| |
| |||||||
Log-Analyse und Auswertung: Rechner stürzt regelmäßig abWindows 7 Hier könnt Ihr Logs zwecks Auswertung posten. So bekommt man Hilfe: Erste Schritte zur Hilfe! |
 |
07.03.2009, 14:56
| #1 |
| |  Rechner stürzt regelmäßig ab Hallöchen. Rechner stürzt auch nach formatieren + MBR neu schreiben ab,bin langsam am Rande der Verzweifelung. Kann jemand aus dem Log was erkennen? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:52:59, on 07.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINXP\Explorer.EXE C:\WINXP\system32\spoolsv.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINXP\RTHDCPL.EXE C:\WINXP\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINXP\system32\ctfmon.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINXP\system32\nvsvc32.exe C:\WINXP\System32\TUProgSt.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Opera\Opera.exe C:\WINXP\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINXP\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINXP\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe" /dump  s_startupO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINXP\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINXP\System32\TUProgSt.exe -- End of file - 5841 bytes Danke  |
|
07.03.2009, 15:07
| #2 |
  | AW: Rechner stürzt regelmäßig ab Hallo BlackVixen  Lade dir bitte mal CCleaner und arbeite die Punkte nach Anleitung ab Anschließend nutzt du bitte Malwarebytes und postest das Log hier. Mit dem Eintrag weiss ich nichts anzufangen....... Code:
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
|
|
07.03.2009, 15:14
| #3 |
| | AW: Rechner stürzt regelmäßig ab Hi,danke für die schnelle Antwort  CCleaner war schon installiert,habs nach Anleitung durchlaufen lassen. Malwarebytes Anti-Malware lässt sich nach dem installieren leider nicht finden,wo installiert sich das denn hin? Ne,der Rechner wird nur privat genutzt. |
|
07.03.2009, 15:25
| #4 |
| | AW: Rechner stürzt regelmäßig ab Ups,,,, das sollte eigendlich nicht passieren Versuche nochmal zu installieren...... Fall das scheitert lade Download von Gmer lasse GMER laufen und poste das Logfile hier. Vergiss bitte nicht die Code Tags geht so: [+Code] am Anfang des Logs ( oberhalb ) [+/Code] am Ende des Logs ( unterhalb ) alles natürlich ohne die + Zeichen Bis gleich |
|
07.03.2009, 15:46
| #5 |
| | AW: Rechner stürzt regelmäßig ab Code:
GMER 1.0.15.14833 - http://www.gmer.net
Rootkit scan 2009-03-07 15:43:25
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAE456B4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA960C6B8]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAE45914E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAE42EDA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA960C574]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAE44E646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAE44F15E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAE42D2FE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAE43F682]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xAE44CCC6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAE43DF26]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xAE441D4E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA960CA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA960C14C]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAE44B666]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAE43ED86]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAE4350CF]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA960C64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA960C08C]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAE42DD5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA960C0F0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAE458342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE437C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAE442B82]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA960C76E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAE455D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAE44869E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xAE445216]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAE45B636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAE45BC1A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA960C72E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAE4466CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAE447112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAE459E36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAE4551B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAE439BDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAE44A9C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA960C8AE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAE453EE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAE45480E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAE45C81A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xAE45266E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAE453386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAE44C23E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAE4575E6]
|
|
07.03.2009, 15:48
| #6 |
| | AW: Rechner stürzt regelmäßig ab Code:
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 5 Bytes [E6, 3E, 45, AE, 0E] {OUT 0x3e, AL; INC EBP; SCASB ; PUSH CS}
.text ntkrnlpa.exe!ZwCallbackReturn + 2FBE 8050485A 6 Bytes [45, AE, 1A, C8, 45, AE] {INC EBP; SCASB ; SBB CL, AL; INC EBP; SCASB }
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Alwil Software\Avast4\aswUpdSv.exe[220] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\aswUpdSv.exe[220] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\aswUpdSv.exe[220] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\aswUpdSv.exe[220] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\aswUpdSv.exe[220] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashServ.exe[292] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashServ.exe[292] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashServ.exe[292] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashServ.exe[292] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashServ.exe[292] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\Explorer.EXE[616] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\Explorer.EXE[616] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\Explorer.EXE[616] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\Explorer.EXE[616] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\Explorer.EXE[616] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\nvsvc32.exe[700] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\nvsvc32.exe[700] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\nvsvc32.exe[700] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\nvsvc32.exe[700] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\nvsvc32.exe[700] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[812] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[812] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[812] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[812] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[812] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[964] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 009BB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 009BB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 009BB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 009BB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[972] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009BB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\spoolsv.exe[1052] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\spoolsv.exe[1052] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\spoolsv.exe[1052] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\spoolsv.exe[1052] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\spoolsv.exe[1052] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1100] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00A4B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1100] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00A4B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1100] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00A4B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1100] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00A4B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A4B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\RTHDCPL.EXE[1120] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\RTHDCPL.EXE[1120] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\RTHDCPL.EXE[1120] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\RTHDCPL.EXE[1120] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\RTHDCPL.EXE[1120] USER32.dll!EndTask
|
|
07.03.2009, 15:49
| #7 |
| | AW: Rechner stürzt regelmäßig ab OK soweit Wir müssen irgendwie Malwarebytes ans Laufen kriegen. Versuch mal die Installation vom destop aus, ansonsten mal im abgesicherten Modus Poste das Logfile hier |
|
07.03.2009, 15:50
| #8 |
| | AW: Rechner stürzt regelmäßig ab Code:
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1200] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00A2B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1200] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00A2B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1200] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00A2B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1200] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00A2B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1200] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A2B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\RUNDLL32.EXE[1252] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\RUNDLL32.EXE[1252] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\RUNDLL32.EXE[1252] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\RUNDLL32.EXE[1252] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\RUNDLL32.EXE[1252] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1280] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1280] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1280] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1280] user32.dll!EnableWindow 7E379849 5 Bytes JMP 016B1C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1280] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1304] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1304] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1304] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1304] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1304] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\ctfmon.exe[1316] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\ctfmon.exe[1316] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\ctfmon.exe[1316] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\ctfmon.exe[1316] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\ctfmon.exe[1316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\winlogon.exe[1336] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\winlogon.exe[1336] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\winlogon.exe[1336] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\winlogon.exe[1336] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\winlogon.exe[1336] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1380] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 0072B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1380] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 0072B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1380] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 0072B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1380] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 0072B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1380] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0072B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\services.exe[1404] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\services.exe[1404] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\services.exe[1404] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\services.exe[1404] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\services.exe[1404] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\System32\TUProgSt.exe[1856] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\System32\TUProgSt.exe[1856] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\System32\TUProgSt.exe[1856] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\System32\TUProgSt.exe[1856] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\System32\TUProgSt.exe[1856] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2068] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2068] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2068] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2068] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2068] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Opera\Opera.exe[2260] user32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Opera\Opera.exe[2260] user32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Opera\Opera.exe[2260] user32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Opera\Opera.exe[2260] user32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Opera\Opera.exe[2260] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashMaiSv.exe[2264] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashMaiSv.exe[2264] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashMaiSv.exe[2264] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashMaiSv.exe[2264] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programme\Alwil Software\Avast4\ashMaiSv.exe[2264] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wbem\wmiprvse.exe[2808] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wbem\wmiprvse.exe[2808] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wbem\wmiprvse.exe[2808] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wuauclt.exe[3136] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wuauclt.exe[3136] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wuauclt.exe[3136] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wuauclt.exe[3136] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINXP\system32\wuauclt.exe[3136] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOKUME~1\BLACKV~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für gmer.zip\gmer.exe[3844] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOKUME~1\BLACKV~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für gmer.zip\gmer.exe[3844] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOKUME~1\BLACKV~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für gmer.zip\gmer.exe[3844] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOKUME~1\BLACKV~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für gmer.zip\gmer.exe[3844] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOKUME~1\BLACKV~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für gmer.zip\gmer.exe[3844] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
|
|
07.03.2009, 15:51
| #9 |
| | AW: Rechner stürzt regelmäßig ab Code:
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B87A4226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[616] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\system32\services.exe[1404] @ C:\WINXP\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINXP\system32\services.exe[1404] @ C:\WINXP\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- EOF - GMER 1.0.15 ----
|
|
07.03.2009, 16:00
| #10 |
| | AW: Rechner stürzt regelmäßig ab siehe oben  Fixe noch folgenden Eintrag mit Hjack this: Code:
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
Geändert von Redwulf (07.03.2009 um 16:12 Uhr) |
|
| Stichworte zu Rechner stürzt regelmäßig ab |
| antivirus, avast, avast!, dll, explorer, firewall, formatieren, hijack, hijackthis, internet, internet explorer, langsam, log, micro, microsoft, monitor, neu, nvidia, opera, programme, rundll, security, software, system, tuneup.defrag, windows, windows xp |
