Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-31 13:21:27
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 SanDisk_SD6SB1M128G1002 rev.X231600 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\uxldrpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\WLANExt.exe[1268] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\WLANExt.exe[1268] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\WLANExt.exe[1268] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\WLANExt.exe[1268] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1756] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1756] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1756] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1756] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff800601f6a 4 bytes [60, 00, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1940] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff800601f82 4 bytes [60, 00, F8, 7F]
.text C:\Windows\system32\mfevtps.exe[440] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\mfevtps.exe[440] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\mfevtps.exe[440] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\mfevtps.exe[440] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\System32\svchost.exe[2144] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ff800601f6a 4 bytes [60, 00, F8, 7F]
.text C:\Windows\System32\svchost.exe[2144] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ff800601f82 4 bytes [60, 00, F8, 7F]
.text C:\Windows\System32\svchost.exe[2300] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ff800601f6a 4 bytes [60, 00, F8, 7F]
.text C:\Windows\System32\svchost.exe[2300] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ff800601f82 4 bytes [60, 00, F8, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2320] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2320] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2320] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2320] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2812] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2812] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\EscSvc64.exe[2836] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\EscSvc64.exe[2836] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\EscSvc64.exe[2836] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\EscSvc64.exe[2836] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff80efe169a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff80efe16a2 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff80efe181a 4 bytes [FE, 0E, F8, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff80efe1832 4 bytes [FE, 0E, F8, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff800601f6a 4 bytes [60, 00, F8, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff800601f82 4 bytes [60, 00, F8, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [516:3952] fffff9600096eb90
Thread C:\Windows\system32\svchost.exe [276:672] 00007fffebab38e0
Thread C:\Windows\system32\svchost.exe [276:7404] 00007fffea9210e0
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3992:7056] 00007fffeb47f5f8
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3992:7044] 00007fffeb09bc60
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [4008:6244] 00007fffeb09bc60
Thread C:\Windows\System32\WWAHost.exe [7500:7520] 00007ff810f80310
Thread C:\Windows\System32\WWAHost.exe [7500:7528] 00007ff80d03a1f0
Thread C:\Windows\System32\WWAHost.exe [7500:7548] 00007ff805737d70
Thread C:\Windows\System32\WWAHost.exe [7500:7440] 00007ff80d70cb88
Thread C:\Windows\System32\WWAHost.exe [7500:7464] 00007fffe8b33010
Thread C:\Windows\System32\WWAHost.exe [7500:7552] 00007fffe8b36230
Thread C:\Windows\System32\WWAHost.exe [7500:7460] 00007fffe8c884e0
Thread C:\Windows\System32\WWAHost.exe [7500:7476] 00007fffe8b36230
Thread C:\Windows\System32\WWAHost.exe [7500:7556] 00007ff8108a99b0
Thread C:\Windows\System32\WWAHost.exe [7500:7560] 00007ff8108a99b0
Thread C:\Windows\System32\WWAHost.exe [7500:7564] 00007fffe8b36230
Thread C:\Windows\System32\WWAHost.exe [7500:8052] 00007fffe8b36230
Thread C:\Windows\System32\WWAHost.exe [7500:7580] 00007fffea468b48
Thread C:\Windows\System32\WWAHost.exe [7500:7588] 00007ff810f80310
Thread C:\Windows\System32\WWAHost.exe [7500:7604] 00007ff810f80310
Thread C:\Windows\System32\WWAHost.exe [7500:7584] 00007fffea45d2b0
Thread C:\Windows\System32\WWAHost.exe [7500:7572] 00007ff80f5679b4
Thread C:\Windows\System32\WWAHost.exe [7500:7816] 00007ff80ed8ad30
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [6276] 00000000670d0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [6276] 0000000061d40000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [6276] 0000000068ac0000
Process C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (FILE NOT FOUND) 0000000000400000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 0000000060410000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:44) 0000000060110000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:44) 000000005fd20000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132](2015-01-22 00:58:46) 0000000069690000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (ICU I18N DLL/The ICU Project)(2015-01-22 00:58:45) 000000004a900000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (ICU Common DLL/The ICU Project)(2015-01-22 00:58:45) 0000000004230000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (ICU Data DLL/The ICU Project)(2015-01-22 00:58:45) 000000004ad00000
Library c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhfn2c.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132](2015-01-31 11:53:54) 0000000003d90000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005f600000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e610000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e270000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e010000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e5e0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132](2015-01-22 00:58:46) 0000000060c80000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e5b0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e570000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-22 00:58:45) 000000005e520000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132](2015-01-22 00:58:45) 000000005df30000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [7132](2015-01-22 00:58:45) 000000005e4e0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
31.01.2015, 15:06
Baum-Darstellung