| |
| |||||||
Log-Analyse und Auswertung: Ständige systemabstürze - hijackthis logWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.06.2010, 22:13
| #1 |
 |  Ständige systemabstürze - hijackthis log Lieber Markus, ich habe alles gemacht so wie du es gesagt hast jedoch muss ich bei einer sache sagen das sie mir ein wenig sorgen bereitet. Avira deinstallieren bereitet mir kopfschmerzen denn ich habe in der Vergangenheit oft die Erfahrung gemacht das bei Infizierten Dateien NUR Avira signal gibt und NICHT Avast. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-08 22:56:39
Windows 5.1.2600 Service Pack 2
Running: 3ydh3l4m.exe; Driver: C:\DOKUME~1\benni\LOKALE~1\Temp\agldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB72646B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7264574]
SSDT B9D5B86C ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7264A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB726414C]
SSDT spgn.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spgn.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB726464E]
SSDT B9D5B858 ZwOpenProcess
SSDT B9D5B85D ZwOpenThread
SSDT spgn.sys ZwQueryKey [0xBA6C7108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB726476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB726472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB72648AE]
SSDT B9D5B867 ZwTerminateProcess
SSDT B9D5B862 ZwWriteVirtualMemory
INT 0x62 ? 8A619BF8
INT 0x82 ? 8A619BF8
INT 0x83 ? 8A273BF8
INT 0x94 ? 8A273BF8
INT 0xB4 ? 8A273BF8
---- Kernel code sections - GMER 1.0.15 ----
? spgn.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA038360, 0x22379D, 0xE8000020]
.text USBPORT.SYS!DllUnload B9E6E7AE 5 Bytes JMP 8A2731D8
.text a7nkrfgj.SYS B9BB6384 1 Byte [20]
.text a7nkrfgj.SYS B9BB6384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a7nkrfgj.SYS B9BB63AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a7nkrfgj.SYS B9BB63C4 3 Bytes [00, 00, 00]
.text a7nkrfgj.SYS B9BB63C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spgn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spgn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spgn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spgn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spgn.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spgn.sys
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\a7nkrfgj.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\benni\Eigene Dateien\Downloads\3ydh3l4m.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\benni\Eigene Dateien\Downloads\3ydh3l4m.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\benni\Eigene Dateien\Downloads\3ydh3l4m.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\benni\Eigene Dateien\Downloads\3ydh3l4m.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wscntfy.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wscntfy.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wscntfy.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wscntfy.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wuauclt.exe[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wuauclt.exe[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wuauclt.exe[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wuauclt.exe[3956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \FatCdrom 8A6031F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{35F09D14-FF1A-4743-9583-BD157E7CA04A} 8A321290
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-0 8A2711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A61A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A61A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A61A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A61A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A2711F8
Device \Driver\usbuhci \Device\USBPDO-2 8A2711F8
Device \Driver\usbuhci \Device\USBPDO-3 8A2711F8
Device \Driver\usbehci \Device\USBPDO-4 8A20B1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A68A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A68A1F8
Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device \Driver\Cdrom \Device\CdRom0 8A0C61F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A68A1F8
Device \Driver\Cdrom \Device\CdRom1 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
Device \Driver\Cdrom \Device\CdRom1 8A0C61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6191F8
Device \Driver\atapi \Device\Ide\IdePort0 8A6191F8
Device \Driver\atapi \Device\Ide\IdePort1 8A6191F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A6191F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F619AC05-F561-42E0-B482-B8F350CFBB3E} 8A321290
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A321290
Device \Driver\sptd \Device\1170910862 spgn.sys
Device \Driver\NetBT \Device\NetbiosSmb 8A321290
Device \Driver\PCI_PNP0862 \Device\00000087 spgn.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 8A2711F8
Device \Driver\usbuhci \Device\USBFDO-1 8A2711F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A09F500
Device \Driver\usbuhci \Device\USBFDO-2 8A2711F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A09F500
Device \Driver\usbuhci \Device\USBFDO-3 8A2711F8
Device \Driver\Ftdisk \Device\FtControl 8A68A1F8
Device \Driver\usbehci \Device\USBFDO-4 8A20B1F8
Device \Driver\a7nkrfgj \Device\Scsi\a7nkrfgj1 8A0821F8
Device \Driver\a7nkrfgj \Device\Scsi\a7nkrfgj1Port2Path0Target0Lun0 8A0821F8
Device \FileSystem\Fastfat \Fat 8A6031F8
AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 8A0963D8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cee2adac
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0x30 0xB4 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0xDD 0x0B 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x77 0x7B 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cee2adac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0x30 0xB4 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0xDD 0x0B 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x77 0x7B 0x57 ...
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Ständige systemabstürze - hijackthis log |
| adobe, antivir, antivirus, avast, avast!, avg, avira, bho, browseui preloader, einstellungen, excel, explorer, firefox, freundlich, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, internet, internet explorer, mozilla, nvidia, plug-in, problem, rundll, sehr geholfen, senden, software, system, updates, windows, windows xp |
Hybrid-Darstellung
