IE öffnet automatisch werbung + langsamer pc

Lucky_Ace · 04.11.2009, 21:01

Nabend Chris,

der folgenden Pfad c:/Dokumente und Einstellungen/Michael/Lokale Einstellungen/Temp <-Ggf. Pfad richtig anpassen! gibt es nicht... es gab mal einen Benutzer namens Michael aber den gibt es nciht mehr und wenn ich auf c:/Dokumente und Einstellungen/ gehe kommt nur
- 3 Benutzer namen (2ehemalige)
- All user
- 2 Administrator ordner
- default user
- network service
-local service
-gast
-temp(2)

ich weiß auch nciht welche datei du meinst die ich mit avenger löschen soll...

Gruß Lucky_Ace

Chris4You · 05.11.2009, 07:25

Hi,

ist nicht so schlimm, der Treiber ist gestoppt...

So, probiere jetzt noch mal, ob GMER läuft, ich brauche unbedingt das Log von ihm...

Alternativ:
Avira-Antirootkit
Downloade Avira Antirootkit und Scanne dein system, poste das logfile.
http://dl.antivir.de/down/windows/antivir_rootkit.zip

chris

Lucky_Ace · 05.11.2009, 19:23

Nabend Chris,

wie meinst du das mit dem der treiber ist gestoppt?

leider ging das antivirrootkit nicht habe es wieder mit GMER verscuht un die partitionen einzeln scannen lassen und siehe da wenige minuten gings... hoff ich mal^^

die logs sind in der reihenfolge c:/ d:/ e:/

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 18:38:44
Windows 5.1.2600 Service Pack 2
Running: 8komv53u.exe; Driver: C:\WINDOWS\TEMP\fxqcifow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwClose [0xF3A1EE60]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwCreateFile [0xF3A1EEF5]
SSDT spqg.sys ZwCreateKey [0xF84640E0]
SSDT F8C5AD1C ZwCreateThread
SSDT spqg.sys ZwEnumerateKey [0xF8482CA4]
SSDT spqg.sys ZwEnumerateValueKey [0xF8483032]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwOpenFile [0xF3A1F105]
SSDT spqg.sys ZwOpenKey [0xF84640C0]
SSDT F8C5AD08 ZwOpenProcess
SSDT F8C5AD0D ZwOpenThread
SSDT spqg.sys ZwQueryKey [0xF848310A]
SSDT spqg.sys ZwQueryValueKey [0xF8482F8A]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwSetInformationFile [0xF3A1EE90]
SSDT spqg.sys ZwSetValueKey [0xF848319C]
SSDT F8C5AD17 ZwTerminateProcess
SSDT F8C5AD12 ZwWriteVirtualMemory

INT 0x62 ? 82570BF8
INT 0x82 ? 82570BF8
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00

---- Kernel code sections - GMER 1.0.15 ----

? spqg.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F714862C 5 Bytes JMP 821E74E0
.text aafn7or4.SYS F700D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aafn7or4.SYS F700D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aafn7or4.SYS F700D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aafn7or4.SYS F700D3C9 1 Byte [30]
.text aafn7or4.SYS F700D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8465042] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F846513E] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84650C0] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8465800] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84656D6] spqg.sys
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8474E9C] spqg.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8256F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Fastfat \FatCdrom 81C871F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1240E108-AD10-4E53-BFA0-8EF8616A2D67} 81D581F8
Device \Driver\usbuhci \Device\USBPDO-0 821E51F8
Device \Driver\usbuhci \Device\USBPDO-1 821E51F8
Device \Driver\usbuhci \Device\USBPDO-2 821E51F8
Device \Driver\usbuhci \Device\USBPDO-3 821E51F8
Device \Driver\usbehci \Device\USBPDO-4 821B81F8
Device \Driver\PCI_PNP0518 \Device\00000055 spqg.sys
Device \Driver\prodrv06 \Device\ProDrv06 E1D04008
Device \Driver\Ftdisk \Device\HarddiskVolume1 825DD1F8
Device \Driver\Cdrom \Device\CdRom0 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 825DD1F8
Device \Driver\Cdrom \Device\CdRom1 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 825DD1F8
Device \Driver\atapi \Device\Ide\IdePort0 825701F8
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 825701F8
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Cdrom \Device\CdRom2 822001F8
Device \Driver\usbstor \Device\00000081 81C681F8
Device \Driver\usbstor \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000082 81C681F8
Device \Driver\usbstor \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10239A0
Device \Driver\usbstor \Device\00000083 81C681F8
Device \Driver\usbstor \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 81D581F8
Device \Driver\sptd \Device\3241379268 spqg.sys
Device \Driver\usbstor \Device\00000084 81C681F8
Device \Driver\usbstor \Device\00000084 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 81D581F8
Device \Driver\usbstor \Device\00000085 81C681F8
Device \Driver\usbstor \Device\00000085 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-0 821E51F8
Device \Driver\usbuhci \Device\USBFDO-1 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81C851F8
Device \Driver\usbuhci \Device\USBFDO-2 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81C851F8
Device \Driver\usbuhci \Device\USBFDO-3 821E51F8
Device \Driver\usbehci \Device\USBFDO-4 821B81F8
Device \Driver\Ftdisk \Device\FtControl 825DD1F8
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \FileSystem\Fastfat \Fat 81C871F8

AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Cdfs \Cdfs 81C261F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 44C6913E471845F3458589CD82C2F685EEE6CD21842DB365F81FC490A43549FAB124D405D866C47B53BBC8C5CF2EE89B69524B8E2158A0163B21688401649580D5AB286D90A1CFE91B02B1 3C33215C5963DE83EFFB78928B338D38C0294E6207FA21E1172ABC2D046C80695FC005BB9F58BA0C21240937E02435DAECC122B88A4F9B5999833E6B427EB21AD3AED2360526E700EF471A 7B6A37BFFCA513A5EABAE1096A009E405CD06DEA71ADD71BBDD1133CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7 4CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC7933A9C6AECB7A5D140799AFA4FA00A9C0CAE05D5F95129189682803D4E7D3262947EF3036BA548C32928394A69534C775D1E9CB D2EE91ECDF42D37A1E2D8B24EE8127BBD8FACC00348413D910602BA1E55EB861653BD52C805C5EF57679940AFCEA3706DDAC168292523EC13AECCE1B03B8946B4701675007047EF00A6737 15B8F6E8D88B255BAD19B37B83A261CC4C25FEC52ED05B148EF25A71DA28A905B768EA0671C8C78D517B3549C6EBF8168386A01B617D7B6F50A8D5F197C5824F1AB9635F01A30D5FF0CDB6 A72C5C825F3EC4E365ADEBA24FB4ED414580F94BAD94BD4EC72C4E03CA450A6A9AC35C5DA2B4E25F7A345EA8CC0C70B832E08070FBB6E66E180B9ACB8BB

---- EOF - GMER 1.0.15 ----

Lucky_Ace · 05.11.2009, 19:24

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 19:11:52
Windows 5.1.2600 Service Pack 2
Running: 8komv53u.exe; Driver: C:\WINDOWS\TEMP\fxqcifow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwClose [0xF3A1EE60]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwCreateFile [0xF3A1EEF5]
SSDT spqg.sys ZwCreateKey [0xF84640E0]
SSDT F8C5AD1C ZwCreateThread
SSDT spqg.sys ZwEnumerateKey [0xF8482CA4]
SSDT spqg.sys ZwEnumerateValueKey [0xF8483032]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwOpenFile [0xF3A1F105]
SSDT spqg.sys ZwOpenKey [0xF84640C0]
SSDT F8C5AD08 ZwOpenProcess
SSDT F8C5AD0D ZwOpenThread
SSDT spqg.sys ZwQueryKey [0xF848310A]
SSDT spqg.sys ZwQueryValueKey [0xF8482F8A]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwSetInformationFile [0xF3A1EE90]
SSDT spqg.sys ZwSetValueKey [0xF848319C]
SSDT F8C5AD17 ZwTerminateProcess
SSDT F8C5AD12 ZwWriteVirtualMemory

INT 0x62 ? 82570BF8
INT 0x82 ? 82570BF8
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00

---- Kernel code sections - GMER 1.0.15 ----

? spqg.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F714862C 5 Bytes JMP 821E74E0
.text aafn7or4.SYS F700D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aafn7or4.SYS F700D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aafn7or4.SYS F700D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aafn7or4.SYS F700D3C9 1 Byte [30]
.text aafn7or4.SYS F700D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8465042] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F846513E] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84650C0] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8465800] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84656D6] spqg.sys
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8474E9C] spqg.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8256F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Fastfat \FatCdrom 81C871F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1240E108-AD10-4E53-BFA0-8EF8616A2D67} 81D581F8
Device \Driver\usbuhci \Device\USBPDO-0 821E51F8
Device \Driver\usbuhci \Device\USBPDO-1 821E51F8
Device \Driver\usbuhci \Device\USBPDO-2 821E51F8
Device \Driver\usbuhci \Device\USBPDO-3 821E51F8
Device \Driver\PCI_PNP0518 \Device\00000055 spqg.sys
Device \Driver\usbehci \Device\USBPDO-4 821B81F8
Device \Driver\prodrv06 \Device\ProDrv06 E1D04008
Device \Driver\Ftdisk \Device\HarddiskVolume1 825DD1F8
Device \Driver\Cdrom \Device\CdRom0 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 825DD1F8
Device \Driver\Cdrom \Device\CdRom1 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 825DD1F8
Device \Driver\atapi \Device\Ide\IdePort0 825701F8
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 825701F8
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Cdrom \Device\CdRom2 822001F8
Device \Driver\usbstor \Device\00000081 81C681F8
Device \Driver\usbstor \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10239A0
Device \Driver\usbstor \Device\00000082 81C681F8
Device \Driver\usbstor \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 81D581F8
Device \Driver\usbstor \Device\00000083 81C681F8
Device \Driver\usbstor \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000084 81C681F8
Device \Driver\usbstor \Device\00000084 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\3241379268 spqg.sys
Device \Driver\usbstor \Device\00000085 81C681F8
Device \Driver\usbstor \Device\00000085 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 81D581F8
Device \Driver\usbuhci \Device\USBFDO-0 821E51F8
Device \Driver\usbuhci \Device\USBFDO-1 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81C851F8
Device \Driver\usbuhci \Device\USBFDO-2 821E51F8
Device \Driver\usbuhci \Device\USBFDO-3 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81C851F8
Device \Driver\Ftdisk \Device\FtControl 825DD1F8
Device \Driver\usbehci \Device\USBFDO-4 821B81F8
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \FileSystem\Fastfat \Fat 81C871F8

AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Cdfs \Cdfs 81C261F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 44C6913E471845F3458589CD82C2F685EEE6CD21842DB365F81FC490A43549FAB124D405D866C47B53BBC8C5CF2EE89B69524B8E2158A0163B21688401649580D5AB286D90A1CFE91B02B1 3C33215C5963DE83EFFB78928B338D38C0294E6207FA21E1172ABC2D046C80695FC005BB9F58BA0C21240937E02435DAECC122B88A4F9B5999833E6B427EB21AD3AED2360526E700EF471A 7B6A37BFFCA513A5EABAE1096A009E405CD06DEA71ADD71BBDD1133CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7 4CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC7933A9C6AECB7A5D140799AFA4FA00A9C0CAE05D5F95129189682803D4E7D3262947EF3036BA548C32928394A69534C775D1E9CB D2EE91ECDF42D37A1E2D8B24EE8127BBD8FACC00348413D910602BA1E55EB861653BD52C805C5EF57679940AFCEA3706DDAC168292523EC13AECCE1B03B8946B4701675007047EF00A6737 15B8F6E8D88B255BAD19B37B83A261CC4C25FEC52ED05B148EF25A71DA28A905B768EA0671C8C78D517B3549C6EBF8168386A01B617D7B6F50A8D5F197C5824F1AB9635F01A30D5FF0CDB6 A72C5C825F3EC4E365ADEBA24FB4ED414580F94BAD94BD4EC72C4E03CA450A6A9AC35C5DA2B4E25F7A345EA8CC0C70B832E08070FBB6E66E180B9ACB8BB

---- EOF - GMER 1.0.15 ----

Lucky_Ace · 05.11.2009, 19:25

entschuldigung ich hatte es müssen in drei teile teilen... hätte es auch können bei file upload hochladen aber ich wusste nicht ob das ok gewesen wäre...

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 19:14:54
Windows 5.1.2600 Service Pack 2
Running: 8komv53u.exe; Driver: C:\WINDOWS\TEMP\fxqcifow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwClose [0xF3A1EE60]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwCreateFile [0xF3A1EEF5]
SSDT spqg.sys ZwCreateKey [0xF84640E0]
SSDT F8C5AD1C ZwCreateThread
SSDT spqg.sys ZwEnumerateKey [0xF8482CA4]
SSDT spqg.sys ZwEnumerateValueKey [0xF8483032]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwOpenFile [0xF3A1F105]
SSDT spqg.sys ZwOpenKey [0xF84640C0]
SSDT F8C5AD08 ZwOpenProcess
SSDT F8C5AD0D ZwOpenThread
SSDT spqg.sys ZwQueryKey [0xF848310A]
SSDT spqg.sys ZwQueryValueKey [0xF8482F8A]
SSDT \??\C:\WINDOWS\system32\drivers\SLEE401.sys ZwSetInformationFile [0xF3A1EE90]
SSDT spqg.sys ZwSetValueKey [0xF848319C]
SSDT F8C5AD17 ZwTerminateProcess
SSDT F8C5AD12 ZwWriteVirtualMemory

INT 0x62 ? 82570BF8
INT 0x82 ? 82570BF8
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00
INT 0xB4 ? 821E7F00

---- Kernel code sections - GMER 1.0.15 ----

? spqg.sys Das System kann die angegebene Datei nicht finden. !
.text aafn7or4.SYS F700D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aafn7or4.SYS F700D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aafn7or4.SYS F700D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aafn7or4.SYS F700D3C9 1 Byte [30]
.text aafn7or4.SYS F700D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8465042] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F846513E] spqg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84650C0] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8465800] spqg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84656D6] spqg.sys
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aafn7or4.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8474E9C] spqg.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8256F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Fastfat \FatCdrom 81C871F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1240E108-AD10-4E53-BFA0-8EF8616A2D67} 81D581F8
Device \Driver\usbuhci \Device\USBPDO-0 821E51F8
Device \Driver\usbuhci \Device\USBPDO-1 821E51F8
Device \Driver\usbuhci \Device\USBPDO-2 821E51F8
Device \Driver\usbuhci \Device\USBPDO-3 821E51F8
Device \Driver\usbehci \Device\USBPDO-4 821B81F8
Device \Driver\PCI_PNP0518 \Device\00000055 spqg.sys
Device \Driver\prodrv06 \Device\ProDrv06 E1D04008
Device \Driver\Ftdisk \Device\HarddiskVolume1 825DD1F8
Device \Driver\Cdrom \Device\CdRom0 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 825DD1F8
Device \Driver\Cdrom \Device\CdRom1 822001F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 825DD1F8
Device \Driver\atapi \Device\Ide\IdePort0 825701F8
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 825701F8
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 825701F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Cdrom \Device\CdRom2 822001F8
Device \Driver\usbstor \Device\00000081 81C681F8
Device \Driver\usbstor \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000082 81C681F8
Device \Driver\usbstor \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10239A0
Device \Driver\usbstor \Device\00000083 81C681F8
Device \Driver\usbstor \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 81D581F8
Device \Driver\sptd \Device\3241379268 spqg.sys
Device \Driver\usbstor \Device\00000084 81C681F8
Device \Driver\usbstor \Device\00000084 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 81D581F8
Device \Driver\usbstor \Device\00000085 81C681F8
Device \Driver\usbstor \Device\00000085 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-0 821E51F8
Device \Driver\usbuhci \Device\USBFDO-1 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81C851F8
Device \Driver\usbuhci \Device\USBFDO-2 821E51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81C851F8
Device \Driver\usbuhci \Device\USBFDO-3 821E51F8
Device \Driver\usbehci \Device\USBFDO-4 821B81F8
Device \Driver\Ftdisk \Device\FtControl 825DD1F8
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41Port2Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 823A3500
Device \Driver\aafn7or4 \Device\Scsi\aafn7or41 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \FileSystem\Fastfat \Fat 81C871F8

AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Cdfs \Cdfs 81C261F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Update\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x84 0x26 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x6B 0xBB 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xF8 0x91 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Neuer Ordner\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 44C6913E471845F3458589CD82C2F685EEE6CD21842DB365F81FC490A43549FAB124D405D866C47B53BBC8C5CF2EE89B69524B8E2158A0163B21688401649580D5AB286D90A1CFE91B02B1 3C33215C5963DE83EFFB78928B338D38C0294E6207FA21E1172ABC2D046C80695FC005BB9F58BA0C21240937E02435DAECC122B88A4F9B5999833E6B427EB21AD3AED2360526E700EF471A 7B6A37BFFCA513A5EABAE1096A009E405CD06DEA71ADD71BBDD1133CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7 4CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC7933A9C6AECB7A5D140799AFA4FA00A9C0CAE05D5F95129189682803D4E7D3262947EF3036BA548C32928394A69534C775D1E9CB D2EE91ECDF42D37A1E2D8B24EE8127BBD8FACC00348413D910602BA1E55EB861653BD52C805C5EF57679940AFCEA3706DDAC168292523EC13AECCE1B03B8946B4701675007047EF00A6737 15B8F6E8D88B255BAD19B37B83A261CC4C25FEC52ED05B148EF25A71DA28A905B768EA0671C8C78D517B3549C6EBF8168386A01B617D7B6F50A8D5F197C5824F1AB9635F01A30D5FF0CDB6 A72C5C825F3EC4E365ADEBA24FB4ED414580F94BAD94BD4EC72C4E03CA450A6A9AC35C5DA2B4E25F7A345EA8CC0C70B832E08070FBB6E66E180B9ACB8BB

---- EOF - GMER 1.0.15 ----

Gruß Lucky_

Ace

Chris4You · 06.11.2009, 10:13

Hi,

Bitte folgende Files prüfen (wahrscheinlich demontools):

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\Drivers\aafn7or4.SYS
C:\Windows\System32\Drivers\spqg.sys

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

So, dann wie folgt vorgehen (combofix deinstallieren):
Start->Ausführen-> combofix /u

Combofix neu runterladen (er wird jeden Tag auf die neusten kleinen Viecher angepasst), bereits im Downloaddialog auf test.exe umbenennen, dann wie gehabt starten, scannen lasse und log posten...
(Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

chris

IE öffnet automatisch werbung + langsamer pc

Log-Analyse und Auswertung: IE öffnet automatisch werbung + langsamer pc