Nach Angriff von User Protection funktioniert das Sicherheitscenter weiterhin nicht

Badelatsche

Hallo Julian, liebe Borad-Crew!

Hier das Gmer-log:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-02 20:52:00
Windows 6.0.6002 Service Pack 2
Running: yj1tkgx5.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\kwldypob.sys


---- System - GMER 1.0.15 ----

SSDT A800BA4B ZwLoadDriver
SSDT A800BA50 ZwSetSystemInformation
SSDT A800BA0F ZwTerminateProcess
SSDT A800BA0A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 37D 822F0AE0 4 Bytes [4B, BA, 00, A8]
.text ntkrnlpa.exe!KeSetEvent + 5DD 822F0D40 4 Bytes [50, BA, 00, A8]
.text ntkrnlpa.exe!KeSetEvent + 621 822F0D84 4 Bytes [0F, BA, 00, A8]
.text ntkrnlpa.exe!KeSetEvent + 681 822F0DE4 4 Bytes [0A, BA, 00, A8]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87F55480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87F96900, 0x3CA, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73777817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [737CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7377BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7376F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7376E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [737A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7377DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7376FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7376FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [737FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7379C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7376D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73766853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7376687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73772AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----