| |
| |||||||
Log-Analyse und Auswertung: Internet sehr langsam, "System Tool", und andere Plagegeister, PC = SchneckeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2011, 16:11
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.02.2011, 16:59
| #17 |
 | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke GMER:
__________________Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-24 16:58:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3160827AS rev.3.42
Running: g2m3e4r.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E91589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB6092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9855E300, 0x3B638, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x985A1300, 0x1BEE, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x3C 0xAB 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xE0 0xE9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xF4 0xBA 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0x9E 0xB0 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x3C 0xAB 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xE0 0xE9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xF4 0xBA 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0x9E 0xB0 0x21 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:03:02 on 24.02.2011 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Julian\AppData\Local\Temp\catchme.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\Users\Julian\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)" (TEAM) - ? - C:\Windows\System32\DRIVERS\RtTeam60.sys (File not found) "Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)" (VLAN) - ? - C:\Windows\System32\DRIVERS\RtVLAN60.sys (File not found) "RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys (File not found) "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uxryqpod" (uxryqpod) - ? - C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {140E4DF8-9E14-4A34-9577-C77561ED7883} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_cyri_4.1.71.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_test.dll / hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab {40F576AD-8680-4F9E-9490-99D069CD665F} "{40F576AD-8680-4F9E-9490-99D069CD665F}" - ? - (File not found | COM-object registry key not found) / hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe "PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (File not found) "PokerStars" - ? - C:\Program Files\Pokerstars\PokerStarsUpdate.exe (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Netreal" - ? - C:\Users\Julian\AppData\Roaming\Wmidep\monadv.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "RivaTunerStartupDaemon" - ? - "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-DS4
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 177):
0x82E4E000 \SystemRoot\system32\ntkrnlpa.exe
0x82E17000 \SystemRoot\system32\halmacpi.dll
0x80BD4000 \SystemRoot\system32\kdcom.dll
0x83C11000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83C1C000 \SystemRoot\system32\PSHED.dll
0x83C2D000 \SystemRoot\system32\BOOTVID.dll
0x83C35000 \SystemRoot\system32\CLFS.SYS
0x83C77000 \SystemRoot\system32\CI.dll
0x83D22000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83D93000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83DA1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83DE9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83DF2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83C00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83E10000 \SystemRoot\system32\DRIVERS\pci.sys
0x83E3A000 \SystemRoot\System32\drivers\partmgr.sys
0x83E4B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83E5B000 \SystemRoot\System32\drivers\volmgrx.sys
0x83EA6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83EAD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83EBB000 \SystemRoot\System32\drivers\mountmgr.sys
0x83ED1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83EDA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83EFD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83F06000 \SystemRoot\system32\drivers\fltmgr.sys
0x83F3A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B360000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B38B000 \SystemRoot\System32\Drivers\ksecdd.sys
Geändert von TrjPferd (24.02.2011 um 17:04 Uhr) |
|
24.02.2011, 18:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Log von MBRCHECK ist unvollständig.
__________________
__________________ |
|
24.02.2011, 18:52
| #19 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke okay, ich probiers gleich nochmal, editiers dann hier rein. |
|
24.02.2011, 19:58
| #20 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = SchneckeCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-DS4
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 172):
0x82E4E000 \SystemRoot\system32\ntkrnlpa.exe
0x82E17000 \SystemRoot\system32\halmacpi.dll
0x80BD4000 \SystemRoot\system32\kdcom.dll
0x83C11000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83C1C000 \SystemRoot\system32\PSHED.dll
0x83C2D000 \SystemRoot\system32\BOOTVID.dll
0x83C35000 \SystemRoot\system32\CLFS.SYS
0x83C77000 \SystemRoot\system32\CI.dll
0x83D22000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83D93000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83DA1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83DE9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83DF2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83C00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83E10000 \SystemRoot\system32\DRIVERS\pci.sys
0x83E3A000 \SystemRoot\System32\drivers\partmgr.sys
0x83E4B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83E5B000 \SystemRoot\System32\drivers\volmgrx.sys
0x83EA6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83EAD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83EBB000 \SystemRoot\System32\drivers\mountmgr.sys
0x83ED1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83EDA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83EFD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83F06000 \SystemRoot\system32\drivers\fltmgr.sys
0x83F3A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B360000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B38B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B39E000 \SystemRoot\System32\Drivers\cng.sys
0x8B200000 \SystemRoot\System32\drivers\pcw.sys
0x8B20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B435000 \SystemRoot\system32\drivers\ndis.sys
0x8B4EC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B52A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B621000 \SystemRoot\System32\drivers\tcpip.sys
0x8B76A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B79B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B7A4000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7E3000 \SystemRoot\System32\Drivers\spldr.sys
0x8B7EB000 \SystemRoot\system32\speedfan.sys
0x8B54F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B7ED000 \SystemRoot\System32\Drivers\mup.sys
0x8B600000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B608000 \SystemRoot\system32\giveio.sys
0x8B57C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B609000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B5AE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B5D3000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B411000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B61A000 \SystemRoot\System32\Drivers\Null.SYS
0x8B217000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B21E000 \SystemRoot\System32\drivers\vga.sys
0x83F4B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x83F6C000 \SystemRoot\System32\drivers\watchdog.sys
0x83F79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x83F81000 \SystemRoot\system32\drivers\rdpencdd.sys
0x83F89000 \SystemRoot\system32\drivers\rdprefmp.sys
0x83F91000 \SystemRoot\System32\Drivers\Msfs.SYS
0x83F9C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x83FAA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x83FC1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E83F000 \SystemRoot\system32\drivers\afd.sys
0x8E899000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E8CB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E8D2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E8F1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E902000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E910000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E92A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E93D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E94D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E953000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0x8E975000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0x8E97B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E9BC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E9C6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E9D0000 \SystemRoot\System32\drivers\discache.sys
0x90A17000 \SystemRoot\system32\drivers\csc.sys
0x90A7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90A93000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90AA1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90AC7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90AE8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x90AF9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9160B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92089000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9208B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92142000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9217B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x92185000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x921D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x921DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90B02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90B21000 \SystemRoot\system32\DRIVERS\DLKRT32.sys
0x90B4D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x921E5000 \SystemRoot\system32\DRIVERS\fdc.sys
0x921F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90B79000 \SystemRoot\system32\DRIVERS\parport.sys
0x90B91000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90B9E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90BB0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E9DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x921FA000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x90BEA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E824000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90BF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x83FCC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E831000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90C32000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90C76000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x90C80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90C91000 \SystemRoot\system32\drivers\HdAudio.sys
0x90CE1000 \SystemRoot\system32\drivers\portcls.sys
0x90D10000 \SystemRoot\system32\drivers\drmk.sys
0x97F50000 \SystemRoot\System32\win32k.sys
0x90D29000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D33000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90D4A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90D4C000 \SystemRoot\system32\drivers\usbaudio.sys
0x90D60000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90D6B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90D7E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90D85000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90D91000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9F607000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x9FCB7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x981B0000 \SystemRoot\System32\TSDDD.dll
0x981E0000 \SystemRoot\System32\cdd.dll
0x9FCC2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9FCD8000 \SystemRoot\system32\drivers\luafv.sys
0x9FCF3000 \SystemRoot\system32\drivers\WudfPf.sys
0x9FD0D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9FD1A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9FD25000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9FD2E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9FD3F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9FD4F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9FD95000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9FDA5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98417000 \SystemRoot\system32\drivers\HTTP.sys
0x9849C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x984B5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x984C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x984EA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98525000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98540000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9855E000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x985A1000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA1602000 \SystemRoot\system32\drivers\peauth.sys
0xA1699000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA16A3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA16C4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA16D1000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1720000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1771000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA179B000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA17CC000 \??\C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
0xBC88C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xBC8A5000 \SystemRoot\system32\DRIVERS\sscewh.sys
0xBC8C4000 \SystemRoot\system32\DRIVERS\sscecm.sys
0xBC918000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBC9B3000 \??\C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys
0x770A0000 \Windows\System32\ntdll.dll
0x47DD0000 \Windows\System32\smss.exe
0x772E0000 \Windows\System32\apisetschema.dll
0x003C0000 \Windows\System32\autochk.exe
Processes (total 50):
0 System Idle Process
4 SYSTEM
260 C:\Windows\System32\smss.exe
348 csrss.exe
424 C:\Windows\System32\wininit.exe
440 csrss.exe
476 C:\Windows\System32\services.exe
500 C:\Windows\System32\lsass.exe
508 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
664 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\nvvsvc.exe
768 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\nvvsvc.exe
1240 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\FsUsbExService.Exe
1744 C:\Windows\System32\PnkBstrA.exe
1788 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1836 C:\Windows\System32\svchost.exe
1908 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
972 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
504 C:\Windows\System32\taskhost.exe
1496 C:\Windows\System32\dwm.exe
1508 C:\Windows\System32\taskeng.exe
2188 C:\Program Files\Google\Update\GoogleUpdate.exe
2596 C:\Windows\System32\SearchIndexer.exe
2984 C:\Windows\System32\svchost.exe
3828 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3700 C:\Program Files\Windows Media Player\wmpnetwk.exe
4012 C:\Windows\System32\svchost.exe
3140 dllhost.exe
2788 C:\Windows\System32\svchost.exe
3644 C:\Windows\explorer.exe
2300 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3948 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3708 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2336 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
3216 C:\Windows\System32\audiodg.exe
2552 C:\Program Files\Mozilla Firefox\firefox.exe
2364 C:\Program Files\Mozilla Firefox\plugin-container.exe
612 C:\Windows\explorer.exe
2592 C:\Users\Julian\Downloads\MBRCheck(2).exe
2040 C:\Windows\System32\conhost.exe
2576 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive0 Model Number: ST3160827AS, Rev: 3.42
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
24.02.2011, 20:01
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke |
|
24.02.2011, 22:14
| #22 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Nach dem Reboot tauchen die Probleme wieder auf! :-/ |
|
| Themen zu Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke |
| adobe, antivir, antivir guard, avg, avira, bho, desktop, dsl, explorer, firefox, hijack, hijackthis, internet, internet explorer, internet sehr langsam, langsam, logfile, mozilla, nvidia, object, plug-in, programm, programme, router, sehr langsam, software, system, windows |
Linear-Darstellung
