Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ist mein System von Rootkits verseucht?!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2009, 21:08   #1
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Hallo.
Bitte um Hilfe. Habe das Programm: "rootkit revealer" auf meinem PC laufen lassen mit dem Ergebniss, dass mehrere Einträge gefunden worden. Da ich aber nicht weiss ob es sich hier um wirkliche Rootkits handelt bitte ich um eure Hilfe. Merkwürdig ist es auch, dass schon zum zweiten mal plötzlich das Programm "Hijackthis" von meinem PC verschwunden ist, ohne das ich es deinstallierte.
Die Angaben zu meinem System:
Windows XP Home Edition.
Anbei das log von *** und Rootkitrevealer.

Logfile of Trend Micro ***This v2.0.2
Scan saved at 21:32:39, on 11.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAMME\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\a-squared ****\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\System Control Manager\MSIService.exe
C:\Programme\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Programme\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
C:\Programme\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Programme\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Programme\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Programme\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\programme\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\System Control Manager\MGSysCtrl.exe
C:\PROGRAMME\A-SQUARED *****\a2guard.exe
C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\IObit\Advanced SystemCare 3\AWC.exe
C:\Programme\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Panda Security\Panda Internet Security 2009\PavJobs.exe
C:\DOKUME~1\\LOKALE~1\Temp\Temporäres Verzeichnis 2 für RootkitRevealer.zip\RootkitRevealer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOKUME~1\\LOKALE~1\Temp\Temporäres Verzeichnis 4 für RootkitRevealer.zip\RootkitRevealer.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\Trend Micro\****\****.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.targa.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programme\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241467984640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244644993109
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: JDZXPCBGCK - Sysinternals - www.sysinternals.com - C:\DOKUME~1\...\LOKALE~1\Temp\JDZXPCBGCK.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programme\System Control Manager\MSIService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programme\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: RDFFA - Sysinternals - www.sysinternals.com - C:\DOKUME~1\Lord\LOKALE~1\Temp\RDFFA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programme\Panda Security\Panda Internet Security 2009\TPSrv.exe

--
End of file - 7633 bytes



Rootkit revealer:
1-5-21-1538484781-3946739223-2389412754-1006\Console 18.05.2009 16:06 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 11.11.2008 02:12 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11.11.2008 02:12 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 11.07.2009 20:44 80 bytes Data mismatch between Windows API and raw hive data.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\Cache\04339ADFd01 11.07.2009 20:46 63.28 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\Cache\15252311d01 11.07.2009 20:48 63.76 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\Cache\204774C5d01 11.07.2009 20:51 152.26 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\Cache\5B25A781d01 11.07.2009 20:52 103.08 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\Cache\61AEC729d01 11.07.2009 20:52 22.41 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\Lord\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\izenus77.default\urlclassifier3.sqlite-journal 11.07.2009 20:47 8.56 MB Visible in Windows API, but not in MFT or directory index.
C:\Programme\Panda Security\Panda Internet Security 2009\Downloads\IDProtSig\pavufts.sig 11.07.2009 20:48 63.92 KB Hidden from Windows API.
C:\Programme\Panda Security\Panda Internet Security 2009\Downloads\PavExp\PavExp.sig 11.07.2009 20:48 3.81 KB Hidden from Windows API.
C:\Programme\Panda Security\Panda Internet Security 2009\Temp\pav6B.tmp 11.07.2009 20:49 1.28 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{4AB9F269-3E9E-4C7F-87C9-D54EB9392040}\RP4\A0000257.INI 26.06.2009 12:25 3.38 KB Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 05.05.2009 00:32 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 05.05.2009 00:32 111.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll 05.05.2009 00:32 8.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf 11.07.2009 20:56 17.16 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 11.07.2009 20:40 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\cteng_1_1_211246988921.dat 11.07.2009 20:46 30.42 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_221247228937.dat 11.07.2009 20:46 25.86 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_231246881203.dat 11.07.2009 20:46 25.91 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_41246672830.dat 11.07.2009 20:46 30.63 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_71245874879.dat 11.07.2009 20:46 77.40 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_81246356455.dat 11.07.2009 20:46 31.36 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_1_91246593662.dat 11.07.2009 20:46 30.62 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_131247319499.dat 11.07.2009 20:46 258.35 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_141247184040.dat 11.07.2009 20:46 207.91 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_151247187636.dat 11.07.2009 20:46 256.89 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_161247334306.dat 11.07.2009 20:46 183.86 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_171246320046.dat 11.07.2009 20:46 182.90 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_181247259618.dat 11.07.2009 20:46 207.22 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_201247161136.dat 11.07.2009 20:46 213.80 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_211247218009.dat 11.07.2009 20:46 224.52 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_221246949136.dat 11.07.2009 20:46 224.11 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_231247240443.dat 11.07.2009 20:46 305.37 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_241246190449.dat 11.07.2009 20:46 226.46 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_251246346450.dat 11.07.2009 20:46 117.53 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_261245798016.dat 11.07.2009 20:46 213.25 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_271247166050.dat 11.07.2009 20:46 263.23 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_281247129444.dat 11.07.2009 20:46 243.97 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_291247270586.dat 11.07.2009 20:46 289.18 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_301247202044.dat 11.07.2009 20:46 238.33 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_311247132246.dat 11.07.2009 20:46 194.17 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_331246824032.dat 11.07.2009 20:46 140.85 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_341247335332.dat 11.07.2009 20:46 203.21 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_351246995684.dat 11.07.2009 20:46 260.01 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_361247248242.dat 11.07.2009 20:46 213.45 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_381247039982.dat 11.07.2009 20:46 209.17 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_391247335222.dat 11.07.2009 20:46 188.78 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_401247162835.dat 11.07.2009 20:46 304.56 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_411247323381.dat 11.07.2009 20:46 224.16 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_41247142318.dat 11.07.2009 20:46 189.21 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_421247303322.dat 11.07.2009 20:46 301.55 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_1_2_71247176825.dat 11.07.2009 20:46 234.93 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_3_2_11231224990.dat 11.07.2009 20:46 49.75 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_1_21247165104.dat 11.07.2009 20:46 123.58 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_1_31247164973.dat 11.07.2009 20:47 109.86 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_101247033128.dat 11.07.2009 20:47 252.34 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_111247256316.dat 11.07.2009 20:47 294.29 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_121247322654.dat 11.07.2009 20:47 242.65 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_131247244634.dat 11.07.2009 20:47 222.74 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_141247322523.dat 11.07.2009 20:47 240.60 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_151247177118.dat 11.07.2009 20:47 246.30 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_21247094310.dat 11.07.2009 20:47 219.59 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_31247322874.dat 11.07.2009 20:47 256.92 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_41247274332.dat 11.07.2009 20:47 217.28 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_51247322690.dat 11.07.2009 20:47 239.48 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_61247322744.dat 11.07.2009 20:47 255.57 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_71247322767.dat 11.07.2009 20:47 316.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_81247245548.dat 11.07.2009 20:47 221.60 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_7_2_91247090717.dat 11.07.2009 20:47 269.45 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_8_2_11223394495.dat 11.07.2009 20:47 16.41 KB Hidden from Windows API.
C:\WINDOWS\Temp\cteng_8_2_21231227908.dat 11.07.2009 20:47 12.03 KB Hidden from Windows API.
C:\WINDOWS\Temp\ct

Alt 12.07.2009, 17:35   #2
kira
/// Helfer-Team
 
Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Hallo Donthackme

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte- und Systemdateien sichtbar machen::
- Klicke unter Start auf Arbeitsplatz.
- Klicke im Menü Extras auf Ordneroptionen.
- Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden --> Haken entfernen
- Geschützte und Systemdateien ausblenden --> Haken entfernen
- Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen --> Haken setzen.
- Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

2.
- lade Dir das filelist.zip auf deinen Desktop herunter
- entpacke die Zip-Datei auf deinen Desktop
- starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
- kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)-> starten-> unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)-> weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein
4.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert)
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

5.
  • lade F-Secure Blacklight in einen neuen Ordner C:\programme\blacklight.
  • schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
  • nichts am Pc machen während der Scan läuft!
  • starte in diesem Ordner fsbl.exe
  • klicke auf "I accept the agreement" → "next" → "Scan"
  • wenn der Scan beendet ist, wähle Close.
  • der Bericht ist fsbl-XXX.log und befindet sich im Blacklight Verzeichnis. (anstelle der XXX stehen Zahlen, die Datum und Uhrzeit enthalten). Den Inhalt dieser Datei bitte posten.
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

am besten nutze den Code-Tags für deinen Post:
vor dein log schreibst du:[code]
hier kommt dein logfile rein
dahinter:[/code]


gruß
Coverflow
__________________


Alt 13.07.2009, 13:30   #3
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Hallo Coverflow!

Vielen Dank für die Antwort! Toll, dass ihr uns Laien hier helft, Malware zu killen.
Also, habe versucht alles nach deiner Anleitung auszuführen. Hoffe alles ist nach deinem Geschmack. Habe zufällig etwar über einen Trojaner "manifest" hier im Forum gelesen und auf meinem PC nach dateien mit diesem Namen gesucht. Kam einiges hoch. Kann man manifestieren ob das ein Trojaner ist oder ist das normal?!?


LOG ZIP:
----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\

13.07.2009 13:21 43 filelist.txt
13.07.2009 12:38 1.598.029.824 pagefile.sys
04.05.2009 22:06 211 boot.ini
11.11.2008 01:44 0 IO.SYS
11.11.2008 01:44 0 MSDOS.SYS
11.11.2008 01:44 0 CONFIG.SYS
11.11.2008 01:44 0 AUTOEXEC.BAT
11.11.2008 01:40 4.128 INFCACHE.1
14.04.2008 15:00 47.564 NTDETECT.COM
14.04.2008 15:00 251.712 ntldr
14.04.2008 15:00 4.952 bootfont.bin
27.01.2003 12:54 0 check.tag
12 Datei(en) 1.598.338.434 Bytes
0 Verzeichnis(se), 136.802.897.920 Bytes frei

----- Windows --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS

13.07.2009 12:40 1.125.008 WindowsUpdate.log
13.07.2009 12:39 0 0.log
13.07.2009 12:38 2.048 bootstat.dat
01.07.2009 12:50 615 win.ini
28.06.2009 10:49 63 wininit.ini
13.06.2009 20:33 13.946 ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
02.06.2009 20:18 9.286 ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
18.05.2009 16:04 227 system.ini
14.05.2009 17:50 117.248 vFind.exe
08.05.2009 16:30 109 oodcnt.INI
07.05.2009 17:10 148 ptkfz.INI
05.05.2009 06:02 612 Recovery.hdt
04.05.2009 22:41 0 nsreg.dat
19.11.2008 09:24 32 CD_Start.INI
15.11.2008 05:25 61 smscfg.ini
15.11.2008 04:31 253.952 Setup1.exe
15.11.2008 04:31 74.752 ST6UNST.EXE
11.11.2008 02:05 10 csup.txt
11.11.2008 01:55 319.488 HideWin.exe
11.11.2008 01:44 0 control.ini
11.11.2008 01:44 316.640 WMSysPr9.prx
11.11.2008 01:44 4.161 ODBCINST.INI
11.11.2008 01:43 749 WindowsShell.Manifest
11.11.2008 01:42 37 vbaddin.ini
11.11.2008 01:42 36 vb.ini
09.09.2008 19:39 16.851.968 RTHDCPL.EXE
19.08.2008 14:26 77.824 SOUNDMAN.EXE
06.08.2008 16:51 1.200.128 RtlUpd.exe
29.07.2008 16:42 528.384 RtlExUpd.dll
14.07.2008 05:09 212.728 CMDLIC.DLL
14.07.2008 05:09 205.560 UNBOC.EXE
19.06.2008 17:42 2.808.832 ALCWZRD.EXE
19.06.2008 17:27 9.715.200 RTLCPL.EXE
19.06.2008 17:20 57.344 ALCMTR.EXE
23.05.2008 18:02 12.288 MSIECO
14.04.2008 15:00 26.582 Granit.bmp
14.04.2008 15:00 153.600 regedit.exe
14.04.2008 15:00 17.362 Rhododendron.bmp
14.04.2008 15:00 16.730 Feder.bmp
14.04.2008 15:00 26.680 F„cher.bmp
14.04.2008 15:00 65.954 Pr„riewind.bmp
14.04.2008 15:00 10.752 hh.exe
14.04.2008 15:00 70.144 NOTEPAD.EXE
14.04.2008 15:00 65.832 Santa Fe-Stuck.bmp
14.04.2008 15:00 9.522 Zapotek.bmp
14.04.2008 15:00 65.978 Seifenblase.bmp
14.04.2008 15:00 80 explorer.scf
14.04.2008 15:00 257.568 winhelp.exe
14.04.2008 15:00 1.036.800 explorer.exe
14.04.2008 15:00 1.405 msdfmap.ini
14.04.2008 15:00 2 desktop.ini
14.04.2008 15:00 48.680 winnt256.bmp
14.04.2008 15:00 17.336 Angler.bmp
14.04.2008 15:00 48.680 winnt.bmp
14.04.2008 15:00 15.872 TASKMAN.EXE
14.04.2008 15:00 94.800 twain.dll
14.04.2008 15:00 50.688 twain_32.dll
14.04.2008 15:00 49.680 twunk_16.exe
14.04.2008 15:00 25.600 twunk_32.exe
14.04.2008 15:00 17.062 Kaffeetasse.bmp
14.04.2008 15:00 1.272 Blaue Spitzen 16.bmp
14.04.2008 15:00 34.818 wmprfDEU.prx
14.04.2008 15:00 288.768 winhlp32.exe
14.04.2008 15:00 707 _default.pif
14.04.2008 15:00 18.944 vmmreg32.dll
14.04.2008 15:00 82.944 clock.avi
20.11.2007 19:15 1.826.816 SkyTel.exe
14.11.2007 16:18 553 USetup.iss
28.06.2007 17:44 2.165.760 MicCal.exe
16.08.2006 14:22 626.688 DBREG.dll
08.08.2006 10:31 131.584 DBReg.exe
04.08.2006 13:26 16.070 German2.ini
07.04.2006 14:29 29.798 corelpf.lrs
31.08.2000 08:00 98.816 sed.exe
31.08.2000 08:00 161.792 SWREG.exe
31.08.2000 08:00 80.412 grep.exe
31.08.2000 08:00 68.096 zip.exe
31.08.2000 08:00 136.704 SWSC.exe
78 Datei(en) 41.873.415 Bytes
0 Verzeichnis(se), 136.802.893.824 Bytes frei

----- System ---
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\system

14.04.2008 15:00 70.368 AVICAP.DLL
14.04.2008 15:00 109.504 AVIFILE.DLL
14.04.2008 15:00 33.744 COMMDLG.DLL
14.04.2008 15:00 2.000 KEYBOARD.DRV
14.04.2008 15:00 9.936 LZEXPAND.DLL
14.04.2008 15:00 73.760 MCIAVI.DRV
14.04.2008 15:00 25.296 MCISEQ.DRV
14.04.2008 15:00 28.160 MCIWAVE.DRV
14.04.2008 15:00 69.632 MMSYSTEM.DLL
14.04.2008 15:00 1.152 MMTASK.TSK
14.04.2008 15:00 2.032 MOUSE.DRV
14.04.2008 15:00 127.104 MSVIDEO.DLL
14.04.2008 15:00 82.944 OLECLI.DLL
14.04.2008 15:00 24.064 OLESVR.DLL
14.04.2008 15:00 59.167 setup.inf
14.04.2008 15:00 5.120 SHELL.DLL
14.04.2008 15:00 1.744 SOUND.DRV
14.04.2008 15:00 5.532 stdole.tlb
14.04.2008 15:00 3.360 SYSTEM.DRV
14.04.2008 15:00 19.200 TAPI.DLL
14.04.2008 15:00 4.048 TIMER.DRV
14.04.2008 15:00 9.200 VER.DLL
14.04.2008 15:00 2.176 VGA.DRV
14.04.2008 15:00 13.600 WFWNET.DRV
14.04.2008 15:00 146.944 WINSPOOL.DRV
25 Datei(en) 929.787 Bytes
0 Verzeichnis(se), 136.803.479.552 Bytes frei

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\system32

11.07.2009 20:49 8.627 PAV_FOG.OPC
11.07.2009 12:38 1.158 wpa.dbl
07.07.2009 16:44 117.360 FNTCACHE.DAT
03.07.2009 08:48 433.332 perfh009.dat
03.07.2009 08:48 68.096 perfc009.dat
03.07.2009 08:48 449.966 perfh007.dat
03.07.2009 08:48 80.822 perfc007.dat
03.07.2009 08:48 1.044.576 PerfStringBackup.INI
26.06.2009 12:15 253 PavCPL.dat
01.06.2009 18:51 23.635.392 MRT.exe
21.05.2009 11:34 148.888 javaws.exe
21.05.2009 11:34 144.792 javaw.exe
21.05.2009 11:34 144.792 java.exe
21.05.2009 11:33 410.984 deploytk.dll
21.05.2009 09:35 73.728 javacpl.cpl
13.05.2009 07:02 915.456 wininet.dll
13.05.2009 07:02 5.936.128 mshtml.dll
08.05.2009 16:28 8.439 OODBS.lor
07.05.2009 17:32 348.160 localspl.dll
04.05.2009 22:06 1.518 $winnt$.inf
04.05.2009 22:05 5.208 pid.PNF
30.04.2009 23:13 1.985.024 iertutil.dll
30.04.2009 23:13 11.064.832 ieframe.dll
30.04.2009 23:12 1.469.440 inetcpl.cpl
30.04.2009 23:12 25.600 jsproxy.dll
30.04.2009 23:12 1.207.808 urlmon.dll
30.04.2009 23:12 385.536 iedkcs32.dll
30.04.2009 13:21 173.056 ie4uinit.exe
19.04.2009 21:46 1.847.296 win32k.sys
15.04.2009 16:51 585.216 rpcrt4.dll
21.03.2009 16:06 1.063.424 kernel32.dll
17.03.2009 18:07 87.296 PavLspHook.dll
08.03.2009 14:29 1.302.528 ieframe.dll.mui
08.03.2009 14:29 57.344 msrating.dll.mui
08.03.2009 14:28 2.560 mshta.exe.mui
08.03.2009 14:27 4.096 ie4uinit.exe.mui
08.03.2009 14:27 12.288 advpack.dll.mui
08.03.2009 14:27 81.920 iedkcs32.dll.mui
08.03.2009 04:35 385.024 html.iec
08.03.2009 04:34 208.384 WinFXDocObj.exe
08.03.2009 04:34 236.544 webcheck.dll
08.03.2009 04:34 43.008 licmgr10.dll
08.03.2009 04:34 105.984 url.dll
08.03.2009 04:34 193.536 msrating.dll
08.03.2009 04:34 109.568 occache.dll
08.03.2009 04:33 18.944 corpol.dll
08.03.2009 04:33 726.528 jscript.dll
08.03.2009 04:33 229.376 ieaksie.dll
08.03.2009 04:33 420.352 vbscript.dll
08.03.2009 04:33 125.952 ieakeng.dll
08.03.2009 04:32 72.704 admparse.dll
08.03.2009 04:32 163.840 ieakui.dll
08.03.2009 04:32 36.864 ieudinit.exe
08.03.2009 04:32 71.680 iesetup.dll
08.03.2009 04:32 55.808 iernonce.dll
08.03.2009 04:32 128.512 advpack.dll
08.03.2009 04:32 94.720 inseng.dll
08.03.2009 04:32 594.432 msfeeds.dll
08.03.2009 04:32 611.840 mstime.dll
08.03.2009 04:31 183.808 iepeers.dll
08.03.2009 04:31 13.312 msfeedssync.exe
08.03.2009 04:31 59.904 icardie.dll
08.03.2009 04:31 55.296 msfeedsbs.dll
08.03.2009 04:31 348.160 dxtmsft.dll
08.03.2009 04:31 34.816 imgutil.dll
08.03.2009 04:31 216.064 dxtrans.dll
08.03.2009 04:31 46.592 pngfilt.dll
08.03.2009 04:31 66.560 mshtmled.dll
08.03.2009 04:31 48.128 mshtmler.dll
08.03.2009 04:31 1.638.912 mshtml.tlb
08.03.2009 04:31 45.568 mshta.exe
08.03.2009 04:30 66.560 tdc.ocx
08.03.2009 04:22 164.352 ieui.dll
08.03.2009 04:22 156.160 msls31.dll
08.03.2009 04:15 57.667 ieuinit.inf
08.03.2009 04:11 445.952 ieapfltr.dll
06.03.2009 16:19 286.720 pdh.dll
20.02.2009 18:49 133.120 extmgr.dll
12.02.2009 22:20 6.873 IE8Eula.rtf
09.02.2009 13:21 2.026.496 ntkrnlpa.exe
09.02.2009 13:21 2.147.840 ntoskrnl.exe
09.02.2009 13:21 111.104 services.exe
09.02.2009 12:51 736.768 lsasrv.dll
09.02.2009 12:51 401.408 rpcss.dll
09.02.2009 12:51 678.400 advapi32.dll
09.02.2009 12:51 740.352 ntdll.dll
06.02.2009 21:07 3.698.584 ieapfltr.dat
06.02.2009 12:39 35.328 sc.exe
03.02.2009 21:57 56.832 secur32.dll
07.01.2009 18:21 121.856 xmllite.dll
07.01.2009 18:20 24.576 nlsdl.dll
07.01.2009 18:20 59.342 normidna.nls
07.01.2009 18:20 23.552 normaliz.dll
07.01.2009 18:20 26.112 idndl.dll
07.01.2009 18:20 45.794 normnfc.nls
07.01.2009 18:20 39.284 normnfd.nls
07.01.2009 18:20 60.294 normnfkd.nls
07.01.2009 18:20 66.384 normnfkc.nls
07.01.2009 18:20 18.464 spmsg.dll
07.01.2009 18:20 26.144 spupdsvc.exe
07.01.2009 18:20 8.798 icrav03.rat
07.01.2009 18:20 265.720 msdbg2.dll
21.12.2008 00:13 1.293.824 quartz.dll
16.12.2008 14:30 354.304 winhttp.dll
05.12.2008 08:55 144.896 schannel.dll
19.11.2008 09:33 333 $ncsp$.inf
11.11.2008 18:34 10.838.016 wmp.dll
11.11.2008 02:29 16.832 amcompat.tlb
11.11.2008 02:29 23.392 nscompat.tlb
11.11.2008 02:02 940.794 LoopyMusic.wav
11.11.2008 02:02 146.650 BuzzingBee.wav
11.11.2008 01:44 2.951 CONFIG.NT
11.11.2008 01:43 488 logonui.exe.manifest
11.11.2008 01:43 488 WindowsLogon.manifest
11.11.2008 01:43 749 sapi.cpl.manifest
11.11.2008 01:43 749 cdplayer.exe.manifest
11.11.2008 01:43 749 wuaucpl.cpl.manifest
11.11.2008 01:43 749 ncpa.cpl.manifest
11.11.2008 01:43 749 nwc.cpl.manifest
11.11.2008 01:42 21.740 emptyregdb.dat
11.11.2008 01:41 0 h323log.txt
24.10.2008 22:50 34.152 netathw.cat
23.10.2008 14:36 286.720 gdi32.dll
23.10.2008 12:06 62.976 tzchange.exe
21.10.2008 15:18 1.337.984 athw.sys
21.10.2008 15:17 163.204 netathw.inf
16.10.2008 14:13 1.809.944 wuaueng.dll
16.10.2008 14:12 202.776 wuweb.dll
16.10.2008 14:12 323.608 wucltui.dll
16.10.2008 14:12 561.688 wuapi.dll
16.10.2008 14:12 213.528 wuaucpl.cpl
16.10.2008 14:09 43.544 wups2.dll
16.10.2008 14:09 51.224 wuauclt.exe
16.10.2008 14:09 92.696 cdm.dll
16.10.2008 14:08 34.328 wups.dll
16.10.2008 14:08 31.768 wucltui.dll.mui
16.10.2008 14:08 27.672 wuaucpl.cpl.mui
16.10.2008 14:08 27.672 wuapi.dll.mui
16.10.2008 14:07 208.744 muweb.dll
16.10.2008 14:07 18.968 wuaueng.dll.mui
16.10.2008 14:06 268.648 mucltui.dll
16.10.2008 14:06 27.496 mucltui.dll.mui
15.10.2008 18:35 337.408 netapi32.dll
03.10.2008 12:03 247.326 strmdll.dll

----- Prefetch -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\Prefetch

13.07.2009 13:21 11.644 FIND.EXE-0EC32F1E.pf
13.07.2009 13:21 14.422 CMD.EXE-087B4001.pf
13.07.2009 13:21 24.720 VERCLSID.EXE-3667BD89.pf
13.07.2009 13:18 21.176 A2SERVICE.EXE-0190A05B.pf
13.07.2009 13:18 48.452 A2GUARD.EXE-147BDBBC.pf
13.07.2009 13:14 10.840 GWFEED.EXE-1A221CF6.pf
13.07.2009 13:11 57.902 CCLEANER.EXE-065E2F3F.pf
13.07.2009 13:09 25.304 WMIPRVSE.EXE-28F301A9.pf
13.07.2009 13:09 16.254 PLATASKS.EXE-07D942B4.pf
13.07.2009 13:04 61.730 A2SCAN.EXE-2D885BDB.pf
13.07.2009 12:44 122.190 UPGRADER.EXE-286D5E8E.pf
13.07.2009 12:42 18.430 WMIADAP.EXE-2DF425B2.pf
13.07.2009 12:41 153.302 FIREFOX.EXE-1D57670A.pf
13.07.2009 12:41 80.424 AVCIMAN.EXE-25761609.pf
13.07.2009 12:41 12.970 PSIMREAL.EXE-2C435AD3.pf
13.07.2009 12:41 14.802 SVCHOST.EXE-3530F672.pf
13.07.2009 12:40 22.212 RTHDCPL.EXE-06918CFA.pf
13.07.2009 12:40 48.980 AWC.EXE-0B49E328.pf
13.07.2009 12:40 22.796 PSI.EXE-1B18CA34.pf
13.07.2009 12:40 20.780 UNSECAPP.EXE-1A95A33B.pf
13.07.2009 12:40 30.386 MGSYSCTRL.EXE-161B5FD2.pf
13.07.2009 12:40 84.008 PAVBCKPT.EXE-11BBFA1C.pf
13.07.2009 12:40 65.096 IOBIT SMARTDEFRAG.EXE-0D1D9BBF.pf
13.07.2009 12:40 54.716 INICIO.EXE-1E7C6DA5.pf
13.07.2009 12:40 22.924 WUAUCLT.EXE-399A8E72.pf
13.07.2009 12:40 67.920 SRVLOAD.EXE-17D5D9D5.pf
13.07.2009 12:40 59.774 APVXDWIN.EXE-2F420686.pf
13.07.2009 12:40 5.958 PSCLEAN.EXE-2E6ABB78.pf
13.07.2009 12:40 29.198 USERINIT.EXE-30B18140.pf
13.07.2009 12:40 65.470 EXPLORER.EXE-082F38A9.pf
13.07.2009 01:22 88.212 PAVJOBS.EXE-2A645B8B.pf
13.07.2009 01:22 57.036 A2START.EXE-245D0830.pf
13.07.2009 00:14 21.556 FSBL.EXE-1248E9F0.pf
13.07.2009 00:06 72.018 WEBPROXY.EXE-01181049.pf
13.07.2009 00:06 80.288 PAVW.EXE-356A9B81.pf
13.07.2009 00:06 66.502 IFACE.EXE-07C00ADB.pf
13.07.2009 00:05 63.364 HIJACKTHIS.EXE-39024128.pf
12.07.2009 23:53 14.262 SSSTARS.SCR-2D6FC20D.pf
12.07.2009 23:28 15.270 5TH5CNFL.EXE-1EA87545.pf
12.07.2009 23:25 9.640 WSCNTFY.EXE-1B24F5EB.pf
12.07.2009 23:25 16.916 RUNDLL32.EXE-1218E1AC.pf
12.07.2009 23:19 12.986 JAVA.EXE-2167859B.pf
12.07.2009 23:15 13.172 JUSCHED.EXE-336229D9.pf
12.07.2009 19:22 59.354 LOGONUI.EXE-0AF22957.pf
12.07.2009 18:27 13.172 DFRGNTFS.EXE-269967DF.pf
12.07.2009 18:27 15.768 DEFRAG.EXE-273F131E.pf
12.07.2009 18:27 382.918 Layout.ini
12.07.2009 18:03 97.520 NOTEPAD.EXE-336351A9.pf
12.07.2009 17:27 15.624 NET.EXE-01A53C2F.pf
12.07.2009 17:27 17.696 NET1.EXE-029B9DB4.pf
12.07.2009 17:22 82.688 MBAM.EXE-11D8BBD8.pf
12.07.2009 16:37 65.298 HELPSVC.EXE-2878DDA2.pf
12.07.2009 15:44 22.486 MSHTA.EXE-331DF029.pf
12.07.2009 15:44 16.162 RUNDLL32.EXE-19F507BE.pf
12.07.2009 15:44 15.424 IGFXSRVC.EXE-2FB63FE8.pf
12.07.2009 15:04 36.136 SUP_DISKCLEANER.EXE-128913D9.pf
12.07.2009 14:58 31.454 SUS_SYSTEMFILESCAN.EXE-146827F1.pf
11.07.2009 23:49 37.396 AU_.EXE-0E7708CE.pf
11.07.2009 23:49 19.642 AVGARKT.EXE-36D0BE99.pf
11.07.2009 23:49 12.862 9MTRVJ.EXE-2BD94AF4.pf
11.07.2009 23:49 59.210 UNINSTALL.EXE-0462C863.pf
11.07.2009 23:48 64.762 REVOUNINSTALLER.EXE-061D4878.pf
11.07.2009 23:47 72.856 CLEANMGR.EXE-1F86EA8E.pf
11.07.2009 23:22 20.342 REGCLEANER.EXE-32B2B427.pf
11.07.2009 20:43 14.738 JQSNOTIFY.EXE-1E60A522.pf
11.07.2009 12:44 108.256 SOFFICE.BIN-1E52E616.pf
11.07.2009 12:43 20.828 SOFFICE.EXE-26427B3D.pf
19.11.2008 09:32 842.376 NTOSBOOT-B00DFAAD.pf
68 Datei(en) 3.970.970 Bytes
0 Verzeichnis(se), 136.803.344.384 Bytes frei

----- Tasks ----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\tasks

13.07.2009 12:38 6 SA.DAT
13.07.2009 01:24 32.566 SCHEDLGU.TXT
11.05.2009 21:54 414 Wise Disk Cleaner 4.job
14.04.2008 15:00 65 desktop.ini
4 Datei(en) 33.051 Bytes
0 Verzeichnis(se), 136.803.278.848 Bytes frei

----- Windows/Temp -----------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\Temp

13.07.2009 12:45 1.758 cteng_index.dat
13.07.2009 12:45 274.560 cteng_7_2_91247436321.dat
13.07.2009 12:45 224.400 cteng_7_2_81247447124.dat
13.07.2009 12:45 220.216 cteng_7_2_41247450720.dat
13.07.2009 12:45 206.916 cteng_7_2_21247439921.dat
13.07.2009 12:45 234.472 cteng_7_2_141247443522.dat
13.07.2009 12:45 220.724 cteng_7_2_131247457918.dat
13.07.2009 12:45 246.980 cteng_7_2_101247461526.dat
13.07.2009 12:45 248.324 cteng_1_2_71247478419.dat
13.07.2009 12:45 270.736 cteng_1_2_421247454028.dat
13.07.2009 12:45 239.616 cteng_1_2_411247446828.dat
13.07.2009 12:45 239.160 cteng_1_2_341247481863.dat
13.07.2009 12:45 242.408 cteng_1_2_261247478056.dat
13.07.2009 12:45 204.048 cteng_1_2_201247475384.dat
13.07.2009 12:45 180.384 cteng_1_2_171247443226.dat
13.07.2009 12:45 191.688 cteng_1_2_161247476441.dat
13.07.2009 12:45 25.084 cteng_1_1_201247450444.dat
13.07.2009 12:45 26.612 cteng_1_1_141247473478.dat
13.07.2009 12:45 31.492 cteng_1_1_121247471029.dat
13.07.2009 12:38 10.354.688 f4d4851e8935eebef0f2eb52b3212bc9PSK_PLUGINS_0
13.07.2009 12:38 16.384 Perflib_Perfdata_264.dat
12.07.2009 23:25 206 TechsManager.log
12.07.2009 23:20 26.659 PSSysChk.log
12.07.2009 23:20 250.724 cteng_7_2_61247425516.dat
12.07.2009 23:20 240.184 cteng_7_2_31247432717.dat
12.07.2009 23:20 263.192 cteng_7_2_111247429120.dat
12.07.2009 23:20 204.916 cteng_1_2_71247432419.dat
12.07.2009 23:20 244.704 cteng_1_2_411247429734.dat
12.07.2009 23:20 230.520 cteng_1_2_391247429271.dat
12.07.2009 23:20 218.384 cteng_1_2_361247412659.dat
12.07.2009 23:20 247.848 cteng_1_2_221247414991.dat
12.07.2009 23:20 243.248 cteng_1_2_211247429076.dat
12.07.2009 17:16 12.320 cteng_8_2_21231227908.dat
12.07.2009 17:16 16.804 cteng_8_2_11223394495.dat
12.07.2009 17:16 275.920 cteng_7_2_91247090717.dat
12.07.2009 17:16 226.920 cteng_7_2_81247245548.dat
12.07.2009 17:16 307.064 cteng_7_2_71247349921.dat
12.07.2009 17:16 228.936 cteng_7_2_51247404567.dat
12.07.2009 17:16 222.496 cteng_7_2_41247274332.dat
12.07.2009 17:16 213.240 cteng_7_2_21247353515.dat
12.07.2009 17:16 252.212 cteng_7_2_151247177118.dat
12.07.2009 17:16 256.072 cteng_7_2_141247404418.dat
12.07.2009 17:16 229.980 cteng_7_2_131247403881.dat
12.07.2009 17:16 248.472 cteng_7_2_121247322654.dat
12.07.2009 17:16 258.400 cteng_7_2_101247033128.dat
12.07.2009 17:16 112.492 cteng_7_1_31247164973.dat
12.07.2009 17:16 128.140 cteng_7_1_21247403573.dat
12.07.2009 17:16 50.948 cteng_3_2_11231224990.dat
12.07.2009 17:16 298.004 cteng_1_2_421247364036.dat
12.07.2009 17:16 218.908 cteng_1_2_41247398807.dat
12.07.2009 17:16 311.872 cteng_1_2_401247162835.dat
12.07.2009 17:16 214.188 cteng_1_2_381247039982.dat
12.07.2009 17:16 273.548 cteng_1_2_351247406645.dat
12.07.2009 17:16 208.084 cteng_1_2_341247335332.dat
12.07.2009 17:15 144.228 cteng_1_2_331246824032.dat
12.07.2009 17:15 182.976 cteng_1_2_311247382036.dat
12.07.2009 17:15 244.048 cteng_1_2_301247202044.dat
12.07.2009 17:15 296.124 cteng_1_2_291247270586.dat
12.07.2009 17:15 249.824 cteng_1_2_281247129444.dat
12.07.2009 17:15 269.548 cteng_1_2_271247166050.dat
12.07.2009 17:15 218.372 cteng_1_2_261245798016.dat
12.07.2009 17:15 120.348 cteng_1_2_251246346450.dat
12.07.2009 17:15 231.896 cteng_1_2_241246190449.dat
12.07.2009 17:15 312.700 cteng_1_2_231247240443.dat
12.07.2009 17:15 218.336 cteng_1_2_201247356823.dat
12.07.2009 17:15 212.196 cteng_1_2_181247259618.dat
12.07.2009 17:15 187.288 cteng_1_2_171246320046.dat
12.07.2009 17:15 188.268 cteng_1_2_161247334306.dat
12.07.2009 17:15 255.868 cteng_1_2_151247407391.dat
12.07.2009 17:15 212.896 cteng_1_2_141247184040.dat
12.07.2009 17:15 268.096 cteng_1_2_131247406861.dat
12.07.2009 17:15 31.352 cteng_1_1_91246593662.dat
12.07.2009 17:15 32.116 cteng_1_1_81246356455.dat
12.07.2009 17:15 79.260 cteng_1_1_71245874879.dat
12.07.2009 17:15 31.360 cteng_1_1_41246672830.dat
12.07.2009 17:15 26.528 cteng_1_1_231246881203.dat
12.07.2009 17:15 26.484 cteng_1_1_221247228937.dat
12.07.2009 17:15 31.152 cteng_1_1_211246988921.dat
12.07.2009 17:15 31.124 cteng_1_1_201247139288.dat
12.07.2009 17:15 31.924 cteng_1_1_181247060030.dat
12.07.2009 17:15 35.464 cteng_1_1_161247266835.dat
12.07.2009 17:15 23.428 cteng_1_1_141247353226.dat
12.07.2009 17:15 39.068 cteng_1_1_131247131555.dat
12.07.2009 17:15 24.724 cteng_1_1_121247346023.dat
12.07.2009 17:15 35.608 cteng_1_1_111246906844.dat
12.07.2009 17:15 47.092 cteng_1_1_101247394456.dat
11.07.2009 20:49 10.354.688 f4d4851e8935eebef0f2eb52b3212bc9PSK_PLUGINS_1
87 Datei(en) 35.330.639 Bytes
0 Verzeichnis(se), 136.803.201.024 Bytes frei
__________________

Alt 13.07.2009, 13:33   #4
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



----- Windows/Temp -----------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 34F1-0D90

Verzeichnis von C:\WINDOWS\Temp

13.07.2009 12:45 1.758 cteng_index.dat
13.07.2009 12:45 274.560 cteng_7_2_91247436321.dat
13.07.2009 12:45 224.400 cteng_7_2_81247447124.dat
13.07.2009 12:45 220.216 cteng_7_2_41247450720.dat
13.07.2009 12:45 206.916 cteng_7_2_21247439921.dat
13.07.2009 12:45 234.472 cteng_7_2_141247443522.dat
13.07.2009 12:45 220.724 cteng_7_2_131247457918.dat
13.07.2009 12:45 246.980 cteng_7_2_101247461526.dat
13.07.2009 12:45 248.324 cteng_1_2_71247478419.dat
13.07.2009 12:45 270.736 cteng_1_2_421247454028.dat
13.07.2009 12:45 239.616 cteng_1_2_411247446828.dat
13.07.2009 12:45 239.160 cteng_1_2_341247481863.dat
13.07.2009 12:45 242.408 cteng_1_2_261247478056.dat
13.07.2009 12:45 204.048 cteng_1_2_201247475384.dat
13.07.2009 12:45 180.384 cteng_1_2_171247443226.dat
13.07.2009 12:45 191.688 cteng_1_2_161247476441.dat
13.07.2009 12:45 25.084 cteng_1_1_201247450444.dat
13.07.2009 12:45 26.612 cteng_1_1_141247473478.dat
13.07.2009 12:45 31.492 cteng_1_1_121247471029.dat
13.07.2009 12:38 10.354.688 f4d4851e8935eebef0f2eb52b3212bc9PSK_PLUGINS_0
13.07.2009 12:38 16.384 Perflib_Perfdata_264.dat
12.07.2009 23:25 206 TechsManager.log
12.07.2009 23:20 26.659 PSSysChk.log
12.07.2009 23:20 250.724 cteng_7_2_61247425516.dat
12.07.2009 23:20 240.184 cteng_7_2_31247432717.dat
12.07.2009 23:20 263.192 cteng_7_2_111247429120.dat
12.07.2009 23:20 204.916 cteng_1_2_71247432419.dat
12.07.2009 23:20 244.704 cteng_1_2_411247429734.dat
12.07.2009 23:20 230.520 cteng_1_2_391247429271.dat
12.07.2009 23:20 218.384 cteng_1_2_361247412659.dat
12.07.2009 23:20 247.848 cteng_1_2_221247414991.dat
12.07.2009 23:20 243.248 cteng_1_2_211247429076.dat
12.07.2009 17:16 12.320 cteng_8_2_21231227908.dat
12.07.2009 17:16 16.804 cteng_8_2_11223394495.dat
12.07.2009 17:16 275.920 cteng_7_2_91247090717.dat
12.07.2009 17:16 226.920 cteng_7_2_81247245548.dat
12.07.2009 17:16 307.064 cteng_7_2_71247349921.dat
12.07.2009 17:16 228.936 cteng_7_2_51247404567.dat
12.07.2009 17:16 222.496 cteng_7_2_41247274332.dat
12.07.2009 17:16 213.240 cteng_7_2_21247353515.dat
12.07.2009 17:16 252.212 cteng_7_2_151247177118.dat
12.07.2009 17:16 256.072 cteng_7_2_141247404418.dat
12.07.2009 17:16 229.980 cteng_7_2_131247403881.dat
12.07.2009 17:16 248.472 cteng_7_2_121247322654.dat
12.07.2009 17:16 258.400 cteng_7_2_101247033128.dat
12.07.2009 17:16 112.492 cteng_7_1_31247164973.dat
12.07.2009 17:16 128.140 cteng_7_1_21247403573.dat
12.07.2009 17:16 50.948 cteng_3_2_11231224990.dat
12.07.2009 17:16 298.004 cteng_1_2_421247364036.dat
12.07.2009 17:16 218.908 cteng_1_2_41247398807.dat
12.07.2009 17:16 311.872 cteng_1_2_401247162835.dat
12.07.2009 17:16 214.188 cteng_1_2_381247039982.dat
12.07.2009 17:16 273.548 cteng_1_2_351247406645.dat
12.07.2009 17:16 208.084 cteng_1_2_341247335332.dat
12.07.2009 17:15 144.228 cteng_1_2_331246824032.dat
12.07.2009 17:15 182.976 cteng_1_2_311247382036.dat
12.07.2009 17:15 244.048 cteng_1_2_301247202044.dat
12.07.2009 17:15 296.124 cteng_1_2_291247270586.dat
12.07.2009 17:15 249.824 cteng_1_2_281247129444.dat
12.07.2009 17:15 269.548 cteng_1_2_271247166050.dat
12.07.2009 17:15 218.372 cteng_1_2_261245798016.dat
12.07.2009 17:15 120.348 cteng_1_2_251246346450.dat
12.07.2009 17:15 231.896 cteng_1_2_241246190449.dat
12.07.2009 17:15 312.700 cteng_1_2_231247240443.dat
12.07.2009 17:15 218.336 cteng_1_2_201247356823.dat
12.07.2009 17:15 212.196 cteng_1_2_181247259618.dat
12.07.2009 17:15 187.288 cteng_1_2_171246320046.dat
12.07.2009 17:15 188.268 cteng_1_2_161247334306.dat
12.07.2009 17:15 255.868 cteng_1_2_151247407391.dat
12.07.2009 17:15 212.896 cteng_1_2_141247184040.dat
12.07.2009 17:15 268.096 cteng_1_2_131247406861.dat
12.07.2009 17:15 31.352 cteng_1_1_91246593662.dat
12.07.2009 17:15 32.116 cteng_1_1_81246356455.dat
12.07.2009 17:15 79.260 cteng_1_1_71245874879.dat
12.07.2009 17:15 31.360 cteng_1_1_41246672830.dat
12.07.2009 17:15 26.528 cteng_1_1_231246881203.dat
12.07.2009 17:15 26.484 cteng_1_1_221247228937.dat
12.07.2009 17:15 31.152 cteng_1_1_211246988921.dat
12.07.2009 17:15 31.124 cteng_1_1_201247139288.dat
12.07.2009 17:15 31.924 cteng_1_1_181247060030.dat
12.07.2009 17:15 35.464 cteng_1_1_161247266835.dat
12.07.2009 17:15 23.428 cteng_1_1_141247353226.dat
12.07.2009 17:15 39.068 cteng_1_1_131247131555.dat
12.07.2009 17:15 24.724 cteng_1_1_121247346023.dat
12.07.2009 17:15 35.608 cteng_1_1_111246906844.dat
12.07.2009 17:15 47.092 cteng_1_1_101247394456.dat
11.07.2009 20:49 10.354.688 f4d4851e8935eebef0f2eb52b3212bc9PSK_PLUGINS_1
87 Datei(en) 35.330.639 Bytes
0 Verzeichnis(se), 136.803.201.024 Bytes frei

-07/13/09 14:18:52 [Info]: BlackLight Engine 2.2.1092 initialized
07/13/09 14:18:52 [Info]: OS: 5.1 build 2600 (Service Pack 3)
07/13/09 14:18:53 [Note]: 7019 4
07/13/09 14:18:53 [Note]: 7005 0
07/13/09 14:18:54 [Note]: 7006 0
07/13/09 14:18:54 [Note]: 7011 2080
07/13/09 14:18:55 [Note]: 7035 0
07/13/09 14:18:55 [Note]: 7026 0
07/13/09 14:18:55 [Note]: 7026 0
07/13/09 14:18:58 [Note]: FSRAW library version 1.7.1024
07/13/09 14:20:46 [Note]: 7007 0

LOG CCleaner:

Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2 - Deutsch
Advanced SystemCare 3
a-squared Anti-Malware 4.0
Atheros Client Installation Program
CCleaner (remove only)
CheckDrive
CorelDRAW Essential Edition 3
DivX Codec
EuroRoute 2008
Eusing Free Registry Cleaner
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 13
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 3.1
Panda Internet Security 2009
PC-Trainer Kfz-Technik
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
Secunia PSI
Shredder Classic 3
Smart Defrag 1.11
Sophos Anti-Rootkit 1.3.1
Spelling Dictionaries Support For Adobe Reader 9
Spyware Doctor 6.0
System Control Manager
USB2.0 Card Reader Software
VLC media player 0.9.9
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Wise Disk Cleaner 4.24
xp-AntiSpy 3.97-3

Alt 13.07.2009, 13:40   #5
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



ok, gmer log kommt noch, muss in mini Teile aufteilen, weil das so gross ist.
Hat aber nichts gefunden!


Alt 13.07.2009, 17:51   #6
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-13 14:11:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF737D514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF736C282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF736C474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF737DD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF737DFB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF737C3FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF737E422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF737D7D8]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xA9957A30]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateThread [0xA9956E50]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\PavTPK.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\PavSRK.sys Das System kann die angegebene Datei nicht finden. !
? system32\drivers\av5flt.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5F100F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5F220F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!send 71A14C27 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[612] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5F130F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [65, 5F]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteFile 7C91D23E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteFile + 4 7C91D242 2 Bytes [68, 5F]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDuplicateObject 7C91D29E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtDuplicateObject + 4 7C91D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtEnumerateKey 7C91D2CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtEnumerateKey + 4 7C91D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtEnumerateValueKey 7C91D2EE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtEnumerateValueKey + 4 7C91D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [6B, 5F]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtQueryMultipleValueKey 7C91D86E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtQueryMultipleValueKey + 4 7C91D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtQueryValueKey 7C91D96E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtQueryValueKey + 4 7C91D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtReadFile 7C91D9CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtReadFile + 4 7C91D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [62, 5F]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ole32.dll!CoCreateInstanceEx 774D0526 6 Bytes JMP 5F880F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ole32.dll!CoGetClassObject 774E56C5 6 Bytes JMP 5F850F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5F820F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5F7F0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F100F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F220F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F250F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F280F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ControlService 77DC4A09 6 Bytes JMP 5F130F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F1F0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F2B0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!LsaRemoveAccountRights 77DEAC91 6 Bytes JMP 5F2E0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F040F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F070F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F0A0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] ADVAPI32.dll!DeleteService 77E074B1 6 Bytes JMP 5F1C0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5FC70F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5FC10F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5FD90F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5FBB0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!send 71A14C27 6 Bytes JMP 5FC40F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5FCD0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5FBE0F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5FD30F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5FD00F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5FD60F5A
.text C:\Programme\System Control Manager\MSIService.exe[1224] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5FCA0F5A

Alt 13.07.2009, 17:54   #7
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Continue GMER log
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [62, 5F]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F100F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F220F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F250F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F280F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ControlService 77DC4A09 6 Bytes JMP 5F130F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!LsaRemoveAccountRights 77DEAC91 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F040F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F070F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ADVAPI32.dll!DeleteService 77E074B1 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5F820F5A
.text C:\Programme\Panda Security\Panda Internet Security 2009\PavBckPT.exe[2388] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5F7F0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [65, 5F]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteFile 7C91D23E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteFile + 4 7C91D242 2 Bytes [68, 5F]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDuplicateObject 7C91D29E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtDuplicateObject + 4 7C91D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtEnumerateKey 7C91D2CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtEnumerateKey + 4 7C91D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtEnumerateValueKey 7C91D2EE 3 Bytes [FF, 25, 1E]
.text

Alt 13.07.2009, 17:56   #8
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Continue GMER log:
C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtEnumerateValueKey + 4 7C91D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [6B, 5F]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtQueryMultipleValueKey 7C91D86E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtQueryMultipleValueKey + 4 7C91D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtQueryValueKey 7C91D96E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtQueryValueKey + 4 7C91D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtReadFile 7C91D9CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtReadFile + 4 7C91D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [62, 5F]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045493D C:\Programme\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F100F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F220F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F250F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F280F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ControlService 77DC4A09 6 Bytes JMP 5F130F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F1F0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F2B0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!LsaRemoveAccountRights 77DEAC91 6 Bytes JMP 5F2E0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F040F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F070F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F0A0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] advapi32.dll!DeleteService 77E074B1 6 Bytes JMP 5F1C0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ole32.dll!CoCreateInstanceEx 774D0526 6 Bytes JMP 5F880F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ole32.dll!CoGetClassObject 774E56C5 6 Bytes JMP 5F850F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5F820F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5F7F0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5FC70F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5FC10F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5FD90F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5FBB0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!send 71A14C27 6 Bytes JMP 5FC40F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5FCD0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5FBE0F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5FD30F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5FD00F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5FD60F5A
.text C:\Programme\a-squared Anti-Malware\a2service.exe[2660] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5FCA0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [65, 5F]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteFile 7C91D23E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteFile + 4 7C91D242 2 Bytes [68, 5F]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDuplicateObject 7C91D29E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtDuplicateObject + 4 7C91D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtEnumerateKey 7C91D2CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtEnumerateKey + 4 7C91D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtEnumerateValueKey 7C91D2EE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtEnumerateValueKey + 4 7C91D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [6B, 5F]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtQueryMultipleValueKey 7C91D86E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtQueryMultipleValueKey + 4 7C91D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtQueryValueKey 7C91D96E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtQueryValueKey + 4 7C91D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtReadFile 7C91D9CE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtReadFile + 4 7C91D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [62, 5F]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]

Alt 13.07.2009, 17:57   #9
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CB0001
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F100F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F220F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F250F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F280F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ControlService 77DC4A09 6 Bytes JMP 5F130F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F1F0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F2B0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!LsaRemoveAccountRights 77DEAC91 6 Bytes JMP 5F2E0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F040F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F070F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F0A0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ADVAPI32.dll!DeleteService 77E074B1 6 Bytes JMP 5F1C0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ole32.dll!CoCreateInstanceEx 774D0526 6 Bytes JMP 5F880F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ole32.dll!CoGetClassObject 774E56C5 6 Bytes JMP 5F850F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5F820F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5F7F0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5FC70F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5FC10F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5FD90F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5FBB0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!send 71A14C27 6 Bytes JMP 5FC40F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5FCD0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5FBE0F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5FD30F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5FD00F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5FD60F5A
.text C:\Programme\System Control Manager\MGSysCtrl.exe[3060] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!send 71A14C27 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [65, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [68, 5F]
.text
C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteFile 7C91D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteFile + 4 7C91D242 2 Bytes [89, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [6B, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDuplicateObject 7C91D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtDuplicateObject + 4 7C91D2A2 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtEnumerateKey 7C91D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtEnumerateKey + 4 7C91D2D2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtEnumerateValueKey 7C91D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtEnumerateValueKey + 4 7C91D2F2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [8C, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtQueryMultipleValueKey 7C91D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtQueryMultipleValueKey + 4 7C91D872 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtQueryValueKey 7C91D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtQueryValueKey + 4 7C91D972 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtReadFile 7C91D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtReadFile + 4 7C91D9D2 2 Bytes [8F, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [80, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]

Alt 13.07.2009, 18:00   #10
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Continue GMER log
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [83, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ControlService 77DC4A09 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!LsaRemoveAccountRights 77DEAC91 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ADVAPI32.dll!DeleteService 77E074B1 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [CB, 5F] {RETF ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [B9, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!sendto 71A12F51 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!recvfrom 71A12FF7 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!closesocket 71A13E2B 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!connect 71A14A07 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!send 71A14C27 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!WSARecv 71A14CB5 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!recv 71A1676F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!WSASend 71A168FA 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!WSARecvFrom 71A1F66A 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!WSASendTo 71A20AAD 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3192] WS2_32.dll!WSAConnect 71A20C81 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [65, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteFile 7C91D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteFile + 4 7C91D242 2 Bytes [68, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDuplicateObject 7C91D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtDuplicateObject + 4 7C91D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtEnumerateKey 7C91D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtEnumerateKey + 4 7C91D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtEnumerateValueKey 7C91D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtEnumerateValueKey + 4 7C91D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [6B, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtQueryMultipleValueKey 7C91D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtQueryMultipleValueKey + 4 7C91D872 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtQueryValueKey 7C91D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtQueryValueKey + 4 7C91D972 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtReadFile 7C91D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtReadFile + 4 7C91D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtUnloadKey 7C91DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtUnloadKey + 4 7C91DED2 2 Bytes [62, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04940001
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!OpenServiceW 77DB6FFD 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!StartServiceA 77DBFB58 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!StartServiceW 77DC3E94 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ControlService 77DC4A09 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!OpenServiceA 77DC4C66 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!LsaAddAccountRights 77DEABF1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!LsaRemoveAccountRights

Alt 13.07.2009, 18:01   #11
Donthackme
 

Ist mein System von Rootkits verseucht?! - Standard

Ist mein System von Rootkits verseucht?!



Continue GMER log
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigW 77E07001 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E0718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!DeleteService 77E074B1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ole32.dll!CoCreateInstanceEx 774D0526 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ole32.dll!CoGetClassObject 774E56C5 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ole32.dll!CLSIDFromProgID 774E87F2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] ole32.dll!CLSIDFromProgIDEx 7752620D 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device A89EA7B4
Device A8A05631

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice av5flt.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021857d3494
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002185846bce
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021857d3494
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002185846bce
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@r!s!t!d!m!d!r!r!t!{!\24!{!r!{!c!i! 19583823

---- EOF - GMER 1.0.15 ----
Puh das war dann alles dieser GMER log war ewig lang, hoffe ihr blickt da durch.

Antwort

Themen zu Ist mein System von Rootkits verseucht?!
assembly, bho, dll, einstellungen, explorer, firefox, firewall, handel, helper, hijack, hijackthis, home, internet, internet explorer, internet security, iobit, log, microsoft, mozilla, plug-in, prefetch, programm, programme, rootkit, rundll, secrets, secunia, security, software, spyware, system, system volume information, systemcare, temp, windows\temp



Ähnliche Themen: Ist mein System von Rootkits verseucht?!


  1. Vista - Firefox keine funktion, System langsam, Abstürze - System verseucht?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (18)
  2. Win7, Advanced System Protector, System verseucht?
    Log-Analyse und Auswertung - 15.09.2013 (19)
  3. Avast zeigt Rootkits in c:\windows\winsxs (System neu, vertrauenswürdige? Freeware installiert)
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (15)
  4. Ist mein PC-Verseucht?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (2)
  5. Ist mein MBR verseucht?
    Log-Analyse und Auswertung - 30.11.2011 (8)
  6. in der antivir quarantäne ist das trojanische pferd: TR/Agent.32768.AB! ist mein system verseucht?
    Log-Analyse und Auswertung - 22.01.2011 (6)
  7. Ist mein System verseucht?
    Log-Analyse und Auswertung - 17.03.2010 (5)
  8. Hilfe mein pc ist verseucht
    Alles rund um Windows - 05.10.2009 (9)
  9. hilfe ist mein system verseucht?
    Log-Analyse und Auswertung - 18.08.2009 (19)
  10. Ist mein pc verseucht pls hilfe
    Log-Analyse und Auswertung - 15.07.2009 (14)
  11. Total verseucht: Rootkits, Trojaner und Viren auf Laptop, PC und ext. Festplatten
    Log-Analyse und Auswertung - 30.03.2009 (8)
  12. Ist mein Pc noch verseucht ?
    Log-Analyse und Auswertung - 05.06.2007 (4)
  13. Ist mein Rechner verseucht?
    Log-Analyse und Auswertung - 18.03.2007 (6)
  14. Ist mein PC verseucht?
    Log-Analyse und Auswertung - 07.11.2006 (2)
  15. befürchte mein System ist verseucht
    Mülltonne - 28.09.2006 (2)
  16. bitte um auswertung,ich glaub mein system ist verseucht
    Log-Analyse und Auswertung - 17.02.2005 (3)
  17. Mein System ist verseucht, Hijackthis findet aber nichts?
    Log-Analyse und Auswertung - 28.01.2005 (15)

Zum Thema Ist mein System von Rootkits verseucht?! - Hallo. Bitte um Hilfe. Habe das Programm: "rootkit revealer" auf meinem PC laufen lassen mit dem Ergebniss, dass mehrere Einträge gefunden worden. Da ich aber nicht weiss ob es sich - Ist mein System von Rootkits verseucht?!...
Archiv
Du betrachtest: Ist mein System von Rootkits verseucht?! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.