Internet immer mal wieder weg

fancy777 · 22.04.2012, 21:19

Hallo Arne,

hier schon mal das log file vom GMER

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-22 22:16:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: kdhlhg1w.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kxliipoc.sys


---- System - GMER 1.0.15 ----

SSDT            8B1C230E                                                                                             ZwCreateSection
SSDT            8B1C2318                                                                                             ZwRequestWaitReplyPort
SSDT            8B1C2313                                                                                             ZwSetContextThread
SSDT            8B1C231D                                                                                             ZwSetSecurityObject
SSDT            8B1C2322                                                                                             ZwSystemDebugControl
SSDT            8B1C22AF                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                        822C3998 4 Bytes  [0E, 23, 1C, 8B] {PUSH CS; AND EBX, [EBX+ECX*4]}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                        822C3CBC 4 Bytes  [18, 23, 1C, 8B] {SBB [EBX], AH; SBB AL, 0x8b}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                        822C3CF0 4 Bytes  [13, 23, 1C, 8B] {ADC ESP, [EBX]; SBB AL, 0x8b}
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                        822C3D54 4 Bytes  [1D, 23, 1C, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                        822C3D9C 4 Bytes  [22, 23, 1C, 8B] {AND AH, [EBX]; SBB AL, 0x8b}
.text           ...                                                                                                  
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x8E208000, 0x1F875A, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [740F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7414A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [740FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [740EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [740F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [740EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74128395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [740FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [740EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [740EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [740E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7417CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7411C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [740ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [740E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [740E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [740F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000003f                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                   0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                           512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                     512 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

Gruß
Thomas

Internet immer mal wieder weg

Log-Analyse und Auswertung: Internet immer mal wieder weg

Internet immer mal wieder weg

Ähnliche Themen: Internet immer mal wieder weg