Ich meinte eigendlich ob da persönliche Sachen drinstehen :P
Egal, der log is ja doch nicht so lang:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-22 21:34:48
Windows 6.0.6000
---- System - GMER 1.0.15 ----
SSDT 8CE14BA4 ZwCreateThread
SSDT 8CE14B90 ZwOpenProcess
SSDT 8CE14B95 ZwOpenThread
SSDT 8CE14B9F ZwTerminateProcess
INT 0x72 ? 862AFBF8
INT 0x82 ? 862AFBF8
INT 0x91 ? 841C6BF8
INT 0x92 ? 862AFBF8
INT 0xA1 ? 841C6BF8
INT 0xA2 ? 862AFBF8
Code \SystemRoot\system32\ntkrnlpa.exe[PAGEVRFY] [822CEA35] pIofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spiz.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 898D2FEB 5 Bytes JMP 862AF1D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80712048] \SystemRoot\System32\Drivers\spiz.sys
IAT \SystemRoot\system32\DRIVERS\ks.sys[HAL.dll!IoFreeMapRegisters] [822D3533] \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\ks.sys[HAL.dll!IoMapTransfer] [822D35B4] \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\ks.sys[HAL.dll!IoFlushAdapterBuffers] [822D3359] \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7463FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7460BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745FA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745FCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745F8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7460D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745F7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745F7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745F6A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7468C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746180FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745F90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7460223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74602267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [7460771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7460753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74638585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 853B41F8
Device \Driver\volmgr \Device\VolMgrControl 853B01F8
Device \Driver\netbt \Device\NetBT_Tcpip_{489FC53B-1A32-4178-8C5E-3881EC6BF787} 8687A500
Device \Driver\usbohci \Device\USBPDO-0 862B11F8
Device \Driver\usbohci \Device\USBPDO-1 862B11F8
Device \Driver\usbohci \Device\USBPDO-2 862B11F8
Device \Driver\usbohci \Device\USBPDO-3 862B11F8
Device \Driver\usbehci \Device\USBPDO-4 863D01F8
Device \Driver\volmgr \Device\HarddiskVolume1 853B01F8
Device \Driver\volmgr \Device\HarddiskVolume2 853B01F8
Device \Driver\cdrom \Device\CdRom0 861C11F8
Device \Driver\volmgr \Device\HarddiskVolume3 853B01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 853B21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 853B21F8
Device \Driver\atapi \Device\Ide\IdePort0 853B21F8
Device \Driver\atapi \Device\Ide\IdePort1 853B21F8
Device \Driver\atapi \Device\Ide\IdePort2 853B21F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8687A500
Device \Driver\Smb \Device\NetbiosSmb 868631F8
Device \Driver\iScsiPrt \Device\RaidPort0 864261F8
Device \Driver\usbohci \Device\USBFDO-0 862B11F8
Device \Driver\usbohci \Device\USBFDO-1 862B11F8
Device \Driver\usbohci \Device\USBFDO-2 862B11F8
Device \Driver\usbohci \Device\USBFDO-3 862B11F8
Device \Driver\usbehci \Device\USBFDO-4 863D01F8
Device \FileSystem\cdfs \Cdfs 873101F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC7 0x3B 0x9A 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xDF 0xEC 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC7 0x3B 0x9A 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0xDF 0xEC 0x11 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2500B9FD-AB3F-F463-953E-884E214359F2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2500B9FD-AB3F-F463-953E-884E214359F2}@papbngnjifhdnbnglloijbcllckhohoj 0x6A 0x61 0x61 0x67 ...
---- EOF - GMER 1.0.15 ----
22.03.2009, 21:36
BlueScreen durch AntiVir
Baum-Darstellung