Logfile Router:
09/08/2012 11:40:37 192.168.2.2 login fail
09/08/2012 11:30:41 192.168.2.2 login fail
09/08/2012 11:20:35 192.168.2.2 login fail
09/08/2012 11:11:52 192.168.2.2 login fail
Gmer Logfile:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-08 12:39:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD300LJ rev.ZT100-12
Running: dsf5lg.exe; Driver: C:\Users\Arlt\AppData\Local\Temp\kwtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT 8EF2F726 ZwCreateSection
SSDT 8EF2F730 ZwRequestWaitReplyPort
SSDT 8EF2F72B ZwSetContextThread
SSDT 8EF2F735 ZwSetSecurityObject
SSDT 8EF2F73A ZwSystemDebugControl
SSDT 8EF2F6C7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C42989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C624E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C6987C 4 Bytes [26, F7, F2, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C69BD8 4 Bytes [30, F7, F2, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C69C1C 4 Bytes [2B, F7, F2, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C69C98 4 Bytes [35, F7, F2, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C69CEC 4 Bytes [3A, F7, F2, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C06000, 0x1456A8, 0xE8000020]
PAGE peauth.sys 9F46A02C 102 Bytes CALL AB1988BB
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9F618000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9F618123 629 Bytes [35, 61, 9F, FE, 05, 34, 35, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9F618399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9F6183FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9F6184AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Kann sich bitte jemand mal jemand den GmerLog anschauen, finde
es nicht normal, dass sich jemand in meinen Router einloggen will.
Die Lan IP gehört zu meinem PC und werde nicht viermal hintereinander
die flaschenLogin Daten in meinen Router in einem abstand von zehn
Minuten eingeben. Malwarebytes und AVira melden nichts, der MBR
schein ok zu sein. Danke im Voraus, wenn jemand mir ein Feedback
geben könnte.
Gruß
Zebra