okay hier das gmer-ergebnis.ich hoffe in der richtigen form?
falls nicht, sagst nochmal bescheid.....aber machst du ja eh
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-26 16:06:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_SP2504C rev.VT100-38
Running: 5cxqv1ti.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys
---- System - GMER 1.0.15 ----
SSDT F7C5C87E ZwCreateKey
SSDT F7C5C874 ZwCreateThread
SSDT F7C5C883 ZwDeleteKey
SSDT F7C5C88D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF736BFB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF736C340]
SSDT F7C5C892 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF73660B0]
SSDT F7C5C860 ZwOpenProcess
SSDT F7C5C865 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF736C418]
SSDT sptd.sys ZwQueryValueKey [0xF736C298]
SSDT F7C5C89C ZwReplaceKey
SSDT F7C5C897 ZwRestoreKey
SSDT F7C5C888 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C1E360, 0x20FDBD, 0xE8000020]
.text USBPORT.SYS!DllUnload F5BFE8AC 5 Bytes JMP 86D853B8
? System32\Drivers\acvye09y.SYS Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7366AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7366C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7366B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7367748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F736761E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F737C29A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F651E8
Device \FileSystem\Fastfat \FatCdrom 86B0E790
Device \Driver\usbohci \Device\USBPDO-0 86D96790
Device \Driver\usbohci \Device\USBPDO-1 86D96790
Device \Driver\PCI_NTPNP2894 \Device\00000045 sptd.sys
Device \Driver\usbehci \Device\USBPDO-2 86D95790
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD41E8
Device \Driver\usbstor \Device\00000071 86B9C790
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD41E8
Device \Driver\usbstor \Device\00000072 86B9C790
Device \Driver\Cdrom \Device\CdRom0 86D90790
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000073 86B9C790
Device \Driver\Cdrom \Device\CdRom1 86D90790
Device \Driver\usbstor \Device\00000074 86B9C790
Device \Driver\Cdrom \Device\CdRom2 86D90790
Device \Driver\usbstor \Device\00000075 86B9C790
Device \Driver\Cdrom \Device\CdRom3 86D90790
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C2F1E8
Device \Driver\NetBT \Device\NetbiosSmb 86C2F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C679FCD5-B4DB-4854-AA53-6CDBBE614F77} 86C2F1E8
Device \Driver\usbohci \Device\USBFDO-0 86D96790
Device \Driver\usbohci \Device\USBFDO-1 86D96790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C00580
Device \Driver\usbehci \Device\USBFDO-2 86D95790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C00580
Device \Driver\Ftdisk \Device\FtControl 86FD41E8
Device \Driver\acvye09y \Device\Scsi\acvye09y1Port4Path0Target0Lun0 86CC81E8
Device \Driver\acvye09y \Device\Scsi\acvye09y1Port4Path0Target1Lun0 86CC81E8
Device \Driver\acvye09y \Device\Scsi\acvye09y1 86CC81E8
Device \FileSystem\Fastfat \Fat 86B0E790
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86AB9790
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x4C 0xC6 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0x2C 0xEE 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB1 0xB4 0x18 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x52 0xB6 0x92 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x4C 0xC6 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0x2C 0xEE 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB1 0xB4 0x18 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x52 0xB6 0x92 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x4C 0xC6 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0x2C 0xEE 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB1 0xB4 0x18 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x52 0xB6 0x92 0xB5 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
--- --- ---
26.06.2011, 15:10
Baum-Darstellung