| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 153 Rootkits (Flashplayer?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.11.2007, 18:43
| #1 | |
| /// AVZ-Toolkit Guru   |  153 Rootkits (Flashplayer?)Zitat:
Evtl. solltest du deine Acc sperren lassen..
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
03.11.2007, 19:35
| #2 |
| | 153 Rootkits (Flashplayer?) So, hier der GMER Bericht:
__________________GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-11-03 19:30:08 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx SSDT B74AB4EC ZwCreateThread SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey SSDT B74AB4D8 ZwOpenProcess SSDT B74AB4DD ZwOpenThread SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwTerminateProcess SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.13 ---- ? avgarkt.sys Das System kann die angegebene Datei nicht finden. ? System32\DRIVERS\AvgArCln.sys Das System kann die angegebene Datei nicht finden. ? C:\WINDOWS\system32\AE.tmp Das System kann die angegebene Datei nicht finden. ---- User code sections - GMER 1.0.13 ---- .text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[124] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004B2B80 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe .text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[2028] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004B2B80 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 10042930 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 10042970 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 1004D770 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 1004D6C0 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!ShowScrollBar 7E37F2B3 5 Bytes JMP 1004D840 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 1004D700 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 1004D7B0 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 1004D730 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 1004D7F0 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!DrawFrameControl 7E38E907 7 Bytes JMP 10041B50 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll .text C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe[2468] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 1004D680 C:\Programme\Tobit ClipInc\Player\TOBITCLT.dll ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\explorer.exe[5364] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F74AF454] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B578DBC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B578DBC0] ikfileflt.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B7243E85] sm.sys
__________________ |
|
| Themen zu 153 Rootkits (Flashplayer?) |
| ?????, adobe, adobe flashplayer, brauch, confused, daten, deinstallation, files, immer wieder, inspector, installiert, java, komplett, leute, macromedia, neu, neues, ordner, personal, personal software inspector, programm, programme, rootkits, scan, secunia, secunia personal software inspector, seite, software, sophos, sophos anti-rootkit, stimme, stimmen, temp, temp ordner, web |
Hybrid-Darstellung
