EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

DukeYGO · 04.03.2013, 18:02

Ist Avast besser als Antivir?

Die Logs sehen irgendwie verdächtig unverdächtig aus, keine Ahnung, was das heißt...
Egal, hier im nachfolgenden die Logs:

GMER Log:

[CODE]
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-04 17:55:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uwldrkob.sys


---- System - GMER 2.1 ----

SSDT            9785352E                                                                                         ZwCreateSection
SSDT            97853538                                                                                         ZwRequestWaitReplyPort
SSDT            97853533                                                                                         ZwSetContextThread
SSDT            9785353D                                                                                         ZwSetSecurityObject
SSDT            97853542                                                                                         ZwSystemDebugControl
SSDT            978534CF                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C509E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C8A1C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C9130C 4 Bytes  [2E, 35, 85, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82C91668 4 Bytes  [38, 35, 85, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82C916AC 4 Bytes  [33, 35, 85, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82C91728 4 Bytes  [3D, 35, 85, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82C9177C 4 Bytes  JMP 85354282 
.text           ...                                                                                              
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x9100F000, 0x2CB832, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b4f859                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b4f859 (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Der Malwarebyte Log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.04.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xxx:: xxx-PC [administrator]

04.03.2013 14:55:40
mbar-log-2013-03-04 (14-55-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30943
Time elapsed: 24 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

Ähnliche Themen: EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)