| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32.delf.uc Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.07.2009, 22:04
| #1 |
 |  Win32.delf.uc Trojaner eingefangen Gmer logfile Teil 1: Code:
ATTFilter GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-09 22:00:47
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
INT 0x62 ? 89E45BF8
INT 0x82 ? 89E45BF8
INT 0x84 ? 89C98E90
INT 0x94 ? 89C98E90
INT 0xA4 ? 89C98E90
---- Kernel code sections - GMER 1.0.15 ----
? spgu.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload BA13862C 5 Bytes JMP 89C98470
.text aqbja81v.SYS BA087384 1 Byte [20]
.text aqbja81v.SYS BA087384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text aqbja81v.SYS BA0873AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text aqbja81v.SYS BA0873C4 3 Bytes [00, 00, 00]
.text aqbja81v.SYS BA0873C9 1 Byte [00]
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\igfxsrvc.exe[136] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\igfxsrvc.exe[136] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01110001
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe[244] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\IoctlSvc.exe[272] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text c:\xampp\apache\bin\apache.exe[392] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\svchost.exe[400] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\wdfmgr.exe[452] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\hkcmd.exe[676] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\hkcmd.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\igfxpers.exe[684] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\igfxpers.exe[684] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F70001
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\WLTRAY.exe[692] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\WLTRAY.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01040001
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\WLTRAY.exe[692] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F100F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Java\jre6\bin\jqs.exe[696] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\xampp\mysql\bin\mysqld-nt.exe[732] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01990001
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F040F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F130F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F190F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F160F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[744] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F100F5A
.text C:\windows\pp10.exe[812] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\windows\pp10.exe[812] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\windows\pp10.exe[812] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\windows\pp10.exe[812] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\windows\pp10.exe[812] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\windows\pp10.exe[812] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\windows\pp10.exe[812] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003E0001
.text C:\windows\pp10.exe[812] ws2_32.dll!htons 71A12B66 6 Bytes JMP 5F0A0F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!connect 71A1406A 6 Bytes JMP 5F160F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0E, 5F] {PUSH DS; ADD [ESI], CL; POP EDI}
.text C:\windows\pp10.exe[812] ws2_32.dll!closesocket 71A19639 6 Bytes JMP 5F100F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F070F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F1C0F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F190F5A
.text C:\windows\pp10.exe[812] ws2_32.dll!accept 71A21028 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF9484E
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF948DD
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF948EA
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FF94B6E
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF948D3
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9492B
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF9484E
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF948DD
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF948EA
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FF94B6E
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF948D3
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9492B
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF9484E
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF948DD
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF948EA
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FF94B6E
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF948D3
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9492B
|
|
15.07.2009, 20:18
| #2 |
| | Win32.delf.uc Trojaner eingefangen Teil 2 der log.txt:
__________________Code:
ATTFilter ======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D76AB2A1-00F3-42BD-F434-00BBC39C8953}]
C:\WINDOWS\system32\grffr83hn.dll - C:\WINDOWS\system32\grffr83hn.dll [2009-07-06 15000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 118784]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 98304]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 139264]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1413120]
"IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 823296]
"IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 716800]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Norman ZANDA"=C:\Programme\Norman\Npm\bin\ZLH.EXE [2008-06-02 294000]
"ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2006-05-17 213936]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-04-16 148888]
"pp"=C:\windows\pp10.exe [2009-07-05 38400]
"Spy-Net"=C:\WINDOWS\recu\recured.exe [2009-04-13 266246]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 35328]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2280448]
"Spy-Net"=C:\WINDOWS\recu\recured.exe [2009-04-13 266246]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Programme\BearShare\BearShare.exe /pause []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-10-13 1714176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 247296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Programme\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Programme\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2
"iPod Service"=3
"gusvc"=3
"WLSetupSvc"=3
"Apple Mobile Device"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\grffr83hn.dll [2009-07-06 15000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\testxp1\Startmenü\Programme\Autostart\identd3.exe"="C:\Dokumente und Einstellungen\testxp1\Startmenü\Programme\Autostart\identd3.exe:*:Disabled:identd3"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Game\Armagetron Advanced\armagetronad.exe"="D:\Game\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c7f06f-b79a-11dd-95ed-001c2391899c}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97d78e6a-3006-11dd-94ce-001c2391899c}]
shell\AutoRun\command - G:\StartPortableApps.exe
======List of files/folders created in the last 1 months======
2009-07-15 21:09:21 ----D---- C:\rsit
2009-07-15 21:08:03 ----D---- C:\Programme\HijackThis
2009-07-09 22:03:13 ----D---- C:\Programme\blacklight
2009-07-09 19:12:10 ----D---- C:\Programme\CCleaner
2009-07-09 19:08:31 ----A---- C:\filelist.txt
2009-07-06 21:32:06 ----A---- C:\WINDOWS\system32\grffr83hn.dll
2009-07-06 21:31:39 ----D---- C:\Programme\Spybot - Search & Destroy
2009-07-06 21:31:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-07-05 18:28:06 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-05 12:01:24 ----H---- C:\WINDOWS\pp10.exe
2009-07-02 17:34:06 ----D---- C:\Downloads
2009-06-30 15:44:47 ----D---- C:\eclipse
======List of files/folders modified in the last 1 months======
2009-07-15 21:08:03 ----RD---- C:\Programme
2009-07-15 21:02:02 ----D---- C:\WINDOWS\Temp
2009-07-15 21:01:49 ----D---- C:\WINDOWS
2009-07-15 21:00:57 ----D---- C:\Programme\Norman
2009-07-09 19:01:40 ----D---- C:\WINDOWS\system32\drivers
2009-07-06 21:32:27 ----SHD---- C:\WINDOWS\Installer
2009-07-06 21:32:23 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-06 21:32:21 ----D---- C:\Dokumente und Einstellungen\root\Anwendungsdaten\Identities
2009-07-06 21:32:06 ----D---- C:\WINDOWS\system32
2009-07-06 21:31:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-06 16:40:20 ----D---- C:\Programme\Mozilla Firefox
2009-07-06 14:11:16 ----D---- C:\Programme\Ashampoo WinOptimizer 4
2009-07-05 18:24:42 ----D---- C:\Dokumente und Einstellungen
2009-07-03 11:20:00 ----D---- C:\eclipse31
2009-07-02 22:43:46 ----D---- C:\Programme\Cryptload
2009-07-02 22:08:16 ----D---- C:\Dokumente und Einstellungen\root\Anwendungsdaten\Skype
2009-07-02 17:36:24 ----D---- C:\Dokumente und Einstellungen\root\Anwendungsdaten\skypePM
2009-07-02 16:31:46 ----HD---- C:\WINDOWS\inf
2009-07-02 16:31:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 18:18:53 ----D---- C:\eclipse ganymede
2009-06-22 22:44:49 ----D---- C:\Dokumente und Einstellungen\root\Anwendungsdaten\dvdcss
2009-06-22 20:34:41 ----D---- C:\Filme
2009-06-22 20:20:38 ----ASH---- C:\boot.ini
2009-06-22 20:20:38 ----A---- C:\WINDOWS\win.ini
2009-06-22 20:20:38 ----A---- C:\WINDOWS\system.ini
2009-06-19 11:21:52 ----D---- C:\FHDW Unterlagen
2009-06-18 16:21:02 ----D---- C:\WINDOWS\security
2009-06-18 16:15:14 ----D---- C:\GOJA
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 NGS;Norman General Security Driver; \??\c:\programme\norman\nvc\bin\ngs.sys []
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-25 21425]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 Ndiskio;Ndiskio; \??\C:\Programme\Norman\Nse\bin\NDISKIO.SYS []
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 abbr60vq;abbr60vq; C:\WINDOWS\system32\drivers\abbr60vq.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-15 25280]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Vt001VID;VT Vt001 Camera; C:\WINDOWS\system32\DRIVERS\Vt001Vid.sys [2007-12-20 2983776]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; c:\xampp\apache\bin\apache.exe [2008-06-14 37376]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programme\Norman\Npm\bin\ELOGSVC.EXE [2007-08-30 150584]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-04-16 152984]
R2 mysql;mysql; C:\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5799936]
R2 Norman ZANDA;Norman ZANDA; C:\Programme\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]
R2 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59084800]
R2 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 225280]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 102400]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 348160]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 58880]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Programme\Intel\Wireless\Bin\WLKeeper.exe [2006-10-18 290816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 40448]
R3 Norman NJeeves;Norman NJeeves; C:\Programme\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 171064]
R3 nsesvc;Norman Scanner Engine Service; C:\Programme\Norman\nse\bin\NSESVC.EXE [2009-05-19 330808]
R3 nvcoas;Norman Virus Control on-access component; C:\Programme\Norman\Nvc\bin\nvcoas.exe [2009-03-06 203832]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 166968]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 90112]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 78096]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 71192]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 86016]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 312832]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 131072]
S4 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S4 iPod Service;iPod Service; C:\Programme\iPod\bin\iPodService.exe [2007-11-15 504104]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 122880]
S4 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 286208]
-----------------EOF-----------------
|
|
09.07.2009, 22:05
| #3 |
| | Win32.delf.uc Trojaner eingefangen Gmer logfile Part 2:
__________________Code:
ATTFilter .text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 06FD0001
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F040F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F130F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F190F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F160F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[924] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE[1124] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF9484E
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF948DD
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF948EA
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FF94B6E
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF948D3
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9492B
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D60001
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!htons 71A12B66 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!connect 71A1406A 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0E, 5F] {PUSH DS; ADD [ESI], CL; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!closesocket 71A19639 6 Bytes JMP 5F100F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[1256] ws2_32.dll!accept 71A21028 6 Bytes JMP 5F130F5A
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Npm\bin\ZLH.EXE[1260] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1280] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00FA0001
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0E, 5F] {PUSH DS; ADD [ESI], CL; POP EDI}
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F100F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F1C0F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\root\Desktop\l3ehjckc.exe[1328] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F130F5A
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1344] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\WLKeeper.exe[1384] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Npm\bin\ELOGSVC.EXE[1404] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.reloc C:\WINDOWS\Explorer.EXE[1444] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.reloc C:\WINDOWS\Explorer.EXE[1444] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FE8F4]
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\Explorer.EXE[1444] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Npm\Bin\Zanda.exe[1496] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\ctfmon.exe[1776] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\ctfmon.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E10001
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1884] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
|
|
09.07.2009, 22:07
| #4 |
| | Win32.delf.uc Trojaner eingefangen Gmer logfile Part 3: Code:
ATTFilter .text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\System32\bcmwltry.exe[1908] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Npm\bin\NJEEVES.EXE[2160] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2496] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Nvc\BIN\NIP.EXE[2856] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 07190001
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F040F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F130F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F190F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F160F5A
.text C:\Programme\Mozilla Firefox\firefox.exe[3068] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F100F5A
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\xampp\apache\bin\apache.exe[3364] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Nvc\bin\cclaw.exe[4416] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 7170003D
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Nvc\BIN\NVCSCHED.EXE[4984] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\Nvc\bin\nvcoas.exe[5036] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 017F0001
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!htons 71A12B66 6 Bytes JMP 5F040F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F130F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!WSAEventSelect 71A14573 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!WSAGetLastError + 2 71A194DE 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!closesocket 71A19639 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!WSAAsyncSelect 71A20979 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!WSAConnect 71A20C69 6 Bytes JMP 5F190F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!WSAAccept 71A20DA9 6 Bytes JMP 5F160F5A
.text C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe[5172] WS2_32.dll!accept 71A21028 6 Bytes JMP 5F100F5A
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\nse\bin\NSESVC.EXE[5344] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA484E
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA48DD
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA48EA
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtDeviceIoControlFile 7C91D8E3 5 Bytes CALL 7FFA4B6E
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA48D3
.text C:\Programme\Norman\npm\bin\niu.exe[5612] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA492B
.text C:\Programme\Norman\npm\bin\niu.exe[5612] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 7170003D
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spgu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spgu.sys
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\aqbja81v.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5
|
|
20.07.2009, 11:49
| #5 |
| | Win32.delf.uc Trojaner eingefangen Hi, kann mir nun jemand bitte was zu den logs sagen???  |
|
| Themen zu Win32.delf.uc Trojaner eingefangen |
| aufsetzen, daten, eingefangen, exe-dateien, externe festplatte, festplatten, gen, infiziert, infiziert?, internetverbindung, laptop, logon.exe, musik, nenne, neu aufsetzen, neuinstallation, programme, registry, retten, sachen, sichere, spiele, spybot, trojaner, trojaner eingefangen, verbindung, win, win32.delf.uc, wirklich |
Hybrid-Darstellung
