| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bot NetzwerkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.03.2010, 02:27
| #1 |
 |  Bot Netzwerk Nabend zusammen, ich bräuchte mal euren Rat, und zwar wurde in den unten genannten Forum seit neusten versucht eine Verbindung zu ....://notydivi.com.tw/..... herzustellen.. http://lastchaos-forum.gamigo.de/ Einer der Com. meinte das "notydivi" diesem "Inhaber" gehört hilarykneber@yahoo*** Google spuckte darauf hin dieses aus: How old is it? The first activity from it was March 25, 2009. Is it out of business now? No. After a command-and-control server for it was traced to Germany, its URL was changed, and it's running just as it was before it was discovered. The data gleaned from the server has been turned over to law enforcement agencies and major companies with employees whose computers were bots have been notified. What damage can it do? Individuals whose personal data was mined might suffer financial loss if criminals use the data to transfer funds out of their accounts. What exactly is the ZeuS Trojan? ZeuS, also called Zbot, is a very effective cybercrime tool that is routinely updated, made more sophisticated and more stealthy. It can present a different profile in each computer it infects, making it difficult to catch using signatures. What do cybercriminals use it for? It's often used to gather user logons and passwords, and injects its own fields into Web pages seeking more detailed information about the user's identity. But it can also steal whatever data is on a computer, can enable remote control of compromised machines and can download other malware. It also periodically uploads what it gathers to command-and-control Web servers. How dangerous is it? It is ranked as the most dangerous type of botnet in operation by the security firm Damballa, and 1,313 ZeuS command-and-control servers have been identified by Zeus Tracker. A ZeuS botnet was once used to steal records of people looking for jobs through Monster.com. Why has it been around for so long? * The bot-creator is constantly upgraded to be less detectable and more flexible. It is encrypted and it adopts rootkit characteristics to hide in infected machines. It is sold for about $4,000 per copy, so there are many cybergangs using it to create botnets that they use for their individual illicit activity. Is there any hope of stopping it? Competition may help. A Trojan called SpyEye does much the same thing as ZeuS and comes with a Zeus uninstaller, so if it hits on a machine already enlisted in a ZeuS bot, it can kick out Zeus and claim machine for itself. Of course, the computer is still a bot, just with a different commander. Hier nochmal der Link zum Forum/Thread Bisl sorgen macht mir der vorletzte absatz, das es sich um einen "Rootkit" handeln könnte... Was denk ihr darüber? Gmer log: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 02:44:13
Windows 6.1.7600
Running: vy0p1zbr.exe; Driver: C:\Users\Privat\AppData\Local\Temp\ugryapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8F591420]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8F590270]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8F58F8E0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8F591C60]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8F58FA90]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8F59ECB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8F58F740]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x8F58BDE0]
SSDT 98ADD85C ZwCreateThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8F58DF10]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8F58E900]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8F58F410]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8F590B40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8F59F420]
SSDT 98ADD848 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8F58C080]
SSDT 98ADD84D ZwOpenThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8F5918A0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueryDirectoryFile [0x8F590FB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8F591E00]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x8F590690]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8F58F060]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8F58FE80]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x8F58E6E0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8F58EAA0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8F590A10]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8F58F240]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8F58EE60]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x8F58EC90]
SSDT 98ADD857 ZwTerminateProcess
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8F58E4B0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8F590D70]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8F591A70]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82823AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82823104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828233F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8280C2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8280B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828231DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82823958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828236F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82823F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828241A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 828835C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828A8052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 828AF86C 4 Bytes [20, 14, 59, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 278 828AF878 8 Bytes [70, 02, 59, 8F, E0, F8, 58, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CC 828AF8CC 4 Bytes [60, 1C, 59, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 828AF90C 4 Bytes [90, FA, 58, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 328 828AF928 4 Bytes [B0, EC, 59, 8F]
.text ...
? System32\Drivers\sprk.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload + 1 8A880AD7 4 Bytes JMP 850611D9
.text USBPORT.SYS!DllUnload 8FCD6CA0 5 Bytes JMP 850A24E0
.text agxhrytv.SYS 8FD7600D 9 Bytes [C7, 80, 82, 48, EB, 80, 82, ...]
.text agxhrytv.SYS 8FD76017 95 Bytes [00, DE, 37, 7B, 8A, E6, 35, ...]
.text agxhrytv.SYS 8FD76077 63 Bytes [82, DA, 70, 95, 82, FB, C4, ...]
.text agxhrytv.SYS 8FD760B7 10 Bytes [82, 80, A3, 8A, 82, 40, EB, ...]
.text agxhrytv.SYS 8FD760C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys AAF68C9D 28 Bytes [9E, 50, 06, 12, 2F, 5C, 56, ...]
.text peauth.sys AAF68CC1 28 Bytes [9E, 50, 06, 12, 2F, 5C, 56, ...]
PAGE peauth.sys AAF6EB9B 72 Bytes [4E, 7F, 20, 1A, 68, E4, 39, ...]
PAGE peauth.sys AAF6EBEC 111 Bytes [27, 49, F6, 1C, 39, FC, 0A, ...]
PAGE peauth.sys AAF6EE20 101 Bytes [A6, F1, B1, 94, 25, AD, 73, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskhost.exe[528] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskhost.exe[528] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskhost.exe[528] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskhost.exe[528] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskhost.exe[528] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\taskhost.exe[528] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskhost.exe[528] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\hkcmd.exe[1000] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\hkcmd.exe[1000] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\hkcmd.exe[1000] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\hkcmd.exe[1000] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\hkcmd.exe[1000] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\hkcmd.exe[1000] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\hkcmd.exe[1000] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\Dwm.exe[1808] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[1808] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[1808] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1808] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[1808] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\Dwm.exe[1808] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Dwm.exe[1808] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
.text C:\Windows\Explorer.EXE[1832] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[1832] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[1832] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[1832] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[1832] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Windows\Explorer.EXE[1832] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Windows\Explorer.EXE[1832] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\igfxpers.exe[2080] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\igfxpers.exe[2080] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\igfxpers.exe[2080] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\igfxpers.exe[2080] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\igfxpers.exe[2080] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\igfxpers.exe[2080] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\igfxpers.exe[2080] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] kernel32.dll!LoadLibraryExW 7612B6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] USER32.dll!ExitWindowsEx 760006EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] iphlpapi.dll!IcmpSendEcho2Ex 736B561D 6 Bytes JMP 5F160F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] iphlpapi.dll!IcmpSendEcho 736B67C3 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] iphlpapi.dll!IcmpSendEcho2 736B67F3 6 Bytes JMP 5F130F5A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A6B7042] \SystemRoot\System32\Drivers\sprk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A6B76D6] \SystemRoot\System32\Drivers\sprk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A6B7800] \SystemRoot\System32\Drivers\sprk.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A6B713E] \SystemRoot\System32\Drivers\sprk.sys
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\agxhrytv.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 850681F8
Device \FileSystem\fastfat \FatCdrom 860B51F8
Device \Driver\volmgr \Device\VolMgrControl 850631F8
Device \Driver\usbuhci \Device\USBPDO-0 861811F8
Device \Driver\usbuhci \Device\USBPDO-1 861811F8
Device \Driver\sptd \Device\2660396121 sprk.sys
Device \Driver\usbuhci \Device\USBPDO-2 861811F8
Device \Driver\usbehci \Device\USBPDO-3 86148500
Device \Driver\usbuhci \Device\USBPDO-4 861811F8
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 861811F8
Device \Driver\usbuhci \Device\USBPDO-6 861811F8
Device \Driver\volmgr \Device\HarddiskVolume1 850631F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86148500
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 850631F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 860301F8
Device \Driver\PCI_PNP4119 \Device\00000065 sprk.sys
Device \Driver\volmgr \Device\HarddiskVolume3 850631F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{15834658-2DA4-421A-BF59-E77BDDBB6F9D} 860FE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 850651F8
Device \Driver\atapi \Device\Ide\IdePort0 850651F8
Device \Driver\atapi \Device\Ide\IdePort1 850651F8
Device \Driver\atapi \Device\Ide\IdePort2 850651F8
Device \Driver\atapi \Device\Ide\IdePort3 850651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 850651F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 850661F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 850661F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 850661F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 850661F8
Device \Driver\cdrom \Device\CdRom1 860301F8
Device \Driver\tdx \Device\RawIp6 OAmon.sys
Device \Driver\volmgr \Device\HarddiskVolume4 850631F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 850631F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 860FE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{16830154-C5D3-43A3-A985-41A195B74AA4} 860FE1F8
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{9E6EDBAC-970E-476B-8300-36242DC361FB} 860FE1F8
Device \Driver\usbuhci \Device\USBFDO-0 861811F8
Device \Driver\usbuhci \Device\USBFDO-1 861811F8
Device \Driver\tdx \Device\Udp6 OAmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 861811F8
Device \Driver\usbehci \Device\USBFDO-3 86148500
Device \Driver\usbuhci \Device\USBFDO-4 861811F8
Device \Driver\USBSTOR \Device\0000007e 8509A500
Device \Driver\usbuhci \Device\USBFDO-5 861811F8
Device \Driver\USBSTOR \Device\0000007f 8509A500
Device \Driver\usbuhci \Device\USBFDO-6 861811F8
Device \Driver\usbehci \Device\USBFDO-7 86148500
Device \Driver\agxhrytv \Device\Scsi\agxhrytv1Port4Path0Target0Lun0 862041F8
Device \Driver\agxhrytv \Device\Scsi\agxhrytv1 862041F8
Device \FileSystem\fastfat \Fat 860B51F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\PROGRA~1\MICROS~2\shellext.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1832] 0x6CB80000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x38 0x41 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0xFA 0xFD 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8E 0xF8 0x50 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x38 0x41 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0xFA 0xFD 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8E 0xF8 0x50 0x07 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 44B533DF685E58F460F979AF662B88F2D47BC4972AB84A0B24D17666076FBD502799BD09359CA506890AC414CDF5D7BE4F64E68EDAEFC2D6E72FFE18755FFBC25A45C1D5F471E5A0F6AFA4302E6DE1239ED1DAEC3ECB124D9DE7E182EC97AC720B51FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D14078EDD5E5BE2F6E66714D7BAA21A49C9DFCF46B7BDD9871AE23B40D66CFC06F04D11DF638F1FC83BDE769A5D7CC6ABB8777AA8526530E55D62BCB0548F3BE4CB730E49EF5354F5D9F6B2CBBFF3FCBE2567247309C05B81BE7FF34BEC8E5CBB5E16B2F123F66A8AA846692949F0286584F12638C4344C23058A14972C69FCD7602FA9F3C9B744F96F956083A78F94584E4DFE1D3257D968794674305F571A5C8AAF44827208AA09FB237F404B20F3238024CF5C42763DC1E86A0F4618C1183D9C7B75DFEF10CB541B1F5557E7A35BA41A935F45AB141673251F821B2C453FC558EAD564DAA8B5CAA22E90D773534492A1AE17396563E69685869387B7B33992854AA17D8C60DE2E696A88E2AD9A8CF21F7A052F2FCD1797613327F597141796ED58B6A9A47B1E164A60332D941974A29EF0DB31086EEDB798AA4966ED1D4C16E04A1B00866EB0EB26903080EB21A251B100EF5C35969B0
---- EOF - GMER 1.0.15 ----
Angeblich wurde eine Modifikation gefunden... Danke  Geändert von Slimix87 (20.03.2010 um 02:57 Uhr) |
|
| Themen zu Bot Netzwerk |
| 0 bytes, about, avgnt.exe, bot, botnet, bräuchte, controlset002, crypted, cybercrime, data, download, dwm.exe, encrypted, euren, forum, ics, ide, infected, link, local\temp, locker, modifikation, netzwerk, notification, opera, personal, remote, remote control, rootkit, security, server, spyeye, taskhost.exe, tool, trojan, usbport.sys, verbindung, web, yahoo, zbot, zeus bot |
Linear-Darstellung
