| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 153 Rootkits (Flashplayer?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.11.2007, 18:04
| #12 |
| |  153 Rootkits (Flashplayer?) Sry, ich meinte natürlich Panda Antirootkit hat nichts gefunde. Hier der Scan von GMer: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-11-07 17:54:04 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT F7A92264 ZwCreateThread SSDT F7A92250 ZwOpenProcess SSDT F7A92255 ZwOpenThread SSDT F7A9225F ZwTerminateProcess SSDT F7A9225A ZwWriteVirtualMemory ---- User code sections - GMER 1.0.13 ---- .text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1924] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004B2B80 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe .text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1952] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004B2B80 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll ---- Devices - GMER 1.0.13 ---- AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F74AF454] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F74AF1DE] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F74A2F4C] fltMgr.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F74A2F4C] fltMgr.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B6E81E85] sm.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B6E81E85] sm.sys
__________________ Ich habe keine Vorurteile, ich hasse Alle!  Anleitungen: HijackThis Logfile posten EScan Scann |
| Themen zu 153 Rootkits (Flashplayer?) |
| ?????, adobe, adobe flashplayer, brauch, confused, daten, deinstallation, files, immer wieder, inspector, installiert, java, komplett, leute, macromedia, neu, neues, ordner, personal, personal software inspector, programm, programme, rootkits, scan, secunia, secunia personal software inspector, seite, software, sophos, sophos anti-rootkit, stimme, stimmen, temp, temp ordner, web |
Baum-Darstellung