| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 153 Rootkits (Flashplayer?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.11.2007, 19:36
| #8 |
| |  153 Rootkits (Flashplayer?) AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B7243E85] sm.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B7243E85] sm.sys ---- Processes - GMER 1.0.13 ---- Library C:\Dokumente (*** hidden *** ) @ C:\Dokumente [4168] 0x00400000 ---- Registry - GMER 1.0.13 ---- Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... Reg \Registry\USER\S-1-5-21-661686477-3163246388-2676485741-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x37 0x4F 0x32 0xA5 ... Reg \Registry\USER\S-1-5-21-661686477-3163246388-2676485741-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x98 0x92 0x76 0xC1 ... ---- EOF - GMER 1.0.13 ----
__________________ Ich habe keine Vorurteile, ich hasse Alle!  Anleitungen: HijackThis Logfile posten EScan Scann |
| Themen zu 153 Rootkits (Flashplayer?) |
| ?????, adobe, adobe flashplayer, brauch, confused, daten, deinstallation, files, immer wieder, inspector, installiert, java, komplett, leute, macromedia, neu, neues, ordner, personal, personal software inspector, programm, programme, rootkits, scan, secunia, secunia personal software inspector, seite, software, sophos, sophos anti-rootkit, stimme, stimmen, temp, temp ordner, web |
Baum-Darstellung