Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mein Pc macht leider Probleme Internet Explorer öffnet Seiten nicht usw. (https://www.trojaner-board.de/136603-pc-macht-leider-probleme-internet-explorer-oeffnet-seiten-usw.html)

christian346 14.06.2013 18:38
Mein Pc macht leider Probleme Internet Explorer öffnet Seiten nicht usw.
 
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-14 19:30:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD5000AAVS-00ZTB0 rev.01.01B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: F:\Users\chris\AppData\Local\Temp\kgloqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG F:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002bfb000 71 bytes [68, 44, 8A, 5C, 24, 60, 89, ...]
INITKDBG F:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 632 fffff80002bfb048 23 bytes [00, 00, 02, 75, 10, 85, ED, ...]

---- User code sections - GMER 2.1 ----

.text F:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2140] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761f1465 2 bytes [1F, 76]
.text F:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2140] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761f14bb 2 bytes [1F, 76]
.text ... * 2
.text F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1380] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761f1465 2 bytes [1F, 76]
.text F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1380] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761f14bb 2 bytes [1F, 76]
.text ... * 2
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007702f9f0 5 bytes JMP 0000000166d966a0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007702fa88 5 bytes JMP 0000000166d1f08a
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007702fc18 5 bytes JMP 0000000166d965d0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007702fe3c 5 bytes JMP 0000000166d96730
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770301a4 5 bytes JMP 0000000166d1f0cf
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007703131c 5 bytes JMP 0000000166d968b0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\syswow64\kernel32.dll!CloseHandle 0000000076211410 5 bytes JMP 0000000166d964d0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076213f3c 5 bytes JMP 0000000166d96390
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\syswow64\kernel32.dll!CreateFileA 00000000762153ae 5 bytes JMP 0000000166d96250
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761f1465 2 bytes [1F, 76]
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3092] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761f14bb 2 bytes [1F, 76]
.text ... * 2
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007702f9f0 5 bytes JMP 0000000166d966a0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007702fa88 5 bytes JMP 0000000166d1f08a
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007702fc18 5 bytes JMP 0000000166d965d0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007702fe3c 5 bytes JMP 0000000166d96730
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000770301a4 5 bytes JMP 0000000166d1f0cf
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007703131c 5 bytes JMP 0000000166d968b0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\syswow64\kernel32.dll!CloseHandle 0000000076211410 5 bytes JMP 0000000166d964d0
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076213f3c 5 bytes JMP 0000000166d96390
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\syswow64\kernel32.dll!CreateFileA 00000000762153ae 5 bytes JMP 0000000166d96250
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761f1465 2 bytes [1F, 76]
.text F:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1592] F:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761f14bb 2 bytes [1F, 76]
.text ... * 2

---- EOF - GMER 2.1 ----

markusg 14.06.2013 18:41
hi
man fängt eigendlich mit ner Problembeschreibung an. hol das nach, danke.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131