| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Auswertung GMER LogWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.01.2010, 10:20
| #1 |
 |  Auswertung GMER Log hiho. ich bräuchte hilfe bei der auswertung des logs von GMER, da ich daraus gar nicht schlüssig werde. nachdem mein wow account gehackt wurde, riet man mir dies druchzuführen. schonmal danke für die hilfe.. Jörg hier das log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-28 10:03:07 Windows 6.0.6002 Service Pack 2 Running: 0t92vrc6.exe; Driver: C:\Users\BRAUKL~1\AppData\Local\Temp\pxlyquob.sys .text ... ---- System - GMER 1.0.15 ---- SSDT 8B366150 ZwConnectPort SSDT 96FB0248 ZwOpenProcess SSDT 96FB024D ZwOpenThread SSDT 96FB0252 ZwWriteVirtualMemory SSDT 96FB0257 ZwTerminateProcess SSDT 96FB025C ZwCreateThread ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\a-squared Free\a2service.exe[2120] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) IAT C:\Program Files\a-squared Free\a2service.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\a-squared Free\a2service.exe[2120] kernel32.dll!CreateThread + 1A 76E0C928 4 Bytes CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00173104e249 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0xC2 0xF3 0xBE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0x85 0x57 0x5D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x58 0xED 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00173104e249 Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio@DisplayName lvupdtio Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio@ImagePath \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\lvupdtio@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0xC2 0xF3 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0x85 0x57 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x58 0xED 0xC0 ... ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 1C1 822C1904 4 Bytes [50, 61, 36, 8B] .text ntkrnlpa.exe!KeSetEvent + 221 822C1964 4 Bytes [5C, 02, FB, 96] {POP ESP; ADD BH, BL; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 3F2 822C1B35 3 Bytes [02, FB, 96] {ADD BH, BL; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 40D 822C1B50 4 Bytes [4D, 02, FB, 96] {DEC EBP; ADD BH, BL; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 621 822C1D64 4 Bytes [57, 02, FB, 96] {PUSH EDI; ADD BH, BL; XCHG ESI, EAX} ---- EOF - GMER 1.0.15 ---- |
| Themen zu Auswertung GMER Log |
| .dll, appdata, asus, auswertung, code, controlset002, free, gehackt, gmer, live, local\temp, log, programme, registry, scan, service.exe, services, shell32.dll, software, start, system, system32, tcp, temp, udp, update, wow account |
Baum-Darstellung