Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GMer Analyse: Haben wir ein Rootkit?

GMer Analyse: Haben wir ein Rootkit?


Log-Analyse und Auswertung: GMer Analyse: Haben wir ein Rootkit?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.03.2015, 14:07   #1
HtHNightwolf
 
GMer Analyse: Haben wir ein Rootkit? - Standard

GMer Analyse: Haben wir ein Rootkit?


Hallo,

in unserer Firma ist es zu einer Sperrung des Internetbankings gekommen. Nach Rücksprache mit der Bank, einem gleichzeitigen Scannen aller PCs und des Servers OFFLINE mit der Kaspersky Boot-CD, anschließend im Windows Malwarebytes und Hitman, dachten wir alles ist behoben.
Dennoch vermerkt die Bank, dass bei denen nicht weiter zu nennender Schädlingsverkehr beim Besuch der OnLine-Banking-Seite bemerkt wird.
Ich scanne die Win7 x64 Systeme momentan erneut mit Malwarebytes und möchte Euch bitten, in den folgenden beiden GMER Logs nach Rootkits zu schauen, da ich diese alleine nicht auswerten kann.
Protokoll 1GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-31 14:52:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\dwa\AppData\Local\Temp\kfloqpob.sys


---- Threads - GMER 2.1 ----

Thread   C:\program files (x86)\ra-micro\ramicronet\ra7.central.mail.receiver.exe [1508:1208]                                                                                                           0000000071fb32fb
Thread   C:\program files (x86)\ra-micro\ramicronet\ra7.central.mail.receiver.exe [1508:1496]                                                                                                           000000007269786a
---- Processes - GMER 2.1 ----

Library  C:\Windows\system32\32OLCALL.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    0000000011000000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                      000000000b720000
Library  C:\Windows\system32\32OL2000.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    000000000c360000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     0000000010000000
Library  C:\Windows\system32\32ol2007.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    000000000c7b0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                000000000edd0000
Library  C:\Windows\system32\32Hook.Dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                      000000000f300000
Library  C:\Windows\system32\32EAkte.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     0000000010750000
Library  C:\Windows\system32\32EATLS.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000000c3f0000
Library  C:\Windows\system32\32EAWEBA.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    0000000018c00000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                         000000000fe50000
Library  C:\Windows\system32\XP.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                          000000001c2c0000
Library  C:\Windows\system32\32EACTRL.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    00000000162b0000
Library  C:\Windows\system32\32AKTEN.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000001efd0000
Library  C:\Windows\system32\32AKTSB.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000001f210000
Library  C:\Windows\system32\32kntx.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                      000000001f230000
Library  C:\Windows\system32\32TV.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                        000000001f7b0000
Library  C:\Windows\system32\32TvWTls.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    000000001f800000
Library  C:\Windows\system32\32tvtx.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                      000000001f820000
Library  C:\Windows\system32\32tvrtf.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000001f8a0000
Library  C:\Windows\system32\32TvTls.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000001f8d0000
Library  C:\Windows\system32\druck32.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     000000001fcf0000
Library  C:\Windows\system32\32komfct.ocx (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    000000001f920000
Library  C:\Windows\system32\32ZH2OCX.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    000000001fe50000
Library  C:\Windows\system32\32EaData.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    0000000020d40000
Library  C:\Windows\system32\32ADRAKT.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    0000000020db0000
Library  C:\Windows\system32\32AKTAB.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     0000000022270000
Library  C:\Windows\system32\32Akten.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     0000000022550000
Library  C:\Windows\system32\32ADRESS.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                    00000000228d0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RAMICRO.CENTRAL.UI.DIALOGS.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                           00000000213b0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.routines.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                 000000001eee0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.logging.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                  0000000010740000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                       000000001efb0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\log4net.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                              00000000214c0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                            00000000210b0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                00000000215d0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RA7.BUSINESS.DOCUMENTMANAGER.COM.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                     000000000aaa0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                         000000001cdd0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.interfaces.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]              0000000011bf0000
Library  C:\Windows\system32\32DRUCK.OCX (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [4660]                                                                     0000000010650000
Library  C:\start\32ra.exe (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                              0000000000400000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                 0000000011000000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                           0000000002af0000
Library  C:\Windows\system32\32PARAM.DLL (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                0000000003040000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RAMICRO.COMHELPER2.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                              0000000004b70000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.common.dropbox.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                              0000000007710000
Library  C:\Program Files (x86)\ra-micro\ramicronet\DropNet.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                         0000000004b80000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.routines.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                            0000000007a80000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.logging.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                             0000000002a20000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                  0000000007b50000
Library  C:\Program Files (x86)\ra-micro\ramicronet\log4net.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                         0000000007c90000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                       0000000007cf0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                           00000000030c0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra.ewf.common.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                   00000000032e0000
Library  C:\Windows\system32\32EATLS.DLL (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                0000000008ba0000
Library  C:\Windows\system32\32EAkte.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                0000000008d90000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RA7.CENTRAL.ROUTINES.COM.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                        0000000007fe0000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                    0000000008ca0000
Library  C:\Windows\system32\XP.OCX (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                     000000000a010000
Library  C:\Windows\system32\32DRUCK.OCX (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                000000000a110000
Library  C:\Windows\system32\druck32.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                0000000003230000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RAMICRO.RABOX.COM.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                               000000000a250000
Library  C:\Program Files (x86)\ra-micro\ramicronet\Ramicro.RaBox.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                   000000000b9f0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.stammdaten.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                         000000000c1d0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.user.interface.components.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                           000000000c550000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ramicro.DropBox.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                 000000000b140000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.compression.SharpZip.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                000000000b150000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RAMICRO.CENTRAL.UI.DIALOGS.dll (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                      000000000b3f0000
Library  C:\Windows\system32\32ADRESS.DLL (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                               000000000b7a0000
Library  C:\Windows\system32\32AKTEN.OCX (*** suspicious ***) @ C:\start\32ra.exe [4324]                                                                                                                00000000074d0000
Library  C:\Windows\SysWOW64\32ELOZIP.EXE (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                0000000000400000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                  0000000011000000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                 0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                            0000000003f60000
Library  C:\Windows\system32\32CTRL.OCX (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                  0000000006ee0000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                     00000000070f0000
Library  C:\Windows\system32\32TV.OCX (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                    00000000071d0000
Library  C:\Windows\system32\32TvWTls.DLL (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                0000000007220000
Library  C:\Windows\system32\32tvtx.DLL (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                  00000000073e0000
Library  C:\Windows\system32\32tvrtf.dll (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                 0000000007240000
Library  C:\Windows\system32\32TvTls.DLL (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                 0000000007260000
Library  C:\Windows\SysWOW64\druck32.dll (*** suspicious ***) @ C:\Windows\SysWOW64\32ELOZIP.EXE [4792]                                                                                                 00000000076d0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                                    0000000000400000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                          0000000002630000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                     00000000051d0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.ramessagelistener.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                      0000000002770000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.routines.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                               00000000056d0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.business.documentmanager.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                       0000000005890000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.logging.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                                0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\log4net.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                                            0000000005ca0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                              0000000006bf0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.generic.output.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                         0000000006c60000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.business.e-postfach.framework.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                  0000000006d60000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.business.dms.applogic.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                          0000000006de0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.business.documentmanager.interfaces.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]            00000000028f0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.compression.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                            0000000005190000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.generic.output.Interfaces.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]              00000000051c0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.business.dms.fulltext.lucene2-9.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                0000000007460000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ramicro.Lucene.Net.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\RAPDFErstellung.exe [4712]                                 000000000d690000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra.dienste.starter.exe (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\ra.dienste.starter.exe [1500]                              0000000000400000
Library  C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                      0000000000400000
Library  C:\program files (x86)\ra-micro\ramicronet\Ramicro.RaBox.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                               0000000010000000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.routines.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                        0000000002a40000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]              0000000004c10000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                   0000000004c50000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.business.stammdaten.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                     0000000006490000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.logging.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                         0000000006750000
Library  C:\program files (x86)\ra-micro\ramicronet\log4net.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                                     0000000006850000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                       0000000007370000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.user.interface.components.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]       00000000077e0000
Library  C:\program files (x86)\ra-micro\ramicronet\ramicro.DropBox.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]                             0000000004cc0000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.compression.SharpZip.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ramicro.rabox.exporter.exe [4608]            0000000007610000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.mail.receiver.exe (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.central.mail.receiver.exe [1508]                0000000000400000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]  0000000000400000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.routines.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]              0000000006440000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.logging.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]               0000000010000000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]    0000000006100000
Library  C:\program files (x86)\ra-micro\ramicronet\log4net.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]                           0000000006040000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]         0000000006090000
Library  C:\program files (x86)\ra-micro\ramicronet\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\program files (x86)\ra-micro\ramicronet\ra7.communication.directmessages.exe [4920]             0000000008180000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                  0000000000400000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.vbnet.applications.extension.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]  0000000002540000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.trace.utility.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                 00000000024b0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.global.definitions.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]            0000000002770000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.routines.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                      0000000005620000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.ramessagelistener.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]             0000000005740000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.generic.output.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                0000000005770000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.logging.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                       0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\log4net.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                                   0000000005bb0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.wsadapter.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                     00000000068f0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.generic.output.Interfaces.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]     0000000005990000
Library  C:\Windows\system32\druck32.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                                                          0000000005100000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\TXTextControl.Windows.Forms.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]               0000000005b70000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\TXTextControl.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                             0000000008000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\txkernel.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                                  000000000a0c0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\txtools.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                                   0000000009600000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\rae.Common.PDFConverter.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                   000000000a680000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\PdfMetamorphosis.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                          000000000ad50000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\PDFVision.dll (*** suspicious ***) @ C:\Program Files (x86)\ra-micro\RAMICRONET\7.central.generic.output.exe [4020]                                 000000000aef0000
Library  c:\ra\winexe\32akto.exe (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                                  0000000000400000
Library  C:\Windows\system32\32FibuFW.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                         0000000011000000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                           00000000005e0000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                          0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                     0000000000f40000
Library  C:\Windows\system32\32EAkte.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                          0000000007150000
Library  C:\Windows\system32\32EATLS.DLL (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                          0000000007240000
Library  C:\Windows\system32\32dmenue.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                         0000000008d70000
Library  c:\ra\winexe\rmx.men.menu.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                            0000000009060000
Library  c:\ra\winexe\ra7.central.trace.utility.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                               00000000040d0000
Library  c:\ra\winexe\ra7.central.global.definitions.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                          0000000007980000
Library  c:\ra\winexe\ra7.central.routines.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                    0000000009530000
Library  c:\ra\winexe\ra7.central.user.interface.components.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                   00000000096f0000
Library  c:\ra\winexe\ra7.central.logging.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                     0000000003040000
Library  c:\ra\winexe\log4net.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                                 0000000009be0000
Library  c:\ra\winexe\ra7.central.wsadapter.dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                   000000000a890000
Library  C:\Windows\system32\32BUCHEN.DLL (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                         000000000b130000
Library  C:\Windows\system32\XP.OCX (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                               000000000b490000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                              000000000b3e0000
Library  C:\Windows\system32\32AKTEN.OCX (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                          000000000baf0000
Library  C:\Windows\system32\32Hook.Dll (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                           000000000bc30000
Library  C:\Windows\system32\32ADRESS.DLL (*** suspicious ***) @ c:\ra\winexe\32akto.exe [6060]                                                                                                         000000000bf80000
Library  c:\ra\winexe\32gebneu.exe (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                              0000000000400000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                         0000000011000000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        0000000010000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                   0000000002810000
Library  C:\Windows\system32\XP.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                             0000000008270000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                            0000000008330000
Library  C:\Windows\system32\32BILANZ.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000009220000
Library  C:\Windows\system32\32dmenue.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000009530000
Library  c:\ra\winexe\rmx.men.menu.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                          0000000009730000
Library  c:\ra\winexe\ra7.central.trace.utility.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                             00000000099b0000
Library  c:\ra\winexe\ra7.central.global.definitions.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                        00000000099d0000
Library  c:\ra\winexe\ra7.central.routines.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                  0000000009f20000
Library  c:\ra\winexe\ra7.central.user.interface.components.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                 000000000a0e0000
Library  c:\ra\winexe\ra7.central.logging.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                   0000000009660000
Library  c:\ra\winexe\log4net.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                               000000000a600000
Library  c:\ra\winexe\ra7.central.wsadapter.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                 000000000a7e0000
Library  C:\Windows\system32\32Akten.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        0000000022000000
Library  C:\Windows\system32\32ADRESS.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       000000000b7a0000
Library  C:\Windows\system32\32ABTree.ocx (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000002e40000
Library  C:\Windows\system32\32AKTEN.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        00000000090a0000
Library  C:\Windows\system32\32DRUCK.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        00000000091a0000
Library  C:\Windows\system32\32Hook.Dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                         000000000ba50000
Library  C:\Windows\system32\32DMOCX.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        000000000ba90000
Library  C:\Windows\system32\32CTRL.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                         000000000bac0000
Library  C:\Windows\system32\druck32.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        000000000c1f0000
Library  C:\Windows\system32\32TvWTls.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       000000000c260000
Library  C:\Windows\system32\32tvtx.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                         000000000cbb0000
Library  C:\Windows\system32\32tvrtf.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        000000000c280000
Library  C:\Windows\system32\32TvTls.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        000000000cd50000
Library  C:\Windows\system32\32HALTER.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000002c40000
Library  C:\Windows\system32\32BUCHEN.DLL (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       000000000fb80000
Library  C:\Windows\system32\32FibuFW.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000009fe0000
Library  C:\Windows\system32\32BKLIST.OCX (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                       0000000002ec0000
Library  C:\Windows\system32\32EAkte.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                        000000000b940000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RA7.CENTRAL.GENERIC.OUTPUT.COM.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                          0000000009190000
Library  c:\ra\winexe\ra7.central.generic.output.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                            000000000a4b0000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\ra7.central.generic.output.Interfaces.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                   0000000009710000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RA7.BUSINESS.DOCUMENTMANAGER.COM.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                        000000000a0b0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                            000000000b260000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.interfaces.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                 000000000a5d0000
Library  c:\ra\winexe\ra7.central.compression.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                               000000000dab0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.dms.fulltext.lucene2-9.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                     000000000daf0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ramicro.Lucene.Net.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                      0000000010e60000
Library  c:\ra\winexe\ra7.central.Core.dll (*** suspicious ***) @ c:\ra\winexe\32gebneu.exe [5720]                                                                                                      0000000002ce0000
Library  C:\Windows\system32\32WW2007.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000001fee0000
Library  C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     0000000010000000
Library  C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                      0000000011000000
Library  C:\Program Files (x86)\ra-micro\RAMICRONET\RAMICRO2.WIN.RACrypto.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                00000000078b0000
Library  C:\Windows\system32\32TXWAHL.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000000ac60000
Library  C:\Windows\system32\32DRUCK.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     000000000aea0000
Library  C:\Windows\system32\32WW2000.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    0000000002f10000
Library  C:\Windows\system32\druck32.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     000000000af00000
Library  C:\Windows\system32\32EAWEBA.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000000afc0000
Library  C:\DictaNet\DNCom.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                               000000000b2d0000
Library  C:\Windows\system32\32EAkte.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     000000000c550000
Library  C:\Windows\system32\32EATLS.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     000000000c6f0000
Library  C:\Windows\system32\32CALLWW.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    0000000005350000
Library  C:\Windows\system32\XP2.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                         000000000ef00000
Library  C:\Windows\system32\XP.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                          000000000fe50000
Library  C:\Windows\system32\32Akten.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     0000000022000000
Library  C:\Windows\system32\32EGVP.ocx (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                      000000000c450000
Library  C:\Windows\system32\32Hook.Dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                      000000000ed50000
Library  C:\Windows\system32\32AKTEN.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     0000000013200000
Library  C:\Windows\system32\32EACTRL.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000000ff90000
Library  C:\Windows\system32\32AKTSB.OCX (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     0000000014380000
Library  C:\Windows\system32\32ADRESS.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    00000000146b0000
Library  C:\Windows\system32\32EaData.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    00000000148a0000
Library  C:\Windows\system32\32DOKUVW.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    0000000018fe0000
Library  C:\Windows\system32\32ADRAKT.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    0000000018d50000
Library  C:\Windows\system32\32AKTAB.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                     0000000019c90000
Library  C:\Program Files (x86)\ra-micro\ramicronet\RA7.BUSINESS.DOCUMENTMANAGER.COM.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                     0000000012640000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                         0000000014510000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.routines.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                 0000000018ca0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.global.definitions.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                       00000000131c0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.logging.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                  0000000014670000
Library  C:\Program Files (x86)\ra-micro\ramicronet\log4net.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                              0000000019a90000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.trace.utility.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                            0000000018d40000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.central.wsadapter.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                000000001a1d0000
Library  C:\Program Files (x86)\ra-micro\ramicronet\ra7.business.documentmanager.interfaces.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]              000000000a590000
Library  C:\Windows\system32\32BRIEFE.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000000a6c0000
Library  C:\Windows\system32\32ABTree.ocx (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    000000000a5b0000
Library  C:\Windows\system32\32kntx.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                      0000000002940000
Library  C:\Windows\system32\32alte.dll (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                      000000001cde0000
Library  C:\Windows\system32\32HALTER.DLL (*** suspicious ***) @ c:\program files (x86)\microsoft office\office14\winword.exe [2688]                                                                    0000000014920000

---- EOF - GMER 2.1 ----
--- --- ---

Protokoll 2
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-31 15:01:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3160318AS rev.CC44 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\HWU~1.GAP\AppData\Local\Temp\fwdoqpob.sys


---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\explorer.exe [872:3480] 0000000000256e54
Thread C:\Windows\SysWOW64\explorer.exe [872:3816] 00000000002472e4
Thread C:\Windows\SysWOW64\explorer.exe [872:1452] 0000000000256c80
---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop_ResDEU.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2920] 0000000073950000
Library C:\Windows\system32\32OLCALL.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [3896] 0000000011000000
Library C:\Windows\system32\RAMAIN.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [3896] 0000000005130000
Library C:\Windows\system32\32OL2000.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [3896] 000000000ace0000
Library C:\Windows\system32\RAMAINC.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [3896] 0000000010000000
Library C:\Windows\system32\32ol2007.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [3896] 000000000b340000


Dies sind die beiden PCs, die Banking durchführen.
Vielen Dank schonmal im Vorwege

 

Themen zu GMer Analyse: Haben wir ein Rootkit?
appdata, auswerten, banking, c:\windows, driver, explorer.exe, folge, gmer, gmer log auswertung, harddisk, kaspersky, log auswerten, malwarebytes, microsoft, office, offline, pcs, rootkit, rootkits, scan, scannen, start, system32, systeme, tan, temp, win7, windows


« HPNotify.exe lässt sich nicht entfernen | Windows 7: Trojaner artemis!E* wird bei fast jedem Scan auf meinem PC gefunden »


Ähnliche Themen: GMer Analyse: Haben wir ein Rootkit?


  1. GMER Logfile - bitte um Analyse
    Log-Analyse und Auswertung - 19.05.2015 (11)
  2. GMER-Rootkit-Analyse !
    Log-Analyse und Auswertung - 05.11.2014 (6)
  3. GMER - Rootkit - Analayse
    Log-Analyse und Auswertung - 09.07.2014 (3)
  4. gmer log bei rootkit
    Log-Analyse und Auswertung - 21.12.2013 (7)
  5. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  6. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  7. Möglicherweise Rootkit - GMER Logfile Analyse
    Log-Analyse und Auswertung - 18.12.2012 (6)
  8. Bitte um Analyse Gmer Logfile
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. GMER hat Rootkit gefunden (vdrv1000.sys)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (5)
  10. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  11. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  12. GMER hat Rootkit gefunden!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2010 (1)
  13. Rootkit mit Gmer gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (5)
  14. Rootkit? (Bisher nur gmer-Log)
    Mülltonne - 08.02.2010 (2)
  15. Rootkit Untersuchung mit GMER
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (5)
  16. Frage zu GMER Rootkit Scan
    Antiviren-, Firewall- und andere Schutzprogramme - 17.02.2009 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GMer Analyse: Haben wir ein Rootkit? - Hallo, in unserer Firma ist es zu einer Sperrung des Internetbankings gekommen. Nach Rücksprache mit der Bank, einem gleichzeitigen Scannen aller PCs und des Servers OFFLINE mit der Kaspersky Boot-CD, - GMer Analyse: Haben wir ein Rootkit?...
Archiv
Du betrachtest: GMer Analyse: Haben wir ein Rootkit? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131