Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke (https://www.trojaner-board.de/95947-internet-sehr-langsam-system-tool-andere-plagegeister-pc-schnecke.html)

cosinus 24.02.2011 16:11
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

TrjPferd 24.02.2011 16:59
GMER:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-24 16:58:17
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3160827AS rev.3.42
Running: g2m3e4r.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                    82E91589 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82EB6092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x9855E300, 0x3B638, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x985A1300, 0x1BEE, 0xE8000020]
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000056                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x1B 0x3C 0xAB 0xBD ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x92 0xE0 0xE9 0x4A ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x24 0xF4 0xBA 0x5F ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xBB 0x9E 0xB0 0x21 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x1B 0x3C 0xAB 0xBD ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x92 0xE0 0xE9 0x4A ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x24 0xF4 0xBA 0x5F ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xBB 0x9E 0xB0 0x21 ...

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:03:02 on 24.02.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Julian\AppData\Local\Temp\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\Users\Julian\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)" (TEAM) - ? - C:\Windows\System32\DRIVERS\RtTeam60.sys  (File not found)
"Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)" (VLAN) - ? - C:\Windows\System32\DRIVERS\RtVLAN60.sys  (File not found)
"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uxryqpod" (uxryqpod) - ? - C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{140E4DF8-9E14-4A34-9577-C77561ED7883} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_cyri_4.1.71.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
{B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_test.dll / hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
{40F576AD-8680-4F9E-9490-99D069CD665F} "{40F576AD-8680-4F9E-9490-99D069CD665F}" - ? -  (File not found | COM-object registry key not found) / hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PokerStars" - ? - C:\Program Files\Pokerstars\PokerStarsUpdate.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Netreal" - ? - C:\Users\Julian\AppData\Roaming\Wmidep\monadv.exe  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"RivaTunerStartupDaemon" - ? - "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                GA-MA790X-DS4
Logical Drives Mask:                0x0000001d

Kernel Drivers (total 177):
  0x82E4E000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E17000 \SystemRoot\system32\halmacpi.dll
  0x80BD4000 \SystemRoot\system32\kdcom.dll
  0x83C11000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x83C1C000 \SystemRoot\system32\PSHED.dll
  0x83C2D000 \SystemRoot\system32\BOOTVID.dll
  0x83C35000 \SystemRoot\system32\CLFS.SYS
  0x83C77000 \SystemRoot\system32\CI.dll
  0x83D22000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83D93000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83DA1000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83DE9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x83DF2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83C00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83E10000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83E3A000 \SystemRoot\System32\drivers\partmgr.sys
  0x83E4B000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83E5B000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83EA6000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83EAD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83EBB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83ED1000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x83EDA000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x83EFD000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x83F06000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83F3A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B231000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B360000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B38B000 \SystemRoot\System32\Drivers\ksecdd.sys

cosinus 24.02.2011 18:51
Log von MBRCHECK ist unvollständig.

TrjPferd 24.02.2011 18:52
okay, ich probiers gleich nochmal, editiers dann hier rein.

TrjPferd 24.02.2011 19:58
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                GA-MA790X-DS4
Logical Drives Mask:                0x0000001d

Kernel Drivers (total 172):
  0x82E4E000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E17000 \SystemRoot\system32\halmacpi.dll
  0x80BD4000 \SystemRoot\system32\kdcom.dll
  0x83C11000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x83C1C000 \SystemRoot\system32\PSHED.dll
  0x83C2D000 \SystemRoot\system32\BOOTVID.dll
  0x83C35000 \SystemRoot\system32\CLFS.SYS
  0x83C77000 \SystemRoot\system32\CI.dll
  0x83D22000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83D93000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83DA1000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83DE9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x83DF2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83C00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83E10000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83E3A000 \SystemRoot\System32\drivers\partmgr.sys
  0x83E4B000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83E5B000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83EA6000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83EAD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83EBB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83ED1000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x83EDA000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x83EFD000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x83F06000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83F3A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B231000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B360000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B38B000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B39E000 \SystemRoot\System32\Drivers\cng.sys
  0x8B200000 \SystemRoot\System32\drivers\pcw.sys
  0x8B20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B435000 \SystemRoot\system32\drivers\ndis.sys
  0x8B4EC000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B52A000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B621000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B76A000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B79B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B7A4000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B7E3000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B7EB000 \SystemRoot\system32\speedfan.sys
  0x8B54F000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B7ED000 \SystemRoot\System32\Drivers\mup.sys
  0x8B600000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8B608000 \SystemRoot\system32\giveio.sys
  0x8B57C000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B609000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B5AE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8B5D3000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B411000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B61A000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B217000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B21E000 \SystemRoot\System32\drivers\vga.sys
  0x83F4B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x83F6C000 \SystemRoot\System32\drivers\watchdog.sys
  0x83F79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x83F81000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x83F89000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x83F91000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x83F9C000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x83FAA000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x83FC1000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8E83F000 \SystemRoot\system32\drivers\afd.sys
  0x8E899000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8E8CB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8E8D2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8E8F1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8E902000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8E910000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8E92A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8E93D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E94D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8E953000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
  0x8E975000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
  0x8E97B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E9BC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E9C6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8E9D0000 \SystemRoot\System32\drivers\discache.sys
  0x90A17000 \SystemRoot\system32\drivers\csc.sys
  0x90A7B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90A93000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90AA1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90AC7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90AE8000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x90AF9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x9160B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x92089000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x9208B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x92142000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9217B000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x92185000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x921D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x921DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x90B02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x90B21000 \SystemRoot\system32\DRIVERS\DLKRT32.sys
  0x90B4D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x921E5000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x921F0000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x90B79000 \SystemRoot\system32\DRIVERS\parport.sys
  0x90B91000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x90B9E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x90BB0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8E9DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8E800000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x921FA000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x90BEA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x8E817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E824000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x90BF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x83FCC000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8E831000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90C32000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90C76000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x90C80000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90C91000 \SystemRoot\system32\drivers\HdAudio.sys
  0x90CE1000 \SystemRoot\system32\drivers\portcls.sys
  0x90D10000 \SystemRoot\system32\drivers\drmk.sys
  0x97F50000 \SystemRoot\System32\win32k.sys
  0x90D29000 \SystemRoot\System32\drivers\Dxapi.sys
  0x90D33000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90D4A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x90D4C000 \SystemRoot\system32\drivers\usbaudio.sys
  0x90D60000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90D6B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x90D7E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x90D85000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90D91000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9F607000 \SystemRoot\system32\DRIVERS\lvuvc.sys
  0x9FCB7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x981B0000 \SystemRoot\System32\TSDDD.dll
  0x981E0000 \SystemRoot\System32\cdd.dll
  0x9FCC2000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9FCD8000 \SystemRoot\system32\drivers\luafv.sys
  0x9FCF3000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9FD0D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9FD1A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9FD25000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9FD2E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x9FD3F000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9FD4F000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9FD95000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9FDA5000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x98417000 \SystemRoot\system32\drivers\HTTP.sys
  0x9849C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x984B5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x984C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x984EA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x98525000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x98540000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x9855E000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x985A1000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA1602000 \SystemRoot\system32\drivers\peauth.sys
  0xA1699000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA16A3000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA16C4000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA16D1000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1720000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA1771000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA179B000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xA17CC000 \??\C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
  0xBC88C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0xBC8A5000 \SystemRoot\system32\DRIVERS\sscewh.sys
  0xBC8C4000 \SystemRoot\system32\DRIVERS\sscecm.sys
  0xBC918000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xBC9B3000 \??\C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys
  0x770A0000 \Windows\System32\ntdll.dll
  0x47DD0000 \Windows\System32\smss.exe
  0x772E0000 \Windows\System32\apisetschema.dll
  0x003C0000 \Windows\System32\autochk.exe

Processes (total 50):
      0 System Idle Process
      4 SYSTEM
    260 C:\Windows\System32\smss.exe
    348 csrss.exe
    424 C:\Windows\System32\wininit.exe
    440 csrss.exe
    476 C:\Windows\System32\services.exe
    500 C:\Windows\System32\lsass.exe
    508 C:\Windows\System32\lsm.exe
    580 C:\Windows\System32\winlogon.exe
    664 C:\Windows\System32\svchost.exe
    728 C:\Windows\System32\nvvsvc.exe
    768 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\nvvsvc.exe
    1240 C:\Windows\System32\svchost.exe
    1464 C:\Windows\System32\spoolsv.exe
    1512 C:\Windows\System32\svchost.exe
    1664 C:\Windows\System32\FsUsbExService.Exe
    1744 C:\Windows\System32\PnkBstrA.exe
    1788 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1836 C:\Windows\System32\svchost.exe
    1908 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    972 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    504 C:\Windows\System32\taskhost.exe
    1496 C:\Windows\System32\dwm.exe
    1508 C:\Windows\System32\taskeng.exe
    2188 C:\Program Files\Google\Update\GoogleUpdate.exe
    2596 C:\Windows\System32\SearchIndexer.exe
    2984 C:\Windows\System32\svchost.exe
    3828 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3700 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4012 C:\Windows\System32\svchost.exe
    3140 dllhost.exe
    2788 C:\Windows\System32\svchost.exe
    3644 C:\Windows\explorer.exe
    2300 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    3948 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    3708 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    2336 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    3216 C:\Windows\System32\audiodg.exe
    2552 C:\Program Files\Mozilla Firefox\firefox.exe
    2364 C:\Program Files\Mozilla Firefox\plugin-container.exe
    612 C:\Windows\explorer.exe
    2592 C:\Users\Julian\Downloads\MBRCheck(2).exe
    2040 C:\Windows\System32\conhost.exe
    2576 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

PhysicalDrive0 Model Number: ST3160827AS, Rev: 3.42   

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 24.02.2011 20:01
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

TrjPferd 24.02.2011 22:14
Nach dem Reboot tauchen die Probleme wieder auf! :-/


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:37 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27