| |
| |||||||
Log-Analyse und Auswertung: Rootkit oder Sonstiges auf dem PC?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.02.2010, 11:22
| #1 |
| |  Rootkit oder Sonstiges auf dem PC? Hallo! Da ich finde, dass mein System extrem langsam geworden ist, dachte ich mir, dass vllt. ein Trojaner oder ähnliches auf meinem PC vorhanden ist. Hier mal mein Log von GMER: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-19 10:48:42
Windows 6.0.6002 Service Pack 2
Running: 2eh06vw8.exe; Driver: C:\Users\Felix\AppData\Local\Temp\uglcypod.sys
---- System - GMER 1.0.15 ----
SSDT 9E9E601C ZwCreateThread
SSDT 9E9E6008 ZwOpenProcess
SSDT 9E9E600D ZwOpenThread
SSDT 9E9E6017 ZwTerminateProcess
INT 0x52 ? 870BDBF8
INT 0x62 ? 860BABF8
INT 0x62 ? 860BABF8
INT 0x62 ? 860BABF8
INT 0x62 ? 860BABF8
INT 0x62 ? 860BABF8
INT 0x82 ? 870BDBF8
INT 0x92 ? 870BDBF8
INT 0xA2 ? 870BDBF8
INT 0xB1 ? 860BABF8
INT 0xB1 ? 860B8BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 820F2984 4 Bytes [1C, 60, 9E, 9E] {SBB AL, 0x60; SAHF ; SAHF }
.text ntkrnlpa.exe!KeSetEvent + 3F1 820F2B54 4 Bytes [08, 60, 9E, 9E] {OR [EAX-0x62], AH; SAHF }
.text ntkrnlpa.exe!KeSetEvent + 40D 820F2B70 4 Bytes [0D, 60, 9E, 9E]
.text ntkrnlpa.exe!KeSetEvent + 621 820F2D84 4 Bytes [17, 60, 9E, 9E] {POP SS; PUSHA ; SAHF ; SAHF }
? System32\Drivers\spdo.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 827F0B2E 5 Bytes JMP 860BA1D8
.text a60kh4pe.SYS 8B392000 22 Bytes [82, A3, 01, 82, 6C, A2, 01, ...]
.text a60kh4pe.SYS 8B392017 105 Bytes [00, 32, 77, 78, 80, 3D, 75, ...]
.text a60kh4pe.SYS 8B392081 53 Bytes [BA, 08, 82, 98, CE, 0E, 82, ...]
.text a60kh4pe.SYS 8B3920B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a60kh4pe.SYS 8B3920CE 80 Bytes [00, 00, 25, 00, 00, 00, E0, ...]
.text ...
.text USBPORT.SYS!DllUnload 8FC3E41B 5 Bytes JMP 870BD1D8
.text aatqslzv.SYS 8FD47000 22 Bytes [82, A3, 01, 82, 6C, A2, 01, ...]
.text aatqslzv.SYS 8FD47017 105 Bytes [00, 32, 77, 78, 80, 3D, 75, ...]
.text aatqslzv.SYS 8FD47081 53 Bytes [BA, 08, 82, 98, CE, 0E, 82, ...]
.text aatqslzv.SYS 8FD470B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aatqslzv.SYS 8FD470CE 80 Bytes [00, 00, 27, 00, 00, 00, E0, ...]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9FE9F03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9FE9F0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9FE9F0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9FE9F130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9FE9F137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9FF2B300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9FF6E300, 0x1B7E, 0xE8000020]
C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xA213541C]
.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xA2136000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Tunngle\TnglCtrl.exe[1836] ntdll.dll!DbgBreakPoint 779C8B2E 1 Byte [90]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D6] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B042] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B800] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0C0] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13E] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortCompleteRequest] 01642446
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortMoveMemory] 7E398B3A
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 01902846
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8B3A
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a60kh4pe.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069AB90] \SystemRoot\System32\Drivers\spdo.sys
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortCompleteRequest] 51642446
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortMoveMemory] 7E398FD5
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 51902846
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8FD5
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\aatqslzv.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 860E01F8
Device \FileSystem\udfs \UdfsCdRom 86FE61F8
Device \FileSystem\udfs \UdfsDisk 86FE61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4C3C53EC-2B08-4312-8A42-3B3E061CF534} 8A3FF500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 860BC1F8
Device \Driver\usbuhci \Device\USBPDO-0 870C11F8
Device \Driver\usbuhci \Device\USBPDO-1 870C11F8
Device \Driver\usbehci \Device\USBPDO-2 870C51F8
Device \Driver\usbuhci \Device\USBPDO-3 870C11F8
Device \Driver\usbuhci \Device\USBPDO-4 870C11F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9B6281B3-F60B-44F5-9824-67A84EE98A18} 8A3FF500
Device \Driver\usbuhci \Device\USBPDO-5 870C11F8
Device \Driver\usbuhci \Device\USBPDO-6 870C11F8
Device \Driver\sptd \Device\4021598344 spdo.sys
Device \Driver\volmgr \Device\HarddiskVolume1 860BC1F8
Device \Driver\usbehci \Device\USBPDO-7 870C51F8
Device \Driver\volmgr \Device\HarddiskVolume2 860BC1F8
Device \Driver\cdrom \Device\CdRom0 871EB1F8
Device \Driver\cdrom \Device\CdRom1 871EB1F8
Device \Driver\atapi \Device\Ide\IdePort0 860BF1F8
Device \Driver\atapi \Device\Ide\IdePort1 860BF1F8
Device \Driver\atapi \Device\Ide\IdePort2 860BF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-6 860BF1F8
Device \Driver\atapi \Device\Ide\IdePort3 860BF1F8
Device \Driver\atapi \Device\Ide\IdePort4 860BF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 860BF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 860BF1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 860C11F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 860C11F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 860C11F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 860C11F8
Device \Driver\cdrom \Device\CdRom2 871EB1F8
Device \Driver\cdrom \Device\CdRom3 871EB1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8A3FF500
Device \Driver\Smb \Device\NetbiosSmb 8A5341F8
Device \Driver\sptd \Device\4021754345 spdo.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{7C29EDA5-90CC-4890-88E1-2360F7504A8A} 8A3FF500
Device \Driver\PCI_PNP8299 \Device\00000095 spdo.sys
Device \Driver\iScsiPrt \Device\RaidPort0 871EF1F8
Device \Driver\PCI_PNP8299 \Device\00000096 spdo.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{4A868D3D-CD95-4AC8-81E7-5274BFB0F8AF} 8A3FF500
Device \Driver\usbuhci \Device\USBFDO-0 870C11F8
Device \Driver\usbuhci \Device\USBFDO-1 870C11F8
Device \Driver\usbehci \Device\USBFDO-2 870C51F8
Device \Driver\usbuhci \Device\USBFDO-3 870C11F8
Device \Driver\usbuhci \Device\USBFDO-4 870C11F8
Device \Driver\netbt \Device\NetBT_Tcpip_{B4A55884-B978-4705-BC7C-9047C316C7B4} 8A3FF500
Device \Driver\usbuhci \Device\USBFDO-5 870C11F8
Device \Driver\usbuhci \Device\USBFDO-6 870C11F8
Device \Driver\usbehci \Device\USBFDO-7 870C51F8
Device \Driver\aatqslzv \Device\Scsi\aatqslzv1 871EC1F8
Device \FileSystem\cdfs \Cdfs 871E51F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b8b69c
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1F 0x70 0x6F 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x9B 0xF7 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x1C 0x1F 0x5C 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xC6 0x42 0xE0 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186b8b69c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1F 0x70 0x6F 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x9B 0xF7 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x1C 0x1F 0x5C 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xC6 0x42 0xE0 0x8F ...
---- EOF - GMER 1.0.15 ----
Danke schonmal! lg |
|
19.02.2010, 16:39
| #2 |
| | Rootkit oder Sonstiges auf dem PC? Achso und ich bin auf Rootkit gekommen, weil ich ein Programm namens "Tunngle" (damit kann man über lan mit freunden spielen) gestartet habe und es erschien eine Fehlermeldung: UDP-Socket konnte nicht erstellt werden.
__________________Diesen Fehler habe ich "gegoogelt" und bin auf eine Website gekommen, wo sie dann meinten, dass ist ein Rootkit-Virus. Nun bin ich hier gelandet und wollte von euch wissen ob man das aus dem Log herauslesen kann, denn ich kann damit nicht so wirklich was anfangen  lg |
|
20.02.2010, 09:49
| #3 |
| | Rootkit oder Sonstiges auf dem PC? Bitte um Hilfe!
__________________lg |
|
| Themen zu Rootkit oder Sonstiges auf dem PC? |
| 0 bytes, appdata, atapi.sys, bytes, c:\windows, code, down, driver, dvd, explorer.exe, extrem langsam, files, gmer, hal.dll, i8042prt.sys, ide, langsam, local\temp, log, media, mein log, notification, ntdll.dll, registry, rootkit, scan, service, services, system, system32, temp, tools, trojaner, usbport.sys |
Linear-Darstellung
