| |
| |||||||
Log-Analyse und Auswertung: Musik im Hintergrund,Pop-ups in IE-FensternWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.08.2010, 20:02
| #28 |
 |  Musik im Hintergrund,Pop-ups in IE-Fenstern GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-04 20:59:25
Windows 5.1.2600 Service Pack 3
Running: 88x6ps87.exe; Driver: C:\DOKUME~1\Wir\LOKALE~1\Temp\awacyfog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xA6CC6040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA6CC2930]
SSDT BA71848E ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xA6CC6510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xA6CCC870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xA6CCCAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xA6CCFFD0]
SSDT BA718484 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xA6CC6600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA6CC2F20]
SSDT BA718493 ZwDeleteKey
SSDT BA71849D ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xA6CCC580]
SSDT BA7184A2 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA6CC2D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xA6CCC350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xA6CCC150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xA6CCF250]
SSDT BA7184AC ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xA6CC5C00]
SSDT BA7184A7 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xA6CC6220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA6CC3120]
SSDT BA718498 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xA6CCCCD0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501C5C 12 Bytes [10, 65, CC, A6, 70, C8, CC, ...]
? srescan.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xA68FF000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xA6943000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xA695F000, 0x8E, 0x42000040]
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL E0F15C417A4C75A6B567327A926BD3FB005B3C945A11B70146D028E4BEB086CCEF7F9632E5E9B11F850488FCDA7E4B2748A410D485E563679322DFC07C5EBC21161DA0B51D9A4554D305981A7E01F2CEF61CA65F236ED8C6FB0B08A891169D0E2182737DA968B850286B8115D193075C752E61A974052988E5006660CD8BB01E90CA5DBF067EA75B449BB4B49E7AD97ADC2679AB30A6F958E85619347395131F9CF67EB8A2AC42841A5EFA47A29ECF1A00B57AE27FF50828D14890EF3930F2232EE74E2663674D21CEDE6D1A8D8D616FDEF244CF80B81FAE217491E6CA78927F626716CA214521C5BD2FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D14078EDD5E5BE2F6E6676B13BFBAC3087F590DDA01C1EE527BF70BB176A27C3C248237B02C2839CC83F5D2F23EC19677F428A6C7B0EDE755ECF6EA00A3B3F3F7870E053FC5315446F6B98860AAAE286AAD451574E1510F5067737CC0E1D104B6817CBDD849C373C89621C7C6E977B0507C509A3D22DCB4748055A6608E84B108811D0D9E80A470635187A392D137815A6DCC4CFE77243DB47CE8A34DFAF816402BA5732EAAB63A6D472CFD37ACAB7C7EBC21149DDADCA0C6D75E037CEC00DEF655B1C4ACF806517ECAAF91273AB99AF
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 4D562972EDDC8051D0D377BCEA6DF7BB3C2EB04770946C78A1D6A4C86FC2B495361A98649FF21711637EB8DCEA49EB1821AF54D0B7C9FB47A072778A7D9A4084CFB5C15BA6D265E29BAD1C0EC6E0A81A1677B6E21FFCFA905CDADC9F70A57F6A569093ACA4BB50B7C29D06C4BE1E9625933F4FB220DDF64698E2031FA00045EAFD340FF1EDD18F051AB26F3C424BF59E86622CBBEA8154E28E7EAAE599243931EA4E4B088A1AAF46D273617378195672CDDEEB3EE0DFC8DF6AC6A7151BF5586639AFF28F37FD9276148A7DA9B9989E0EBD5B433D99D5DEBCCF78E48E9739EF3DF550446EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74CC038D530D6EB34523ABBC754438365A604439E2D18DECA86632ABFFC5B0E2F084CC33A85827B5F9CEB7A6201228C50888255CC40AA634086890616C96EC527F02190FA9307797982DBFB41C97A4A34A64B906F24BC904252EEB0D64CF848A7FA5FB9E9D6B0C0090C58F167452454747C8812CF2095B286693C51301F4EBE5C45CC8D3958FEF1CD1864772B0EECE0054B9ADB8783EE3C590B4E72215F337104B1DF3EED2866519D493707B6C5174F6F1794D2081C76C417BCB4017F2F6552F0664965E2574FC7DE07BB01898F551E52A7BD40934
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@oammhmedbmeglaoombcedkkeiahnji 0x64 0x61 0x6C 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@oainhpkcijlfffkfmiebjedlpoaeni 0x6A 0x61 0x6C 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@naomnpjeookdkeofdjbakaagdien 0x6A 0x61 0x6C 0x63 ...
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Wir\Eigene Dateien\Sicherungen Bilder 2003-2009\Sicherung 07_2009\Rainer Bilder\Rainer\Downloads\3609_Bibi_and_Tina_The_Great_Paper_Chase_EUR_MULTi3_NDS-OneUp\3609_Bibi_and_Tina_The_Great_Paper_Chase_EUR_MULTi3_NDS-OneUp\1u-bibit\BIBIAN~1.NDS 16777216 bytes
---- EOF - GMER 1.0.15 ----
So das wars :-) |
| Themen zu Musik im Hintergrund,Pop-ups in IE-Fenstern |
| adobe, antivir, antivir guard, avira, bho, desktop, explorer, firefox, gesperrt, hijack, hijackthis, hkus\s-1-5-18, internet explorer, launch, monitor, mozilla, musik, plug-in, pop ups, problem, realtek, scan, software, system, ups, werbung, windows, windows xp |
Baum-Darstellung