| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.08.2010, 10:44
| #1 |
 |  Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe Hallo Trojaner-Board  Nach dem booten kommt für ca. 5 sek eine Fehlermeldung der Autochk.exe habe antimalware und avira antivir schon laufen gelassen ohne funde... habe nun mal von GMER ein log erstellen lassen, kann damit aber nicht viel anfangen  wäre mal jmd. so nett und schaut darüber? danke schön  Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 10:46:04
Windows 5.1.2600 Service Pack 3
Running: hj920plt.exe; Driver: C:\DOKUME~1\I\LOKALE~1\Temp\kwpyykod.sys
---- System - GMER 1.0.15 ----
SSDT F7CC52EE ZwCreateKey
SSDT F7CC52E4 ZwCreateThread
SSDT F7CC52F3 ZwDeleteKey
SSDT F7CC52FD ZwDeleteValueKey
SSDT spyo.sys ZwEnumerateKey [0xF7401DA4]
SSDT spyo.sys ZwEnumerateValueKey [0xF7402132]
SSDT F7CC5302 ZwLoadKey
SSDT spyo.sys ZwOpenKey [0xF73E90C0]
SSDT F7CC52D0 ZwOpenProcess
SSDT F7CC52D5 ZwOpenThread
SSDT spyo.sys ZwQueryKey [0xF740220A]
SSDT spyo.sys ZwQueryValueKey [0xF740208A]
SSDT F7CC530C ZwReplaceKey
SSDT F7CC5307 ZwRestoreKey
SSDT F7CC52F8 ZwSetValueKey
SSDT F7CC52DF ZwTerminateProcess
INT 0x62 ? 8676BBF8
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x82 ? 8676BBF8
---- Kernel code sections - GMER 1.0.15 ----
? spyo.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F6FBB8AC 5 Bytes JMP 863AB4E0
.text aql7o5r5.SYS F6E81386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aql7o5r5.SYS F6E813AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aql7o5r5.SYS F6E813C4 3 Bytes [00, 80, 02]
.text aql7o5r5.SYS F6E813C9 1 Byte [30]
.text aql7o5r5.SYS F6E813C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73EA042] spyo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73EA13E] spyo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73EA0C0] spyo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73EA800] spyo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73EA6D6] spyo.sys
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73F9B90] spyo.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8676A1F8
Device \FileSystem\Fastfat \FatCdrom 8650B500
Device \Driver\usbuhci \Device\USBPDO-0 8643C500
Device \Driver\PCI_PNP3508 \Device\00000044 spyo.sys
Device \Driver\PCI_PNP3508 \Device\00000044 spyo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 867DC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 867DC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 867DC1F8
Device \Driver\usbuhci \Device\USBPDO-1 8643C500
Device \Driver\usbuhci \Device\USBPDO-2 8643C500
Device \Driver\usbuhci \Device\USBPDO-3 8643C500
Device \Driver\sptd \Device\282176008 spyo.sys
Device \Driver\usbehci \Device\USBPDO-4 863E3500
Device \Driver\usbstor \Device\00000070 86429500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676C1F8
Device \Driver\Cdrom \Device\CdRom0 8651B500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676C1F8
Device \Driver\Cdrom \Device\CdRom1 8651B500
Device \Driver\atapi \Device\Ide\IdePort0 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8651B500
Device \Driver\NetBT \Device\NetBt_Wins_Export 863FA500
Device \Driver\NetBT \Device\NetbiosSmb 863FA500
Device \Driver\usbuhci \Device\USBFDO-0 8643C500
Device \Driver\usbstor \Device\0000006c 86429500
Device \Driver\usbstor \Device\0000006d 86429500
Device \Driver\usbuhci \Device\USBFDO-1 8643C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 863E9500
Device \Driver\usbstor \Device\0000006e 86429500
Device \Driver\usbuhci \Device\USBFDO-2 8643C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 863E9500
Device \Driver\usbstor \Device\0000006f 86429500
Device \Driver\usbuhci \Device\USBFDO-3 8643C500
Device \Driver\usbehci \Device\USBFDO-4 863E3500
Device \Driver\Ftdisk \Device\FtControl 8676C1F8
Device \Driver\aql7o5r5 \Device\Scsi\aql7o5r51Port2Path0Target0Lun0 86528500
Device \Driver\aql7o5r5 \Device\Scsi\aql7o5r51 86528500
Device \FileSystem\Fastfat \Fat 8650B500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8642B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
---- EOF - GMER 1.0.15 ----
|
| Themen zu Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe |
| antimalware, antivir, avira, bildschirm, blauer bildschirm, booten, cdrom, code, controlset002, datei, driver, fehlermeldung, gmer, hal.dll, i8042prt.sys, ide, log, microsoft, programme, registry, scan, services, start, system, system32, temp, tool, trojaner-board, usbport.sys, write |
Baum-Darstellung