tr crypt.xpack.gen

andreas22222 · 20.08.2011, 09:19

zuerst einmal GMER log:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-20 10:17:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350032 rev.SN04
Running: nv7p16lo.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys


---- System - GMER 1.0.15 ----

SSDT            9CA2EE3C                                                                                                     ZwCreateThread
SSDT            9CA2EE28                                                                                                     ZwOpenProcess
SSDT            9CA2EE2D                                                                                                     ZwOpenThread
SSDT            9CA2EE37                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                              820B8A78 4 Bytes  [3C, EE, A2, 9C]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                              820B8C48 4 Bytes  [28, EE, A2, 9C]
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                              820B8C64 4 Bytes  [2D, EE, A2, 9C]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                              820B8E78 4 Bytes  [37, EE, A2, 9C]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                     section is writeable [0x8C006340, 0x35AB87, 0xE8000020]
                C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                entry point in "" section [0x881BE000]
.clc            C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                unknown last section [0x881BF000, 0x1000, 0x00000000]
                C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 entry point in "" section [0x881BE000]
.clc            C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 unknown last section [0x881BF000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                        [737D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                         [738198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                     [737DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]               [737CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                         [737D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                      [737CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]          [7380B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]             [737DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                     [737D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                      [737D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                       [737C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]               [7385D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                  [737F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                     [737CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                               [737C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                              [737C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                 [737D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j!  19583823

---- EOF - GMER 1.0.15 ----

--- --- ---

das andere folgt in kürze

tr crypt.xpack.gen

Log-Analyse und Auswertung: tr crypt.xpack.gen

tr crypt.xpack.gen

Ähnliche Themen: tr crypt.xpack.gen