| |
| |||||||
Log-Analyse und Auswertung: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
03.07.2010, 14:43
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware Die persönlichen Informationen bitte unkenntlich machen zB mit ***
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.07.2010, 16:26
| #2 |
 | Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware Hallo,
__________________hier das GMER-Logfile. GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-01 18:49:50
Windows 5.1.2600 Service Pack 3
Running: m8g2qcm3.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uxtdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT F7BA0206 ZwCreateKey
SSDT F7BA01FC ZwCreateThread
SSDT F7BA020B ZwDeleteKey
SSDT F7BA0215 ZwDeleteValueKey
SSDT spll.sys ZwEnumerateKey [0xF73ECCA2]
SSDT spll.sys ZwEnumerateValueKey [0xF73ED030]
SSDT F7BA021A ZwLoadKey
SSDT spll.sys ZwOpenKey [0xF73CE0C0]
SSDT F7BA01E8 ZwOpenProcess
SSDT F7BA01ED ZwOpenThread
SSDT spll.sys ZwQueryKey [0xF73ED108]
SSDT spll.sys ZwQueryValueKey [0xF73ECF88]
SSDT F7BA0224 ZwReplaceKey
SSDT F7BA021F ZwRestoreKey
SSDT F7BA0210 ZwSetValueKey
SSDT F7BA01F7 ZwTerminateProcess
INT 0x62 ? 86FDBBF8
INT 0x82 ? 86FDBBF8
INT 0x84 ? 86D42BF8
INT 0x94 ? 86D42BF8
INT 0xA4 ? 86D42BF8
INT 0xB4 ? 86D42BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 4 Bytes CALL 4E45E2A6
? spll.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF633E360, 0x24BB1D, 0xE8000020]
.text USBPORT.SYS!DllUnload F5EE88AC 5 Bytes JMP 86D421D8
.text agu3srl7.SYS F5E6B384 1 Byte [20]
.text agu3srl7.SYS F5E6B384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text agu3srl7.SYS F5E6B3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text agu3srl7.SYS F5E6B3C4 3 Bytes [00, 00, 00]
.text agu3srl7.SYS F5E6B3C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F6D2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73FFC4C] spll.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73FFCA0] spll.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73CF040] spll.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73CF13C] spll.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73CF0BE] spll.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73CF7FC] spll.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73CF6D2] spll.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86D422D8
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\agu3srl7.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73DF048] spll.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FDA1F8
Device \Driver\usbohci \Device\USBPDO-0 86DD01F8
Device \Driver\usbohci \Device\USBPDO-1 86DD01F8
Device \Driver\usbohci \Device\USBPDO-2 86DD01F8
Device \Driver\usbehci \Device\USBPDO-3 86D331F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Cdrom \Device\CdRom0 86DE21F8
Device \Driver\Cdrom \Device\CdRom1 86DE21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\3417686458 spll.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 867441F8
Device \Driver\NetBT \Device\NetbiosSmb 867441F8
Device \Driver\PCI_PNP2708 \Device\0000005b spll.sys
Device \Driver\PCI_PNP2708 \Device\0000005b spll.sys
Device \Driver\usbohci \Device\USBFDO-0 86DD01F8
Device \Driver\usbohci \Device\USBFDO-1 86DD01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 867101F8
Device \Driver\usbohci \Device\USBFDO-2 86DD01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 867101F8
Device \Driver\usbehci \Device\USBFDO-3 86D331F8
Device \Driver\Ftdisk \Device\FtControl 86F6B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED714CE-B4D3-441C-8952-3A617F698C37} 867441F8
Device \Driver\agu3srl7 \Device\Scsi\agu3srl71 86D261F8
Device \FileSystem\Cdfs \Cdfs 86B0E500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd506b1f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd506b1f@00247dd30a89 0x61 0x3D 0x13 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x88 0x15 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xCE 0x1C 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0x40 0xD2 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF9 0x40 0xD2 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd506b1f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd506b1f@00247dd30a89 0x61 0x3D 0x13 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x88 0x15 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xCE 0x1C 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0x40 0xD2 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF9 0x40 0xD2 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x31 0xB2 0x7B 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0xB7 0x05 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x72 0xFF 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDF 0x45 0x29 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xDF 0x45 0x29 0x3E ...
---- Files - GMER 1.0.15 ----
[Hier standen diverse Dateien von mir, größtenteils JPG-Bilder und einige Word-Dokumente. Die Dateien sind mir alle bekannt, es war nichts auffälliges dabei.] 512 bytes
---- EOF - GMER 1.0.15 ----
--- --- --- --- --- --- |
|
| Themen zu Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware |
| ccleaner, download, exe-datei, explorer, gestern, hijack, inter, interne, internet, internet explorer, löschbar, löschen, malwar, malware, neustart, nicht löschbar, nichts, ordner, programme, seitdem, sekunden, vermutlich, versuch, wenige, wenigen, öffnen |
Hybrid-Darstellung
