Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
100 Tan Trojaner

100 Tan Trojaner


Plagegeister aller Art und deren Bekämpfung: 100 Tan Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 08.10.2010, 13:22   #16
Lechs
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Ich kann GMER normal öffnen und dann drücke ich auf scan.

Das funktioniert auch eine Minute lang und dann kommt ein Bluescreen und der PC fährt neu hoch...

Wodran kann das liegen?

mfg

Alt 11.10.2010, 13:36   #17
Redwulf
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Lechs irgendetwas läuft falsch bei dir....

Nochmal von vorne, bitte unternehme nichts anderes vorher, nutzte keine anderen Programe paralell. Denke daran das du die Programme als Admin ausführen musst ( Rechtsklick )

Bitte schau noch mals in de letzten Posts.

Mach alle deine Dateien sichtbar, wie ist oben erklärt.
Schalte die Systemwiederherstellung aus - ebenfalls erklärt-
Dann lässt du bitte nach Anweisung CCleaner laufen

Bitte melde dich wenn diese 3 Pumkte durchgeführt worden sind. Das Posten von MAM oder sonstigen Logs bringt mir und dir noch nichts....
__________________

__________________
Alt 12.10.2010, 14:40   #18
Lechs
 
100 Tan Trojaner - Standard

100 Tan Trojaner


So Hier ist nun aber alles:
Ich hoffe jetzt kann man alle probleme beheben:

Die Maleware Daten:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4794

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.10.2010 19:48:41
mbam-log-2010-10-11 (19-48-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 513377
Laufzeit: 1 Stunde(n), 35 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________
Alt 12.10.2010, 14:41   #19
Lechs
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Hier die HiJack Daten:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:17, on 11.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Desktop\HiJackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237055674647&h=49e6986c88dad41bf802c875eb09ed66/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9ded73ea44e20) (gupdate1c9ded73ea44e20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 11616 bytes
--- --- ---
Alt 12.10.2010, 14:42   #20
Lechs
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Und hier die GMER Daten:

Für die Interne Festplatte:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-12 12:55:44
Windows 6.0.6001 Service Pack 1
Running: Huppala.exe.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            8C8FB6FC                                                                                                             ZwCreateThread
SSDT            8C8FB6E8                                                                                                             ZwOpenProcess
SSDT            8C8FB6ED                                                                                                             ZwOpenThread
SSDT            8C8FB6F7                                                                                                             ZwTerminateProcess
SSDT            8C8FB6F2                                                                                                             ZwWriteVirtualMemory

INT 0x51        ?                                                                                                                    86F72BF8
INT 0x51        ?                                                                                                                    86F72BF8
INT 0x51        ?                                                                                                                    86F72BF8
INT 0x72        ?                                                                                                                    86F72BF8
INT 0x82        ?                                                                                                                    86F72BF8
INT 0x92        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    85528BF8
INT 0xA2        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    85528BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                      82301B18 4 Bytes  [FC, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                      82301CE8 4 Bytes  CALL C9BCACA3 
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                      82301D04 4 Bytes  [ED, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                      82301F18 4 Bytes  [F7, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 8B4                                                                                      82301F78 4 Bytes  [F2, B6, 8F, 8C]
?               System32\Drivers\spln.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x8E001340, 0x3E9407, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                8A3DD46F 5 Bytes  JMP 86F721D8 
.text           axl974od.SYS                                                                                                         8E86A000 22 Bytes  [26, D2, 21, 82, 10, D1, 21, ...]
.text           axl974od.SYS                                                                                                         8E86A017 181 Bytes  [00, 32, 67, 79, 80, 3D, 65, ...]
.text           axl974od.SYS                                                                                                         8E86A0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           axl974od.SYS                                                                                                         8E86A0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           axl974od.SYS                                                                                                         8E86A0E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           ...                                                                                                                  
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0x9DB07300, 0x3AE88, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0x9DB4A300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [8068C6D6] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [8068C042] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [8068C800] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [8068C0C0] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [8068C13E] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [8069BE9C] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortNotification]                                           CC000CC2
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortUchar]                                         83EC8B55
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortUlong]                                         575320EC
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     458DFF33
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          8D5750FC
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   5750F845
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortUchar]                                          8957046A
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortStallExecution]                                         75E8FC7D
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetParentBusType]                                       BB0001E8
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortRequestCallback]                                        000000EA
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  850FC33B
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   0000012B
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortCompleteRequest]                                        0FFC7D39
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortMoveMemory]                                             00012284
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              458D5600
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 106A50F4
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   38335668
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortUshort]                                         FC75FF36
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   D1E85757
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortInitialize]                                             8B0001E7
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          1BDEF7F0
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                [738D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                 [739198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                             [738DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                       [738CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                 [738D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                              [738CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [7390B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                     [738DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                             [738D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                              [738D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                               [738C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                       [7395D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                          [738F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                             [738CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                       [738C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                      [738C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                         [738D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [738D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [739198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [738DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [738CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [738D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [738CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [7390B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [738DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [738D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [738D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [738C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [7395D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [738F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [738CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [738C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [738C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [738D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               8552B1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                        873F01F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                               87C471F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df052969b                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0563adb                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0563adb@2421ab046ec3                             0x7C 0x82 0x09 0x0A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                               0xDC 0x84 0xE0 0xDE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xC4 0x21 0x46 0xF6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xAA 0x70 0x83 0x80 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF1 0xC1 0xE3 0x1B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x94 0xB7 0x0D 0x40 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x14 0xD6 0x9F 0x57 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0xF0 0x5D 0x28 0xBD ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df052969b (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0563adb (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0563adb@2421ab046ec3                                 0x7C 0x82 0x09 0x0A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                   0xDC 0x84 0xE0 0xDE ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xC4 0x21 0x46 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xAA 0x70 0x83 0x80 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF1 0xC1 0xE3 0x1B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x94 0xB7 0x0D 0x40 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x14 0xD6 0x9F 0x57 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xF0 0x5D 0x28 0xBD ...

---- EOF - GMER 1.0.15 ----
--- --- ---


Für die Externe:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-12 15:28:02
Windows 6.0.6001 Service Pack 1
Running: Huppala.exe.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            8C8FB6FC                                                                                                             ZwCreateThread
SSDT            8C8FB6E8                                                                                                             ZwOpenProcess
SSDT            8C8FB6ED                                                                                                             ZwOpenThread
SSDT            8C8FB6F7                                                                                                             ZwTerminateProcess
SSDT            8C8FB6F2                                                                                                             ZwWriteVirtualMemory

INT 0x51        ?                                                                                                                    86F72BF8
INT 0x51        ?                                                                                                                    86F72BF8
INT 0x51        ?                                                                                                                    86F72BF8
INT 0x72        ?                                                                                                                    86F72BF8
INT 0x82        ?                                                                                                                    86F72BF8
INT 0x92        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    85528BF8
INT 0xA2        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    86F72BF8
INT 0xA2        ?                                                                                                                    85528BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                      82301B18 4 Bytes  [FC, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                      82301CE8 4 Bytes  CALL C9BCACA3 
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                      82301D04 4 Bytes  [ED, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                      82301F18 4 Bytes  [F7, B6, 8F, 8C]
.text           ntkrnlpa.exe!KeSetTimerEx + 8B4                                                                                      82301F78 4 Bytes  [F2, B6, 8F, 8C]
?               System32\Drivers\spln.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x8E001340, 0x3E9407, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                8A3DD46F 5 Bytes  JMP 86F721D8 
.text           axl974od.SYS                                                                                                         8E86A000 22 Bytes  [26, D2, 21, 82, 10, D1, 21, ...]
.text           axl974od.SYS                                                                                                         8E86A017 181 Bytes  [00, 32, 67, 79, 80, 3D, 65, ...]
.text           axl974od.SYS                                                                                                         8E86A0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           axl974od.SYS                                                                                                         8E86A0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           axl974od.SYS                                                                                                         8E86A0E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           ...                                                                                                                  
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0x9DB07300, 0x3AE88, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0x9DB4A300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [8068C6D6] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [8068C042] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [8068C800] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [8068C0C0] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [8068C13E] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [8069BE9C] \SystemRoot\System32\Drivers\spln.sys
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortNotification]                                           CC000CC2
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortUchar]                                         83EC8B55
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortUlong]                                         575320EC
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     458DFF33
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          8D5750FC
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   5750F845
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortUchar]                                          8957046A
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortStallExecution]                                         75E8FC7D
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetParentBusType]                                       BB0001E8
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortRequestCallback]                                        000000EA
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  850FC33B
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   0000012B
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortCompleteRequest]                                        0FFC7D39
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortMoveMemory]                                             00012284
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              458D5600
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 106A50F4
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   38335668
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortUshort]                                         FC75FF36
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   D1E85757
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortInitialize]                                             8B0001E7
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          1BDEF7F0
IAT             \SystemRoot\System32\Drivers\axl974od.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                [738D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                 [739198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                             [738DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                       [738CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                 [738D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                              [738CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [7390B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                     [738DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                             [738D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                              [738D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                               [738C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                       [7395D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                          [738F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                             [738CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                       [738C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                      [738C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2932] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                         [738D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [738D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [739198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [738DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [738CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [738D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [738CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [7390B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [738DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [738D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [738D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [738C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [7395D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [738F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [738CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [738C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [738C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [738D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               8552B1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                        873F01F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                 855261F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     86D5F500
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     86D5F500
Device          \Driver\PCI_PNP0102 \Device\00000052                                                                                 spln.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                     86D721F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     86D5F500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     86D5F500
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     86D5F500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                     86D5F500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                               855261F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                     86D721F8
Device          \Driver\USBSTOR \Device\00000071                                                                                     872E31F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                               855261F8
Device          \Driver\cdrom \Device\CdRom0                                                                                         86D671F8
Device          \Driver\USBSTOR \Device\00000072                                                                                     872E31F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   [8A2A43C0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [8A2A43C0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                        [8A2A43C0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                         86D671F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                               855261F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                               855261F8
Device          \Driver\cdrom \Device\CdRom2                                                                                         86D671F8
Device          \Driver\BTHUSB \Device\00000075                                                                                      bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              872E51F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                       872E81F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df052969b                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0563adb                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0563adb@2421ab046ec3                             0x7C 0x82 0x09 0x0A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                               0xDC 0x84 0xE0 0xDE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xC4 0x21 0x46 0xF6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xAA 0x70 0x83 0x80 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF1 0xC1 0xE3 0x1B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x94 0xB7 0x0D 0x40 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x14 0xD6 0x9F 0x57 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0xF0 0x5D 0x28 0xBD ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df052969b (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0563adb (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0563adb@2421ab046ec3                                 0x7C 0x82 0x09 0x0A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                   0xDC 0x84 0xE0 0xDE ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xC4 0x21 0x46 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xAA 0x70 0x83 0x80 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF1 0xC1 0xE3 0x1B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x94 0xB7 0x0D 0x40 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x14 0xD6 0x9F 0x57 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xF0 0x5D 0x28 0xBD ...

---- EOF - GMER 1.0.15 ----
--- --- ---
Alt 14.10.2010, 21:05   #21
Lechs
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Felt schon wieder etwas

Alt 17.10.2010, 13:10   #22
Redwulf
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Nein, aber ein bischen Zeit brauch ich dennoch um deine Daten zu sichten und auszuwerten. Zum Teil ist es jetzt sehr schwer einige Dinge nachzuvollziehen.

Durch deine Vorarbeit sind u.a. einige Leichen übergeblieben, die sollten wir erst mal mit Hijack beseitigen. Weiterhin unnütze Einträge....

Also bitte öffne Hijack This und markiere die folgenden Einträge. ( Haken dran )

Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
Bitte deinstalliere auch die Google Toolbar, und die Softsonic Toolbar. Google ist ein Datenkrake und Softsonic steht im Verdacht dein Onlineverhalten zu analysieren. Die Daemon Tools hast du ja schon offensichtlich entfernt, dass ist übrigens auch so ein Teil von Malware, die du sicherlich nicht magst. Ich persönlich mag keine Toolbars und rate dir auch dringend solche nicht mehr zu installieren.

Das gleiche gilt für Startseiten und Suchseiten, ich bevorzuge die Standart oder Google als Suchseite....

Desweiteren die Frage ob du über einen Proxyserver ins Internet gehst?

Bitte suche diese Dateien in deinem Rechner
Code:
ATTFilter
C:\Windows\system32\conime.exe
C:\Program Files\softonic-de3\tbsoft.dll
C:\Windows\system32\nvvsvc.exe
Lade bitte diese Dateien nacheinander bei Virustotal hoch und lasse sie analysieren. Auch wenn dort steht, dass diese Dateien bekannt sind und bereits analysiert wurden. Bitte poste dann die Ergebnisse dieser Scans hier als Antwort.

Gmer zeigt keinen rootkit an, desweiteren scheint Malwarebytes auch nicht mehr fündig geworden zu sein. Das heisst aber nicht, dass da nicht noch was ist.. Gibt es weitere Auffälligkeiten an deinem Rechner? - Erscheint das Tan Fenster immer noch ?

Wir müssen jetzt Schritt für Schritt vorgehen, dass ist wichtig. Deshalb nochmals meine Frage: Hast du alle deine Dateien sichtbar gemacht und hast du die Systemwiederherstellung ausgeschaltet ? Falls nicht, machst du das bitte spätestens jetzt.

Bitte arbeite die o.a. Reihenfolge jetzt ab. Bitte poste die Logs aus Virustotal.
Hiernach bitte ein neues Hijack this und zur Sicherheit nochmals einen Malwarebytes FULLSCAN, bitte vergiss nicht vorher Malwarebytes zu updaten.
__________________
Quidquid agis prudenter agas et respice finem

Was auch immer du tust, tu es klug und bedenke die Folgen

---------------------------------------------------------------------------------
Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM
Alt 18.10.2010, 14:31   #23
Redwulf
 
100 Tan Trojaner - Standard

100 Tan Trojaner


Aufgabe No. 2

Bitte folgende File auf deinem Rechner suchen und auf jeden Fall nochmals bei Virustotal.com checken lassen.

Code:
ATTFilter
C:\Windows\system32\drivers\megasas.sys
C:\Program Files\lg_swupdate\giljabistart.exe
C:\Windows\System32\Lffpx7.dll
C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{6FD260BF-5A16-45DB-9E8F-75D25C1D0607}\NewShortcut1_3.exe
Ich denke dann sind wir schon ein ganzes Stück weiter....

Bitte denke dran, falls irgendwas bei Virustotal gefunden wird, den kompletten Inhalt hier zu posten. Negativergebnisse brauchst du hier nicht zu posten...
__________________
Quidquid agis prudenter agas et respice finem

Was auch immer du tust, tu es klug und bedenke die Folgen

---------------------------------------------------------------------------------
Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM
Alt 21.10.2010, 23:57   #24
Redwulf
 
100 Tan Trojaner - Standard

100 Tan Trojaner


KEINE Verbindung mehr zum User........ Thread schließen
__________________
Quidquid agis prudenter agas et respice finem

Was auch immer du tust, tu es klug und bedenke die Folgen

---------------------------------------------------------------------------------
Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM
Antwort
Seite 2 von 2 1 2

Themen zu 100 Tan Trojaner
100 tan, 100 tan trojaner, 4d36e972-e325-11ce-bfc1-08002be10318, agere systems, aktuellsten, angemeldet, avgntflt.sys, c:\windows\system32\rundll32.exe, components, computer, computern, corp./icp, dringend, einloggen, firefox.exe, gelöscht, home premium, html, iastor.sys, installiert, intranet, liste, local\temp, location, mcafee, media center, meldung, nichts, nvlddmkm.sys, nvstor.sys, officejet, oldtimer, otl logfile, plug-in, problem, programdata, sched.exe, schließen, searchplugins, service pack 1, skype.exe, sptd.sys, spybot, start menu, static, tan, tan trojaner, tans, trojane, trojaner, virusscan, vista, warnung, windows, windows vista, wrapper, öffnet


« explorer.exe virus gefunden was tun? | Deutsche Bank Trojaner »


Zum Thema 100 Tan Trojaner - Ich kann GMER normal öffnen und dann drücke ich auf scan. Das funktioniert auch eine Minute lang und dann kommt ein Bluescreen und der PC fährt neu hoch... Wodran kann - 100 Tan Trojaner...
Archiv
Du betrachtest: 100 Tan Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131