| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit gefunden. Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2009, 10:53
| #1 |
 |  Rootkit gefunden. Was tun? Hallo, ich habe gerade schon einen PC in Arbeit, da hier ein Trojaner aufgetaucht ist. Habe deshalb mit diesem PC das Internet gar nicht mehr benutzt und mit einem anderen alles hier gelesen. Habe dann auch hier die Programme mitlaufen lassen und dann zeigt es mir an, dass ich einen Rootkit hätte. Ich habe das gmer-Programm drüberlaufen lassen und dann kam folgendes bei raus: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-27 18:23:37
Windows 6.0.6001 Service Pack 1
Running: ilfmjif8.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\fxldipod.sys
---- System - GMER 1.0.15 ----
SSDT 9BB1B8F4 ZwCreateThread
SSDT 9BB1B8E0 ZwOpenProcess
SSDT 9BB1B8E5 ZwOpenThread
SSDT 9BB1B8EF ZwTerminateProcess
SSDT 9BB1B8EA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 822C3A18 4 Bytes [F4, B8, B1, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 624 822C3BE8 4 Bytes [E0, B8, B1, 9B] {LOOPNZ 0xffffffffffffffba; MOV CL, 0x9b}
.text ntkrnlpa.exe!KeSetTimerEx + 640 822C3C04 4 Bytes [E5, B8, B1, 9B] {IN EAX, 0xb8; MOV CL, 0x9b}
.text ntkrnlpa.exe!KeSetTimerEx + 854 822C3E18 4 Bytes [EF, B8, B1, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 822C3E78 4 Bytes JMP 909BB1B8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E40B340, 0x3E9407, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00602F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00602D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00602CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00602CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00222F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00222D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00222CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00222CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00202F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00202D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00202CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00202CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01F52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01722F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01722D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01722CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01722CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00352F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00352D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00352CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00352CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740488B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740898A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74047A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7407B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7404BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7404074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740406B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740371B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740CD848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74067379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7403E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7403697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740369A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74042465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [005B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [005B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [005B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [005B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00462F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00462D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00462CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]
|
|
28.12.2009, 10:54
| #2 |
| | Rootkit gefunden. Was tun?Code:
ATTFilter IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000067 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2110761896
Process (*** hidden *** ) -2072500184
Process (*** hidden *** ) -2072491856
Process (*** hidden *** ) -2066740408
Process (*** hidden *** ) -2066543760
Process (*** hidden *** ) -2064715592
Process (*** hidden *** ) -2064378968
Process (*** hidden *** ) -2062604464
Process (*** hidden *** ) -2062250496
Process (*** hidden *** ) -2062046472
Process (*** hidden *** ) -2061828608
Process (*** hidden *** ) -2058841928
Process (*** hidden *** ) -2058818944
Process (*** hidden *** ) -2058742992
Process (*** hidden *** ) -2046897992
Process (*** hidden *** ) -2046221568
Process (*** hidden *** ) -2045981480
Process (*** hidden *** ) -2045815168
Process (*** hidden *** ) -2045456896
Process (*** hidden *** ) -2044868848
Process (*** hidden *** ) -2041971368
Process (*** hidden *** ) -2041316008
Process (*** hidden *** ) -2039608704
Process (*** hidden *** ) -2033949696
Process (*** hidden *** ) -2033834120
Process (*** hidden *** ) -2033828992
Process (*** hidden *** ) -2031142960
Process (*** hidden *** ) -2031107912
Process (*** hidden *** ) -2030949520
Process (*** hidden *** ) -2030907224
Process (*** hidden *** ) -2030905008
Process (*** hidden *** ) -2030693632
Process (*** hidden *** ) -2029548200
Process (*** hidden *** ) -2020650824
Process (*** hidden *** ) -2020642632
Process (*** hidden *** ) -2020635832
Process (*** hidden *** ) -2020635136
Process (*** hidden *** ) -2019575448
Process (*** hidden *** ) -2018293432
Process (*** hidden *** ) -2017537584
Process (*** hidden *** ) -2017533768
Process (*** hidden *** ) -2017285664
Process (*** hidden *** ) -2017145344
Process (*** hidden *** ) -2012981344
Process (*** hidden *** ) -2012131144
Process (*** hidden *** ) -2012090184
Process (*** hidden *** ) -2011407072
Process (*** hidden *** ) -2010998664
Process (*** hidden *** ) -2010984264
Process (*** hidden *** ) -2010815696
Process (*** hidden *** ) -2010753400
Process (*** hidden *** ) -2010637312
Process (*** hidden *** ) -2010598360
Process (*** hidden *** ) -2010562376
Process (*** hidden *** ) -2010556920
Process (*** hidden *** ) -2010500936
Process (*** hidden *** ) -2010500168
Process (*** hidden *** ) -2010401792
Process (*** hidden *** ) -2010218312
Process (*** hidden *** ) -2009900736
Process (*** hidden *** ) -2009873184
Process (*** hidden *** ) -2009816320
Process (*** hidden *** ) -2009730888
Process (*** hidden *** ) -2009706312
Process (*** hidden *** ) -2009702912
Process (*** hidden *** ) -2009680216
Process (*** hidden *** ) -2009612800
Process (*** hidden *** ) -2009567048
Process (*** hidden *** ) -2009521992
Process (*** hidden *** ) -2009304904
Process (*** hidden *** ) -2009203480
Process (*** hidden *** ) -2008867720
Process (*** hidden *** ) -2008809288
Process (*** hidden *** ) -2008764232
Process (*** hidden *** ) -2008492552
Process (*** hidden *** ) -2008485704
Process (*** hidden *** ) -2008453632
Process (*** hidden *** ) -2008440120
Process (*** hidden *** ) -2008390232
Process (*** hidden *** ) -2008384696
Process (*** hidden *** ) -2008375808
Process (*** hidden *** ) -2008366920
Process (*** hidden *** ) -2008119008
Process (*** hidden *** ) -2008112968
Process (*** hidden *** ) -2008045120
Process (*** hidden *** ) -2008040936
Process (*** hidden *** ) -2007985008
Process (*** hidden *** ) -2007765504
Process (*** hidden *** ) -2007747928
Process (*** hidden *** ) -2007568200
Process (*** hidden *** ) -2007419744
Process (*** hidden *** ) -2007410824
Process (*** hidden *** ) -2007379784
Process (*** hidden *** ) -2007324200
Process (*** hidden *** ) -2007276528
Process (*** hidden *** ) -2007235040
Process (*** hidden *** ) -2007183872
Process (*** hidden *** ) -2007018000
Process (*** hidden *** ) -2007001272
Process (*** hidden *** ) -2006968872
Process (*** hidden *** ) -2006968176
Process (*** hidden *** ) -2006963712
Process (*** hidden *** ) -2006944272
Process (*** hidden *** ) -2006925128
Process (*** hidden *** ) -2006924232
Process (*** hidden *** ) -2006841440
Process (*** hidden *** ) -2006673624
Process (*** hidden *** ) -2006636448
Process (*** hidden *** ) -2006624480
Process (*** hidden *** ) -2006616176
Process (*** hidden *** ) -2006544200
Process (*** hidden *** ) -2006474568
Process (*** hidden *** ) -2006393344
Process (*** hidden *** ) -2006199648
Process (*** hidden *** ) -2006073856
Process (*** hidden *** ) -2005463552
Process (*** hidden *** ) -2005339184
Process (*** hidden *** ) -2005151560
Process (*** hidden *** ) -2004967240
Process (*** hidden *** ) -2004900992
Process (*** hidden *** ) -2004835024
Process (*** hidden *** ) -2004818848
Process (*** hidden *** ) -2004800000
Process (*** hidden *** ) -2004753208
Process (*** hidden *** ) -2004731432
Process (*** hidden *** ) -2004713288
Process (*** hidden *** ) -2004669168
Process (*** hidden *** ) -2004625264
Process (*** hidden *** ) -2004604464
Process (*** hidden *** ) -2004356344
Process (*** hidden *** ) -2004307784
Process (*** hidden *** ) -2004283208
Process (*** hidden *** ) -2004219064
Process (*** hidden *** ) -2004217672
Process (*** hidden *** ) -2004086600
Process (*** hidden *** ) -2003100368
Process (*** hidden *** ) -1991642952
Process (*** hidden *** ) -1986396880
Process (*** hidden *** ) -1231163208
Process (*** hidden *** ) -1228671584
Process (*** hidden *** ) -1174144832
Process (*** hidden *** ) -1141507784
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Rootkit gefunden. Was tun? |
| .dll, antivir, appdata, avg, avgnt.exe, avira, c:\windows\system32\rundll32.exe, desktop, down, dwm.exe, explorer.exe, folge, google, helper, ics, internet, java, jucheck.exe, jusched.exe, local\temp, ntdll.dll, nvlddmkm.sys, programme, rootkit, rundll, rundll32.exe, scan, skype.exe, studio, system, system32, temp, trojaner, was tun, was tun?, wuauclt.exe |
Linear-Darstellung
