PC zufällig abgestürzt - unkontrollierte Freundesanfragen bei SVZ!

MaLe_X · 07.08.2009, 09:21

Ok, hier ist die Log von 1. GMER :

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-07 10:04:39
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT F7CBE2AE ZwCreateKey
SSDT F7CBE2A4 ZwCreateThread
SSDT F7CBE2B3 ZwDeleteKey
SSDT F7CBE2BD ZwDeleteValueKey
SSDT spgq.sys ZwEnumerateKey [0xF747CCA2]
SSDT spgq.sys ZwEnumerateValueKey [0xF747D030]
SSDT F7CBE2C2 ZwLoadKey
SSDT spgq.sys ZwOpenKey [0xF745F0C0]
SSDT F7CBE290 ZwOpenProcess
SSDT F7CBE295 ZwOpenThread
SSDT spgq.sys ZwQueryKey [0xF747D108]
SSDT spgq.sys ZwQueryValueKey [0xF747CF88]
SSDT F7CBE2CC ZwReplaceKey
SSDT F7CBE2C7 ZwRestoreKey
SSDT F7CBE2B8 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB5F6DF0]

INT 0x62 ? 85568BF8
INT 0x73 ? 85568BF8
INT 0x84 ? 853CFF00
INT 0x94 ? 853CFF00
INT 0xA4 ? 853CFF00
INT 0xB4 ? 853CFF00
INT 0xB4 ? 853CFF00

---- Kernel code sections - GMER 1.0.15 ----

? spgq.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F3DD28AC 5 Bytes JMP 853CF4E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[744] SHELL32.dll!SHFileOperationW 7E720924 5 Bytes JMP 01B31102 C:\Programme\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7460040] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F746013C] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74600BE] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74607FC] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74606D2] spgq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746FD92] spgq.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855671F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C179ED12-26F7-4613-AE0B-D8150A47601D} 84A0B1F8
Device \Driver\usbohci \Device\USBPDO-0 853D1500
Device \Driver\usbohci \Device\USBPDO-1 853D1500
Device \Driver\usbohci \Device\USBPDO-2 853D1500
Device \Driver\usbohci \Device\USBPDO-3 853D1500
Device \Driver\usbohci \Device\USBPDO-4 853D1500
Device \Driver\NetBT \Device\NetBT_Tcpip_{86408FFF-9B4A-451C-9AD2-31CFB0CAC492} 84A0B1F8
Device \Driver\usbehci \Device\USBPDO-5 853D4500
Device \Driver\Ftdisk \Device\HarddiskVolume1 855D81F8
Device \Driver\Cdrom \Device\CdRom0 853D0500
Device \Driver\NetBT \Device\NetBt_Wins_Export 84A0B1F8
Device \Driver\NetBT \Device\NetbiosSmb 84A0B1F8
Device \Driver\usbohci \Device\USBFDO-0 853D1500
Device \Driver\usbohci \Device\USBFDO-1 853D1500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 849FA1F8
Device \Driver\usbohci \Device\USBFDO-2 853D1500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 849FA1F8
Device \Driver\usbohci \Device\USBFDO-3 853D1500
Device \Driver\usbohci \Device\USBFDO-4 853D1500
Device \Driver\Ftdisk \Device\FtControl 855D81F8
Device \Driver\usbehci \Device\USBFDO-5 853D4500
Device \FileSystem\Cdfs \Cdfs 849B4500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA3 0x68 0x1F 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA3 0x68 0x1F 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA3 0x68 0x1F 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{76416OEM-0117-7957-5767-385014135011}
Reg HKLM\SOFTWARE\Classes\CLSID\{76416OEM-0117-7957-5767-385014135011}@12AED12 1324329
Reg HKLM\SOFTWARE\Classes\CLSID\{76416OEM-0117-7957-5767-385014135011}\InprocServer32

---- EOF - GMER 1.0.15 ----

edit :
mbr file log :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

PC zufällig abgestürzt - unkontrollierte Freundesanfragen bei SVZ!

Log-Analyse und Auswertung: PC zufällig abgestürzt - unkontrollierte Freundesanfragen bei SVZ!

PC zufällig abgestürzt - unkontrollierte Freundesanfragen bei SVZ!

Ähnliche Themen: PC zufällig abgestürzt - unkontrollierte Freundesanfragen bei SVZ!