirect -> rootkit? danke für die schnelle antwort!
__________________also ich habe GMER runtergeladen und gestartet und war dann im Rootkit-Fenster und er hat mir nachfolgendes angezeigt. allerdings musste ich nichts drücken, war einfach so da: Code:
ATTFilter GMER 1.0.15.15272 - http://www.gmer.net
Rootkit quick scan 2009-12-08 14:24:32
Windows 6.1.7600
Running: xcg3369o.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\kglcypow.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 864741F8
Device \FileSystem\fastfat \Fat 8724D500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
---- EOF - GMER 1.0.15 ----
habe danach auf scan geklickt, dabei kam folgendes raus, aber wieder keine aufforderung irgendetwas zu tun: Code:
ATTFilter GMER 1.0.15.15272 - http://www.gmer.net
Rootkit scan 2009-12-08 14:31:56
Windows 6.1.7600
Running: xcg3369o.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\kglcypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x99BAC620]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x99BAC6D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x99BAC770]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x99BAC810]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830272D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83026898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303F1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C57579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82C839E8 4 Bytes [20, C6, BA, 99]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82C83CB8 8 Bytes [D0, C6, BA, 99, 70, C7, BA, ...] {ROL DH, 0x1; MOV EDX, 0xbac77099; CDQ }
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82C83D2C 4 Bytes [10, C8, BA, 99]
? System32\Drivers\spbn.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91DBACA0 5 Bytes JMP 8723F1D8
.text akk8wl9y.SYS 95226000 12 Bytes [44, 98, 02, 83, EE, 96, 02, ...]
.text akk8wl9y.SYS 9522600D 9 Bytes [77, 02, 83, 48, 9B, 02, 83, ...] {JA 0x4; OR DWORD [EAX-0x65], 0x2; ADD DWORD [EAX], 0x0}
.text akk8wl9y.SYS 95226017 20 Bytes [00, DE, D7, 34, 8B, E6, D5, ...]
.text akk8wl9y.SYS 9522602C 149 Bytes [00, 00, 00, 00, D0, 21, C5, ...]
.text akk8wl9y.SYS 952260C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A2E36C9D 28 Bytes [55, 85, C7, 87, 4E, 9E, 99, ...]
.text peauth.sys A2E36CC1 28 Bytes [55, 85, C7, 87, 4E, 9E, 99, ...]
PAGE peauth.sys A2E3CB9B 55 Bytes [CE, DC, EF, 73, BA, B7, 9F, ...]
PAGE peauth.sys A2E3CBD3 16 Bytes [9A, 87, 84, AE, 9D, 01, 51, ...] {CALL FAR 0x5101:0x9dae8487; OUT 0x3f, AL; POP ECX; AAS ; HLT ; LES ECX, DWORD [EAX+EDX*8+0x52]}
PAGE peauth.sys A2E3CBEC 97 Bytes [A7, B4, DB, 46, 8D, 3D, 7F, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] kernel32.dll!SetUnhandledExceptionFilter 76A73142 5 Bytes JMP 6AC85629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B243042] \SystemRoot\System32\Drivers\spbn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B2436D6] \SystemRoot\System32\Drivers\spbn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B243800] \SystemRoot\System32\Drivers\spbn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B24313E] \SystemRoot\System32\Drivers\spbn.sys
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\akk8wl9y.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[1716] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1716] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1716] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5896] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75D75D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 864741F8
Device \FileSystem\fastfat \FatCdrom 8724D500
Device \Driver\USBSTOR \Device\0000008f 87DC31F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
Device \Driver\volmgr \Device\VolMgrControl 857821F8
Device \Driver\usbuhci \Device\USBPDO-0 872931F8
Device \Driver\usbuhci \Device\USBPDO-1 872931F8
Device \Driver\sptd \Device\1767094776 spbn.sys
Device \Driver\usbuhci \Device\USBPDO-2 872931F8
Device \Driver\usbehci \Device\USBPDO-3 872AD500
Device \Driver\usbuhci \Device\USBPDO-4 872931F8
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 872931F8
Device \Driver\usbuhci \Device\USBPDO-6 872931F8
Device \Driver\volmgr \Device\HarddiskVolume1 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 872AD500
Device \Driver\volmgr \Device\HarddiskVolume2 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 870991F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 857841F8
Device \Driver\atapi \Device\Ide\IdePort0 857841F8
Device \Driver\atapi \Device\Ide\IdePort1 857841F8
Device \Driver\atapi \Device\Ide\IdePort2 857841F8
Device \Driver\atapi \Device\Ide\IdePort3 857841F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 857841F8
Device \Driver\volmgr \Device\HarddiskVolume3 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 870991F8
Device \Driver\volmgr \Device\HarddiskVolume4 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom2 870991F8
Device \Driver\volmgr \Device\HarddiskVolume5 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom3 870991F8
Device \Driver\USBSTOR \Device\00000081 87DC31F8
Device \Driver\volmgr \Device\HarddiskVolume6 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom4 870991F8
Device \Driver\PCI_PNP0775 \Device\00000069 spbn.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{73B99B48-A5AA-4A4F-BB57-A76198C7EB8B} 870641F8
Device \Driver\volmgr \Device\HarddiskVolume7 857821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000090 87DC31F8
Device \Driver\USBSTOR \Device\00000083 87DC31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 870641F8
Device \Driver\usbhub \Device\00000077 hcmon.sys
Device \Driver\USBSTOR \Device\00000084 87DC31F8
Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\USBSTOR \Device\00000085 87DC31F8
Device \Driver\usbhub \Device\00000079 hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{2253C295-4A5B-4B19-B841-76274A39646B} 870641F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E37D907-D146-474B-853E-5B75FC53C350} 870641F8
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 872931F8
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 872931F8
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 872931F8
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 872AD500
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbhub \Device\0000007c hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 872931F8
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbhub \Device\0000007d hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 872931F8
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbhub \Device\0000007e hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 872931F8
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 872AD500
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
Device \Driver\akk8wl9y \Device\Scsi\akk8wl9y1Port5Path0Target1Lun0 874BE500
Device \Driver\akk8wl9y \Device\Scsi\akk8wl9y1 874BE500
Device \Driver\akk8wl9y \Device\Scsi\akk8wl9y1Port5Path0Target3Lun0 874BE500
Device \Driver\akk8wl9y \Device\Scsi\akk8wl9y1Port5Path0Target0Lun0 874BE500
Device \Driver\mv61xx \Device\Scsi\mv61xx1 857851F8
Device \Driver\akk8wl9y \Device\Scsi\akk8wl9y1Port5Path0Target2Lun0 874BE500
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0 857851F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target19Lun0 857851F8
Device \FileSystem\fastfat \Fat 8724D500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0xEB 0x64 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0x5D 0xB5 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xED 0x07 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE9 0xFA 0x84 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xC8 0x4B 0xAF 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x90 0x95 0x85 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0xEB 0x64 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0x5D 0xB5 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xED 0x07 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE9 0xFA 0x84 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xC8 0x4B 0xAF 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x90 0x95 0x85 0xE1 ...
---- EOF - GMER 1.0.15 ----
Danke |
|
08.12.2009, 15:57
| #4 |
| | Google redirect -> rootkit? Hallo, lass mal bei Virustotal.com den folgenden Treiber untersuchen: C:\windows\System32\Drivers\akk8wl9y.SYS Lass mal Dr. Web scannen (s. vorangegangenen Post von mir)... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
08.12.2009, 17:46
| #5 |
| | Google redirect -> rootkit? hi, also virustotal ergab einen treffer von mc afee: McAfee-GW-Edition 6.8.5 2009.12.06 Heuristic.LooksLike.Win32.NewMalware.H sonst nichts, dennoch hier das komplette logfile: Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.43 2009.12.06 -
AhnLab-V3 5.0.0.2 2009.12.06 -
AntiVir 7.9.1.92 2009.12.06 -
Antiy-AVL 2.0.3.7 2009.12.04 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.06 -
AVG 8.5.0.426 2009.12.06 -
BitDefender 7.2 2009.12.06 -
CAT-QuickHeal 10.00 2009.12.05 -
ClamAV 0.94.1 2009.12.06 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.06 -
eSafe 7.0.17.0 2009.12.06 -
eTrust-Vet 35.1.7159 2009.12.04 -
F-Prot 4.5.1.85 2009.12.06 -
F-Secure 9.0.15370.0 2009.12.03 -
Fortinet 4.0.14.0 2009.12.06 -
GData 19 2009.12.06 -
Ikarus T3.1.1.74.0 2009.12.06 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.912 2009.12.05 -
Kaspersky 7.0.0.125 2009.12.06 -
McAfee 5824 2009.12.06 -
McAfee+Artemis 5824 2009.12.06 -
McAfee-GW-Edition 6.8.5 2009.12.06 Heuristic.LooksLike.Win32.NewMalware.H
Microsoft 1.5302 2009.12.06 -
NOD32 4665 2009.12.06 -
Norman 6.03.02 2009.12.05 -
nProtect 2009.1.8.0 2009.12.06 -
Panda 10.0.2.2 2009.12.06 -
PCTools 7.0.3.5 2009.12.06 -
Prevx 3.0 2009.12.06 -
Rising 22.24.06.04 2009.12.06 -
Sophos 4.48.0 2009.12.06 -
Sunbelt 3.2.1858.2 2009.12.06 -
Symantec 1.4.4.12 2009.12.06 -
TheHacker 6.5.0.2.086 2009.12.05 -
TrendMicro 9.100.0.1001 2009.12.06 -
VBA32 3.12.12.0 2009.12.03 -
ViRobot 2009.12.4.2072 2009.12.04 -
VirusBuster 5.0.21.0 2009.12.06 -
weitere Informationen
File size: 21584 bytes
MD5 : 338c86357871c167a96ab976519bf59e
SHA1 : e99e20970139fb1e67bbc54fa8a61c18a4fce36e
SHA256: f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x603E
timedatestamp.....: 0x4A5BBF13 (Tue Jul 14 01:11:15 2009)
machinetype.......: 0x14C (Intel I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2472 0x2600 6.22 9b9f242740c0a1c2494b23ae50935e6d
.rdata 0x4000 0xAE 0x200 1.54 1833a5650ae0f8256ba78bf8ed79d6e1
.data 0x5000 0xC 0x200 0.18 7c80b151582aa6280e754b477343e54e
INIT 0x6000 0x38C 0x400 4.66 392ce67c807da67e018ad9cf892fde4c
.rsrc 0x7000 0x3F0 0x400 3.41 ecb60c1c006d2813169c8bcfe271a200
.reloc 0x8000 0xD2 0x200 2.47 035f51da8bf9893e51952ac185994f14
( 2 imports )
> ataport.sys: AtaPortNotification, AtaPortQuerySystemTime, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortCopyMemory, AtaPortEtwTraceLog, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
> ntoskrnl.exe: KeTickCount
( 0 exports )
TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:SN+KUt2BtUXbyTHoCtGRZjNVAsRMNSChq3BLWErUwW9Qu5VpBjbOjBMmhyMD:adUtytUXbyTICtGjNMNbcxHJudkMmwMD
PEiD : -
RDS : NSRL Reference Data Set
-
danke! |
|
08.12.2009, 18:26
| #6 |
| | Google redirect -> rootkit? Hi, könnte auch Fehlalarm sein, obwohl das Ding nach GMER schon so einiges "tut"... Poste das Log von Dr. Web morgen, nicht zu lange im INet bleiben, wenn noch ein TrojanDownloader drauf sein sollte, wird die Kiste immer weiter verseucht... chris
__________________ --> Google redirect -> rootkit? |
|
| Themen zu Google redirect -> rootkit? |
| adobe, avg, avg security toolbar, bho, browser, dll, downloader, explorer, firefox, firewall, google, hijack, internet, internet explorer, logfile, malwarebytes' anti-malware, mozilla, nvidia, plug-in, realtek, rootkit, rootkit?, rundll, security, seiten, senden, software, system, windows |
Hybrid-Darstellung
