Malwarebytes Vollscan folgt.
GMER sagt:
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-22 20:46:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_MMDOE28G5MPP-0VA rev.VAM05S1Q
Running: w0l87sog.exe; Driver: C:\Users\main\AppData\Local\Temp\uxldqpow.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 8661AD68
INT 0x52 ? 8661AD68
INT 0x62 ? 8661AD68
INT 0x62 ? 8661AD68
INT 0x62 ? 8661AD68
INT 0x72 ? 8661AD68
INT 0xA2 ? 846F4BF8
INT 0xA2 ? 846F4BF8
INT 0xA2 ? 846F4BF8
INT 0xA2 ? 846F4BF8
INT 0xA2 ? 8661AD68
INT 0xA2 ? 8661AD68
INT 0xA2 ? 846F4BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spel.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8A1B641B 5 Bytes JMP 8661A348
.text a3ll5olp.SYS 904C5000 22 Bytes [82, 33, 3C, 82, 6C, 32, 3C, ...]
.text a3ll5olp.SYS 904C5017 107 Bytes [00, 32, 17, 79, 80, 3D, 15, ...]
.text a3ll5olp.SYS 904C5083 27 Bytes [82, 97, 00, 01, 82, 86, 45, ...]
.text a3ll5olp.SYS 904C509F 1 Byte [82]
.text a3ll5olp.SYS 904C509F 45 Bytes [82, 40, B0, 0A, 82, 74, A6, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806956D6] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80695042] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80695800] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806950C0] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069513E] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A4B90] \SystemRoot\System32\Drivers\spel.sys
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortWritePortUchar] 83904EBF
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F904E90
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a3ll5olp.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 854B81F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 846F61F8
Device \Driver\usbuhci \Device\USBPDO-0 85602500
Device \Driver\usbuhci \Device\USBPDO-1 85602500
Device \Driver\usbehci \Device\USBPDO-2 866B01F8
Device \Driver\usbuhci \Device\USBPDO-3 85602500
Device \Driver\usbuhci \Device\USBPDO-4 85602500
Device \Driver\usbuhci \Device\USBPDO-5 85602500
Device \Driver\usbuhci \Device\USBPDO-6 85602500
Device \Driver\volmgr \Device\HarddiskVolume1 846F61F8
Device \Driver\usbehci \Device\USBPDO-7 866B01F8
Device \Driver\volmgr \Device\HarddiskVolume2 846F61F8
Device \Driver\cdrom \Device\CdRom0 866481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854B71F8
Device \Driver\atapi \Device\Ide\IdePort0 854B71F8
Device \Driver\atapi \Device\Ide\IdePort1 854B71F8
Device \Driver\atapi \Device\Ide\IdePort2 854B71F8
Device \Driver\atapi \Device\Ide\IdePort3 854B71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854B71F8
Device \Driver\volmgr \Device\HarddiskVolume3 846F61F8
Device \Driver\cdrom \Device\CdRom1 866481F8
Device \Driver\volmgr \Device\HarddiskVolume4 846F61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{8E54B7D1-79BC-436B-B190-2FEF827FDF64} 887372A0
Device \Driver\netbt \Device\NetBT_Tcpip_{F1061663-976B-41FA-9863-4D474AED3653} 887372A0
Device \Driver\netbt \Device\NetBt_Wins_Export 887372A0
Device \Driver\Smb \Device\NetbiosSmb 8858B1F8
Device \Driver\PCI_PNP0419 \Device\0000004e spel.sys
Device \Driver\iScsiPrt \Device\RaidPort0 866CA1F8
Device \Driver\usbuhci \Device\USBFDO-0 85602500
Device \Driver\usbuhci \Device\USBFDO-1 85602500
Device \Driver\usbehci \Device\USBFDO-2 866B01F8
Device \Driver\sptd \Device\910548432 spel.sys
Device \Driver\usbuhci \Device\USBFDO-3 85602500
Device \Driver\usbuhci \Device\USBFDO-4 85602500
Device \Driver\usbuhci \Device\USBFDO-5 85602500
Device \Driver\usbuhci \Device\USBFDO-6 85602500
Device \Driver\usbehci \Device\USBFDO-7 866B01F8
Device \Driver\a3ll5olp \Device\Scsi\a3ll5olp1Port5Path0Target0Lun0 865FA500
Device \Driver\a3ll5olp \Device\Scsi\a3ll5olp1 865FA500
Device \FileSystem\cdfs \Cdfs 899E3500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e3df65c35
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x47 0x6A 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xCF 0xC8 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xEA 0xD5 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e3df65c35 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x47 0x6A 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xCF 0xC8 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xEA 0xD5 0x73 ...
---- Files - GMER 1.0.15 ----
File C:\Users\main\AppData\Local\Opera\Opera\cache\g_0067\opr00MWA.tmp 14313 bytes
---- EOF - GMER 1.0.15 ----
--- --- ---
22.03.2011, 20:50
Baum-Darstellung