html/crypted.gen + runtime 226

Dela · 07.06.2011, 20:09

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-07 21:08:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: nediuh95.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- Kernel code sections - GMER 1.0.15 ----

?               System32\drivers\ivpqh.sys                                                                       Das System kann den angegebenen Pfad nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Daniel\AppData\Local\Temp\catchme.sys                                                   Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\SLsvc.exe[1504] ntdll.dll!NtCreateKey                                        776A4264 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\SLsvc.exe[1504] ntdll.dll!NtCreateKey + 4                                    776A4268 2 Bytes  [17, 5F] {POP SS; POP EDI}
.text           C:\Windows\system32\SLsvc.exe[1504] ntdll.dll!NtSetValueKey                                      776A52A4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\SLsvc.exe[1504] ntdll.dll!NtSetValueKey + 4                                  776A52A8 2 Bytes  [14, 5F] {ADC AL, 0x5f}
.text           C:\Windows\system32\SLsvc.exe[1504] kernel32.dll!CreateProcessW                                  76D81BF3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] kernel32.dll!CreateProcessA                                  76D81C28 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] kernel32.dll!LoadLibraryExW                                  76DA9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] ADVAPI32.dll!CreateProcessAsUserW                            77401EE9 6 Bytes  JMP 5F100F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] ADVAPI32.dll!CreateServiceW                                  77429EB4 6 Bytes  JMP 5F1C0F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] ADVAPI32.dll!CreateProcessWithLogonW                         774480C1 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\SLsvc.exe[1504] ADVAPI32.dll!CreateServiceA                                  774672A1 6 Bytes  JMP 5F190F5A 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186849867                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186849867@001e4508937e         0xC2 0xB7 0x49 0x91 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186849867 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186849867@001e4508937e             0xC2 0xB7 0x49 0x91 ...

---- EOF - GMER 1.0.15 ----

html/crypted.gen + runtime 226

Plagegeister aller Art und deren Bekämpfung: html/crypted.gen + runtime 226

html/crypted.gen + runtime 226

Ähnliche Themen: html/crypted.gen + runtime 226