| |
| |||||||
Log-Analyse und Auswertung: TR/Trash.Gen - Trojan.Zbot.CBC.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.08.2012, 23:32
| #1 |
| |  TR/Trash.Gen - Trojan.Zbot.CBC.Gen Hallo Allerseits, auf mir unerklärliche Weise hat sich meine Mutter verschiedene Viren eingefangen. Zunächst erschienen Zahlreiche Fehlermeldungen über den Ausfall des Explorers, sowie diverser Treiber und Programme wie Skype. Das Internet ist wohl zwischenzeitlich nicht nutzbar gewesen. Der Avira-Scan hat lediglich TR/Trash.Gen entdeckt, die datei befindet sich in Quarantäne. Mit Malwarebytes konnten weitere Viren entddeckt werden. Derzeit läuft das System wieder stabil. Hier der Aviralog, leider die spanische Version, ich hoffe das wesentlich ist verständlich, die anderen Logs sind auf Deutsch/Englisch Code:
ATTFilter Avira Free Antivirus
Fecha de creación del fichero de informe: Mittwoch, 1. August 2012 19:48
Analizando cepas de virus de 3995628.
El programa está funcionando como versión completa sin limitaciones.
Los servicios online están a disposición.
Titular de la licencia : Avira AntiVir Personal - Free Antivirus
Número de serie : 0000149996-ADJIE-0000001
Plataforma : Windows Vista
Versión de Windows : (Service Pack 2) [6.0.6002]
Modo de arranque : Arranque normal
Nombre de usuario : xxx
Nombre del equipo : xxx-PC
Información de versión:
BUILD.DAT : 12.0.0.149 Bytes 03.02.2012 17:40:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 03.02.2012 13:25:09
AVSCAN.DLL : 12.1.0.18 62416 Bytes 03.02.2012 13:25:33
LUKE.DLL : 12.1.0.19 68304 Bytes 03.02.2012 13:25:17
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.07.2012 18:47:53
AVREG.DLL : 12.3.0.17 232200 Bytes 18.07.2012 18:47:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 17:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 22:24:27
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:25:27
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:47:41
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:47:44
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:47:46
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 18:47:47
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 18:47:47
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 18:47:47
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 18:47:47
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 18:47:47
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 18:47:47
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 18:47:47
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 18:47:47
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 19:07:52
VBASE015.VDF : 7.11.38.19 2048 Bytes 30.07.2012 19:07:53
VBASE016.VDF : 7.11.38.20 2048 Bytes 30.07.2012 19:07:53
VBASE017.VDF : 7.11.38.21 2048 Bytes 30.07.2012 19:07:53
VBASE018.VDF : 7.11.38.22 2048 Bytes 30.07.2012 19:07:53
VBASE019.VDF : 7.11.38.23 2048 Bytes 30.07.2012 19:07:53
VBASE020.VDF : 7.11.38.24 2048 Bytes 30.07.2012 19:07:53
VBASE021.VDF : 7.11.38.25 2048 Bytes 30.07.2012 19:07:53
VBASE022.VDF : 7.11.38.26 2048 Bytes 30.07.2012 19:07:53
VBASE023.VDF : 7.11.38.27 2048 Bytes 30.07.2012 19:07:53
VBASE024.VDF : 7.11.38.28 2048 Bytes 30.07.2012 19:07:53
VBASE025.VDF : 7.11.38.29 2048 Bytes 30.07.2012 19:07:53
VBASE026.VDF : 7.11.38.30 2048 Bytes 30.07.2012 19:07:53
VBASE027.VDF : 7.11.38.31 2048 Bytes 30.07.2012 19:07:53
VBASE028.VDF : 7.11.38.32 2048 Bytes 30.07.2012 19:07:53
VBASE029.VDF : 7.11.38.33 2048 Bytes 30.07.2012 19:07:53
VBASE030.VDF : 7.11.38.34 2048 Bytes 30.07.2012 19:07:53
VBASE031.VDF : 7.11.38.38 15872 Bytes 30.07.2012 19:07:53
Versión del motor : 8.2.10.120
AEVDF.DLL : 8.1.2.10 102772 Bytes 18.07.2012 18:47:52
AESCRIPT.DLL : 8.1.4.36 459131 Bytes 30.07.2012 19:07:55
AESCN.DLL : 8.1.8.2 131444 Bytes 18.07.2012 18:47:52
AESBX.DLL : 8.2.5.12 606578 Bytes 18.07.2012 18:47:52
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 22:23:48
AEPACK.DLL : 8.3.0.18 807287 Bytes 30.07.2012 19:07:55
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 22.07.2012 17:26:19
AEHEUR.DLL : 8.1.4.80 5075318 Bytes 30.07.2012 19:07:55
AEHELP.DLL : 8.1.23.2 258422 Bytes 18.07.2012 18:47:50
AEGEN.DLL : 8.1.5.34 434548 Bytes 22.07.2012 17:26:18
AEEXP.DLL : 8.1.0.72 86389 Bytes 30.07.2012 19:07:55
AEEMU.DLL : 8.1.3.2 393587 Bytes 18.07.2012 18:47:50
AECORE.DLL : 8.1.27.2 201078 Bytes 18.07.2012 18:47:49
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 22:23:43
AVWINLL.DLL : 12.1.0.17 27344 Bytes 03.02.2012 13:25:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 03.02.2012 13:25:08
AVREP.DLL : 12.3.0.15 179208 Bytes 18.07.2012 18:47:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 03.02.2012 13:25:07
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 03.02.2012 13:25:07
SQLITE3.DLL : 3.7.0.0 398288 Bytes 03.02.2012 13:25:20
AVSMTP.DLL : 12.1.0.17 62928 Bytes 03.02.2012 13:25:10
NETNT.DLL : 12.1.0.17 17104 Bytes 03.02.2012 13:25:17
RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20.01.2012 22:24:44
RCTEXT.DLL : 12.1.0.16 98768 Bytes 20.01.2012 22:24:44
Configuración para el análisis actual:
Nombre de tarea.....................................: Selección manual
Fichero de configuración............................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Registro............................................: Predeterminado
Acción principal....................................: interactivo
Acción secundaria...................................: omitir
Analizando sectores de arranque maestros............: activado
Analizando sectores de arranque.....................: activado
Sectores de arranque................................: C:, D:,
Analizando programas activos........................: activado
Analizando registro.................................: activado
Búsqueda de rootkits................................: desactivado
Comprobación de integridad de ficheros del sistema..: desactivado
Modo de análisis de ficheros........................: Selección inteligente de ficheros
Analizando archivos.................................: activado
Limitar nivel de recursividad.......................: 20
Extensiones inteligentes de archivo.................: activado
Heurística de macrovirus............................: activado
Heurística de ficheros..............................: Avanzado
Comienzo del análisis: Mittwoch, 1. August 2012 19:48
Comienza el análisis de los sectores de arranque maestros:
Sector de arranque maestro HD0
[INFORMACIÓN] No se encontraron virus.
[INFORMACIÓN] Vuelva a iniciar el análisis con derechos de administrador
Comienza el análisis de los sectores de arranque:
Sector de arranque 'C:\'
[INFORMACIÓN] No se encontraron virus.
[INFORMACIÓN] Vuelva a iniciar el análisis con derechos de administrador
Sector de arranque 'D:\'
[INFORMACIÓN] No se encontraron virus.
[INFORMACIÓN] Vuelva a iniciar el análisis con derechos de administrador
Comienza el análisis de los procesos iniciados:
Analizando proceso 'avscan.exe' - se analizaron '1' módulos
Analizando proceso 'avcenter.exe' - se analizaron '1' módulos
Analizando proceso 'unsecapp.exe' - se analizaron '1' módulos
Analizando proceso 'Apntex.exe' - se analizaron '1' módulos
Analizando proceso 'HidFind.exe' - se analizaron '1' módulos
Analizando proceso 'Skype.exe' - se analizaron '1' módulos
Analizando proceso 'Trjscan.exe' - se analizaron '1' módulos
Analizando proceso 'avgnt.exe' - se analizaron '1' módulos
Analizando proceso 'jusched.exe' - se analizaron '1' módulos
Analizando proceso 'igfxpers.exe' - se analizaron '1' módulos
Analizando proceso 'hkcmd.exe' - se analizaron '1' módulos
Analizando proceso 'igfxtray.exe' - se analizaron '1' módulos
Analizando proceso 'ePower_DMC.exe' - se analizaron '1' módulos
Analizando proceso 'igfxsrvc.exe' - se analizaron '1' módulos
Analizando proceso 'RtkBtMnt.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'Apoint.exe' - se analizaron '1' módulos
Analizando proceso 'RtHDVCpl.exe' - se analizaron '1' módulos
Analizando proceso 'MSASCui.exe' - se analizaron '1' módulos
Analizando proceso 'Explorer.EXE' - se analizaron '1' módulos
Analizando proceso 'Dwm.exe' - se analizaron '1' módulos
Se inicia el análisis de las referencias a ficheros ejecutables (registro):
Se analizó el registro ( '1120' ficheros ).
Comienza el análisis de los ficheros seleccionados:
Comenzando el análisis en 'C:\' <Acer>
C:\Users\xxx\AppData\Roaming\appconf32.exe.vir
[DETECCIÓN] Se trata del troyano TR/Trash.Gen
Comenzando el análisis en 'D:\' <DATA>
Iniciando la desinfección:
C:\Users\xxx\AppData\Roaming\appconf32.exe.vir
[DETECCIÓN] Se trata del troyano TR/Trash.Gen
[NOTA] El fichero se movió al directorio de cuarentena usando el nombre '5468d733.qua'!
Fin del análisis: Mittwoch, 1. August 2012 20:36
Tiempo requerido: 46:22 Minutos
El análisis se ejecutó por completo.
22624 Directorios analizados
444979 Ficheros analizados
1 Virus o programas no deseados detectados
0 Ficheros clasificados como sospechosos
0 Ficheros eliminados
0 Virus o programas no deseados reparados
1 Ficheros movidos a cuarentena
0 Se cambió el nombre de los ficheros
0 No se pudieron analizar los ficheros
444978 Ficheros no concernidos
2855 Se analizaron los archivos
0 Advertencias
1 Notas
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Juana :: xxx-PC [Administrator] 01.08.2012 20:49:19 mbam-log-2012-08-01 (22-01-11)-2xxxx Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309733 Laufzeit: 1 Stunde(n), 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\xxx\AppData\Roaming\AcroIEHelpe178.dll (Trojan.Banker) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Juana :: xxx-PC [Administrator] 01.08.2012 20:49:19 mbam-log-2012-08-01 (22-01-11)-2xxxx Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309733 Laufzeit: 1 Stunde(n), 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\xxx\AppData\Roaming\AcroIEHelpe178.dll (Trojan.Banker) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 01.08.2012 22:15:12 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Juana\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 43,81% Memory free
4,11 Gb Paging File | 2,85 Gb Available in Paging File | 69,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 30,30 Gb Free Space | 43,50% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 69,55 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: JUANA-PC | User Name: Juana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7965733E-8CAB-4F05-9AA9-1CD279F5E988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A07987DF-27C3-4B9E-A02D-AB95B9EACBDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F954C923-0126-432D-A3C2-492C1D3107F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B50838-584C-4CA8-B538-E4FC33367729}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06515799-27E0-4A4C-824B-0674BBBECB4C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{09451580-C61A-45A0-93C7-BB7078997DCA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{1CFB5543-9579-454D-A67F-33BA7217AC67}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{62CAF491-9CC2-4DDC-AF3D-3AD3A7641484}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{6B94A52E-8B2A-47F6-A845-1E05359A5F60}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6E2EAF3A-26ED-4B70-BFA6-2B6037022EC6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{80671C4F-F043-4066-8817-6AE0C70C70AE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{87882A12-A902-4CE1-9E98-A639C8D049CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8B7D87AB-F233-46E1-B6A9-31BC7AF337A1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9302B959-E06E-4E0A-8A7D-657A0A50C8F7}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{96A9CA58-C23C-4517-857C-0C45DF0B0D7E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{96B6EC11-4723-4277-9133-15DB61BB2054}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A1FD5F5C-8762-4A0D-BA55-20D21E6CE635}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AC1DE86F-99DE-4D01-9492-C53FBCD89397}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{AF7C34B6-39ED-4C30-9B26-0CD0995F44DD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C9387E37-0C6B-4AD3-A8A8-DB3AF423FA5E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DA72A539-AEC0-4387-968F-F2E8783FCB98}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DC1CF00A-95B2-445B-88D7-B92736B4FB15}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DE9F6D5D-E32E-43B3-AF6E-2655A0A92DA6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{DEE2BBA2-DCA2-4B9B-9E1C-2D46A8D6DE8F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{E03FA749-48DF-491F-BD6E-F47004806A47}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"TCP Query User{145D0C1D-A72E-4CBA-98E6-5735BB46F35A}C:\program files\hercules\classic link\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic link\station2.exe |
"TCP Query User{7F69854D-55AB-46E8-9AFA-8B187A5034AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2DC24326-D732-49E8-8E5A-60C797D65E8F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4012048D-CA63-4761-9F40-4DD15324A6BD}C:\program files\hercules\classic link\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic link\station2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1ABA2AF6-A2BB-486C-A7CB-FCF34C135D92}" = Cisco AnyConnect VPN Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Link Webcam
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"MP4 Player" = MP4 Player
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2011 10:34:55 | Computer Name = Juana-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2011 13:02:07 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.11.2011 13:02:07 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.11.2011 13:02:12 | Computer Name = Juana-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2011 10:31:33 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.11.2011 10:31:33 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.11.2011 10:31:38 | Computer Name = Juana-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2011 15:49:21 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.11.2011 15:49:21 | Computer Name = Juana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.11.2011 15:49:24 | Computer Name = Juana-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2464 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2464 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7638 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5601 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5333
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5295
Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5057 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 01.08.2012 14:10:26 | Computer Name = Juana-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4983 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ System Events ]
Error - 31.07.2012 07:47:51 | Computer Name = Juana-PC | Source = DCOM | ID = 10005
Description =
Error - 31.07.2012 07:47:51 | Computer Name = Juana-PC | Source = DCOM | ID = 10005
Description =
Error - 31.07.2012 07:47:51 | Computer Name = Juana-PC | Source = DCOM | ID = 10005
Description =
Error - 31.07.2012 07:48:27 | Computer Name = Juana-PC | Source = DCOM | ID = 10005
Description =
Error - 31.07.2012 07:50:45 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 31.07.2012 07:50:45 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 08:58:54 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 31.07.2012 08:58:54 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2012 13:44:41 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 01.08.2012 13:44:41 | Computer Name = Juana-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-01 22:59:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: lk1o5d2w.exe; Driver: C:\Users\Juana\AppData\Local\Temp\kwloypog.sys
---- System - GMER 1.0.15 ----
SSDT 8AFD27BE ZwCreateSection
SSDT 8AFD27C8 ZwRequestWaitReplyPort
SSDT 8AFD27C3 ZwSetContextThread
SSDT 8AFD27CD ZwSetSecurityObject
SSDT 8AFD27D2 ZwSystemDebugControl
SSDT 8AFD275F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81EBC8D8 4 Bytes [BE, 27, FD, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 81EBCBFC 4 Bytes [C8, 27, FD, 8A] {ENTER 0xfd27, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 56D 81EBCC30 4 Bytes [C3, 27, FD, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81EBCC94 2 Bytes [CD, 27] {INT 0x27}
.text ntkrnlpa.exe!KeSetEvent + 5D4 81EBCC97 1 Byte [8A]
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA7B59300, 0x25D4C, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Danke im Vorraus Grüße Juan |
|
04.08.2012, 14:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Trash.Gen - Trojan.Zbot.CBC.GenCode:
ATTFilter C:\Users\xxx\AppData\Roaming\AcroIEHelpe178.dll (Trojan.Banker)
__________________ |
|
| Themen zu TR/Trash.Gen - Trojan.Zbot.CBC.Gen |
| browser, desktop, error, excel, failed, flash player, format, google, google earth, helper, home, install.exe, internet, launch, logfile, microsoft office 2003, mozilla, office 2007, realtek, registry, rundll, security, server, software, svchost.exe, system, tcp, trash.gen, trojan.zbot.gen, udp, viren, windows |
Linear-Darstellung
