| |
| |||||||
Log-Analyse und Auswertung: Malware DefenseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.01.2010, 03:15
| #3 |
 |  Malware Defense und noch ein Log von Gmer:
__________________GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-01-20 03:09:18 Windows 5.1.2600 Service Pack 2 Running: 3fp8b1bw.exe; Driver: C:\Profile\\LOKALE~1\Temp\fwrirpoc.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xF849C0B0] SSDT sptd.sys ZwEnumerateKey [0xF84A0D1C] SSDT sptd.sys ZwEnumerateValueKey [0xF84A10BC] SSDT sptd.sys ZwOpenKey [0xF849C090] SSDT sptd.sys ZwQueryKey [0xF84A1194] SSDT sptd.sys ZwQueryValueKey [0xF84A1014] SSDT sptd.sys ZwSetValueKey [0xF84A1226] ---- Kernel code sections - GMER 1.0.15 ---- ? fakdu.sys Das System kann die angegebene Datei nicht finden. ! ? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7C6C360, 0x32E00D, 0xE8000020] .text USBPORT.SYS!DllUnload F7C2780C 5 Bytes JMP 82BC01B8 ? System32\Drivers\aebofojx.SYS Das System kann den angegebenen Pfad nicht finden. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F849CAB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F849CBEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F849CB76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F849D71C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F849D5F2] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82D701D8 Device \FileSystem\Fastfat \FatCdrom 8233D990 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 82BBF1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 82DD71D8 Device \Driver\dmio \Device\DmControl\DmConfig 82DD71D8 Device \Driver\dmio \Device\DmControl\DmPnP 82DD71D8 Device \Driver\dmio \Device\DmControl\DmInfo 82DD71D8 Device \Driver\usbuhci \Device\USBPDO-1 82BBF1D8 Device \Driver\usbuhci \Device\USBPDO-2 82BBF1D8 Device \Driver\usbuhci \Device\USBPDO-3 82BBF1D8 Device \Driver\usbehci \Device\USBPDO-4 82B921D8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\00000038 \Device\00000057 sptd.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 82D721D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 82D721D8 Device \Driver\Cdrom \Device\CdRom0 82B817D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 82D721D8 Device \Driver\Cdrom \Device\CdRom1 82B817D0 Device \Driver\atapi \Device\Ide\IdePort0 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F83EFAA0] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom2 82B817D0 Device \Driver\usbstor \Device\00000082 824061D8 Device \Driver\NetBT \Device\NetBt_Wins_Export 82A875F0 Device \Driver\usbstor \Device\00000083 824061D8 Device \Driver\usbstor \Device\00000084 824061D8 Device \Driver\NetBT \Device\NetbiosSmb 82A875F0 Device \Driver\usbstor \Device\00000085 824061D8 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 82BBF1D8 Device \Driver\usbuhci \Device\USBFDO-1 82BBF1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82A901D8 Device \Driver\usbuhci \Device\USBFDO-2 82BBF1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 82A901D8 Device \Driver\usbuhci \Device\USBFDO-3 82BBF1D8 Device \Driver\Ftdisk \Device\FtControl 82D721D8 Device \Driver\usbehci \Device\USBFDO-4 82B921D8 Device \Driver\aebofojx \Device\Scsi\aebofojx1 82B451D8 Device \Driver\aebofojx \Device\Scsi\aebofojx1Port3Path0Target0Lun0 82B451D8 Device \FileSystem\Fastfat \Fat 8233D990 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 82B2C1D8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0xD0 0xD1 0x03 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xB1 0x45 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 102428473 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -222504245 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xC1 0x3C 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAD 0xBD 0xEA 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xB1 0x45 0x13 ... ---- EOF - GMER 1.0.15 ---- |
| Themen zu Malware Defense |
| .dll, anti-malware, brauche, ccleaner, dateien, desktop, eingefangen, einstellungen, explorer, gen, h8srt, install, install.exe, logfile, malware, malware.packer, microsoft, nc.exe, programme, pup.keylogger, registrierungsschlüssel, rogue.installer, router, service, services, software, system, temp, trojan.downloader, trojan.fakealert, trojan.tdss, uninstall.exe, version |
Baum-Darstellung