Rechner versendet SPAM Mails - Logfiles

Floyd · 24.02.2013, 06:28

Hi leo,
Hatte GMER nochmal gestartet und es lief durch, anbei das log!
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-23 15:00:51
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010M 298,09GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\Randolph\AppData\Local\Temp\kgldrkob.sys
 

---- System - GMER 2.1 ----
 
SSDT            8A53E8FE                                                                                  ZwCreateSection
SSDT            8A53E908                                                                                  ZwRequestWaitReplyPort
SSDT            8A53E903                                                                                  ZwSetContextThread
SSDT            8A53E90D                                                                                  ZwSetSecurityObject
SSDT            8A53E912                                                                                  ZwSystemDebugControl
SSDT            8A53E89F                                                                                  ZwTerminateProcess
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!KeSetTimerEx + 448                                                           81ED5A6C 4 Bytes  [FE, E8, 53, 8A]
.text           ntkrnlpa.exe!KeSetTimerEx + 76C                                                           81ED5D90 4 Bytes  [08, E9, 53, 8A]
.text           ntkrnlpa.exe!KeSetTimerEx + 7A0                                                           81ED5DC4 4 Bytes  [03, E9, 53, 8A]
.text           ntkrnlpa.exe!KeSetTimerEx + 804                                                           81ED5E28 4 Bytes  JMP B9D2E880 
.text           ntkrnlpa.exe!KeSetTimerEx + 84C                                                           81ED5E70 4 Bytes  JMP A7F9E8C8 
.text           ...                                                                                       
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                 section is writeable [0x82B56000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                 unknown last section [0x82B9F000, 0x510, 0x40000040]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                  section is writeable [0x8D403000, 0x1FB52A, 0xE8000020]
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!DialogBoxIndirectParamW  75ACBD25 5 Bytes  JMP 6B780F0D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!DialogBoxParamW          75AE1FD5 5 Bytes  JMP 6B780E97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!DialogBoxParamA          75B080B2 5 Bytes  JMP 6B780ED2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!DialogBoxIndirectParamA  75B083DD 5 Bytes  JMP 6B780F48 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!MessageBoxIndirectA      75B1D471 5 Bytes  JMP 6B780E53 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!MessageBoxIndirectW      75B1D56B 5 Bytes  JMP 6B780E0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!MessageBoxExA            75B1D5D1 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!MessageBoxExA            75B1D5D1 5 Bytes  JMP 6B780DD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] USER32.dll!MessageBoxExW            75B1D5F5 5 Bytes  JMP 6B780D9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5952] ole32.dll!OleLoadFromStream         75DE9794 5 Bytes  JMP 6B781123 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 
---- Processes - GMER 2.1 ----
 
Process          (*** hidden *** )                                                                        [4] 843A4910                                                                                             
 
---- EOF - GMER 2.1 ----

--- --- ---

[/CODE]

Rechner versendet SPAM Mails - Logfiles

Plagegeister aller Art und deren Bekämpfung: Rechner versendet SPAM Mails - Logfiles

Rechner versendet SPAM Mails - Logfiles

Ähnliche Themen: Rechner versendet SPAM Mails - Logfiles