| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen Trojaner im System gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2009, 12:07
| #1 |
 |  TR/Crypt.XPACK.Gen Trojaner im System gefunden habe heute morgen mein system gestartet und wollte eine datei ausführen. aber anstatt das die datei ausgeführt wurde, ist der bildschirm plötzlich schwarz geworden und ich musste den computer neu starten. nach dem reboot habe ich den ordner der datei mit antivir gescannt und es wurde der trojaner TR/Crypt.XPACK.Gen gefunden, den ich dann natürlich sofort in quarantäne verschoben habe. als ich danach dann das komplette system scannen wollte, hat sich der pc mitten im scan neu gestartet. nach diesem neustart wurde mir angezeigt, dass ein schwerwiegender fehler im system zum reboot geführt hat. deswegen hab ich dann erstmal malewarebytes das system scannen lassen und hier ist das gleiche passiert - ein neustart mitten im scan. es scheint so, als ob das system neustartet wenn eine bestimmte datei gescannt werden soll... ist ja offensichtlich. demnach mach ich jetzt erstmal nichts mehr. hier erstmal der highjackthis log. ich hoffe ihr könnt mir helfen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:53:20, on 13.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe C:\Programme\Windows Media Player\wmpnetwk.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\SMSC\SetIcon.exe C:\Programme\Home Cinema\TV Enhance\TVEService.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Exif Launcher\QuickDCF.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://search.qip.ru R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVEService] "C:\Programme\Home Cinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Programme\Exif Launcher\QuickDCF.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://w*w.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.c*m/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160402350437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9994 bytes Geändert von radiowave (13.01.2009 um 12:13 Uhr) |
|
13.01.2009, 19:43
| #2 |
  | TR/Crypt.XPACK.Gen Trojaner im System gefunden Hi radiowave und
__________________ Hast du das alles auch einmal im Safeboot probiert? Das Log ist nicht wirklich dramatisch und zeigt auch keine "bedrohlichen" Prozesse... Was hätte dann diese Datei sein sollen? Wie heisst diese und wo befindet sie sich genau? Hat Malwarebytes etwas gefunden bis zu dem Punkt als dein System gerebootet wurde? Hast du sonst noch irgendwelche Programme angewandt? grüsse trojan-death
__________________ |
|
13.01.2009, 20:42
| #3 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden ich kann mittlerweile alle viren programme durchlaufen lassen (antivir, spyware doctor, malewarebytes, spybot) und es hat auch keines irgendetwas gefunden. der virus, der anfangs den bildschirm schwarz gemacht hat, war im qip (ein internet messenger) ordner unter empfangenen dateien. also in dem ordner wo die dateien gespeichert werden, die ich geschickt bekomme. da war der virus in einer datei drin. gestern und davor war da aber noch nichts. und noch was ist ungewöhnlich: nach den reboots arbeitet mein pc plötzlich nur noch mit 1 gb ram und es wird auch nur 1 gb ram angezeigt (im task manager und bei ccleaner) , obwohl 2 gb ram im pc stecken und es gestern noch 2 waren. kann es sein, dass der virus sich vielleicht tarnt oder sowas? und wird vielleicht ein screenshot von meinen laufenden prozessen im taskmanager gebraucht?
__________________ |
|
13.01.2009, 20:48
| #4 | |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden Sieht ganz danach aus, als würde sich etwas tarnen wollen... Folgendes: Blacklight scannen lassen * Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link. * Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen. * Klick "I accept the agreement", "next", "Scan". * Wenn der Scan fertig ist beende Blacklight mit "Close". * Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. Poste dieses bitte! Gmer scannen lassen Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
Bitte auch neues HJT Log posten 
__________________ Kein Support per PN Zitat:
|
|
13.01.2009, 23:47
| #5 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden hier der 1. teil des logs von gmer: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-13 23:36:17 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xF3E687A6] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF3E65794] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xF3E65F1E] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF7821C40] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xF3E691F0] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xF3E6942A] SSDT spdy.sys ZwEnumerateKey [0xF732ECA2] SSDT spdy.sys ZwEnumerateValueKey [0xF732F030] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF78218D0] SSDT spdy.sys ZwOpenKey [0xF73100C0] SSDT spdy.sys ZwQueryKey [0xF732F108] SSDT spdy.sys ZwQueryValueKey [0xF732EF88] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xF3E6A12A] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF3E6983C] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF7821E70] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF7821E00] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xF3E64384] INT 0x62 ? 86FD6BF8 INT 0x63 ? 86CB6BF8 INT 0x74 ? 86CB6BF8 INT 0x94 ? 86FD6BF8 INT 0x94 ? 86FD6BF8 INT 0x94 ? 86CB6BF8 INT 0x94 ? 86FD6BF8 INT 0xB4 ? 86CB6BF8 ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 301A 805048B6 2 Bytes [ E6, F3 ] ? spdy.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F66A48AC 5 Bytes JMP 86CB61D8 .text an041ex1.SYS F651F386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text an041ex1.SYS F651F3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text an041ex1.SYS F651F3C4 3 Bytes [ 00, 70, 02 ] .text an041ex1.SYS F651F3C9 1 Byte [ 2E ] .text an041ex1.SYS F651F3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ] .text ... ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B8, 84 ] .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 31, 84 ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text |
|
13.01.2009, 23:50
| #6 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden hier der 2. teil des logs von gmer: C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5F, 85 ] .text C:\WINDOWS\RTHDCPL.EXE[240] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\RTHDCPL.EXE[240] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\RTHDCPL.EXE[240] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 61, 84 ] .text C:\Programme\WinRAR\WinRAR.exe[252] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\WinRAR\WinRAR.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\WinRAR\WinRAR.exe[252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 |
|
13.01.2009, 23:51
| #7 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 3. teil von gmer (man ist das viel): Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 21, 84 ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F4, 83 ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 32, 84 ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 65, 84 ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Mozilla Firefox\firefox.exe[520] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP |
|
13.01.2009, 23:53
| #8 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 4. teil von gmer: 5F2E0F5A .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 23, 84 ] .text C:\WINDOWS\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 96, 84 ] .text C:\WINDOWS\system32\csrss.exe[596] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\csrss.exe[596] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A7, 84 ] .text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] |
|
13.01.2009, 23:54
| #9 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 5. teil: .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ] .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ] .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ] .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text |
|
13.01.2009, 23:56
| #10 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 6. teil: .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ] .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ] .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ] .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text |
|
13.01.2009, 23:58
| #11 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 7. teil: .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 03, 84 ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsSvc.exe[1240] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 23, A1, C3, 83 ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, E2, 84 ] .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ADVAPI32.dll!LsaClose + 7A8 77DB268C 1 Byte [ A5 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] |
|
13.01.2009, 23:59
| #12 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden der 8. teil: .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F7, 83 ] .text C:\WINDOWS\system32\dllhost.exe[1544] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7B, 84 ] .text C:\WINDOWS\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 44, 84 ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B2, 84 ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] |
|
14.01.2009, 00:00
| #13 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden 9. teil: .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 80, 85 ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] kernel32.dll!SetConsoleInputExeNameA + 121 7C871EE9 1 Byte [ 8B ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5C, 84 ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] |
|
14.01.2009, 00:01
| #14 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden 10. teil: .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 13, 84 ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2E, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 25, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 22, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 28, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1C, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1F, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 2B, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, ED, 87 ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A .text C:\WINDOWS\eHome\ehRecvr.exe[1884] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 61, 84 ] .text C:\WINDOWS\eHome\ehSched.exe[1940] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\eHome\ehSched.exe[1940] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 70, 8A ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A |
|
14.01.2009, 00:02
| #15 |
| | TR/Crypt.XPACK.Gen Trojaner im System gefunden 11. teil: .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ] .text C:\WINDOWS\system32\svchost.exe[2104] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[2104] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A4, 85 ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 86 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 37, A1, C3, 83 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, |
|
| Themen zu TR/Crypt.XPACK.Gen Trojaner im System gefunden |
| antivir, avira, bildschirm, bonjour, computer, excel, explorer, fehler, firefox, highjackthis, hijack, hijackthis, hkus\s-1-5-18, install.exe, internet, internet explorer, malwarebytes' anti-malware, mozilla, pop-up-blocker, rundll, security, software, spyware, starten., system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, windows, windows xp, wlan |
Linear-Darstellung
