Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GMER Auswertung verdacht auf Rootkit

GMER Auswertung verdacht auf Rootkit


Plagegeister aller Art und deren Bekämpfung: GMER Auswertung verdacht auf Rootkit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.09.2010, 11:14   #1
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit


Hallo Leute,

ich habe den Verdacht das sich bei mir ein Rootkit eingeschlichen hat. Könnte sich bitte ein Fachmann mal diese log-Datei anschauen?
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-07 12:06:30
Windows 6.1.7600 
Running: u4lbqzbq.exe; Driver: C:\Users\Silvio\AppData\Local\Temp\pxldqpog.sys
 
 
---- System - GMER 1.0.15 ----
 
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\sprg.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91E74CA0 5 Bytes JMP 866DE1D8 
.text axzqo30l.SYS 91FC4000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text axzqo30l.SYS 91FC400D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text axzqo30l.SYS 91FC4017 7 Bytes [00, DE, B7, 10, 8B, E6, B5]
.text axzqo30l.SYS 91FC401F 12 Bytes [8B, F1, 12, 11, 8B, FC, 13, ...] {MOV ESI, ECX; ADC DL, [ECX]; MOV EDI, ESP; ADC EDX, [ECX]; MOV ESI, [EDX]; AAD 0x11}
.text axzqo30l.SYS 91FC402C 149 Bytes [00, 00, 00, 00, D0, C1, C4, ...]
.text ... 
.text peauth.sys 98F62C9D 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...]
.text peauth.sys 98F62CC1 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...]
PAGE peauth.sys 98F68E20 101 Bytes [89, AF, C5, 7C, 58, 57, 2A, ...]
PAGE peauth.sys 98F6902C 102 Bytes [10, 0C, 24, 11, B4, 32, 0F, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9AF0F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9AF0F123 629 Bytes [A5, F0, 9A, FE, 05, 34, A5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9AF0F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9AF0F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9AF0F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ... 
 
---- Kernel IAT/EAT - GMER 1.0.15 ----
 
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B00F042] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B00F6D6] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B00F800] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B00F13E] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6B8794D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6B8794E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6B8794B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6B8794A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6B87AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
Device \FileSystem\Ntfs \Ntfs 855901F8
 
AttachedDevice \FileSystem\Ntfs \Ntfs OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
 
Device \Driver\NetBT \Device\NetBT_Tcpip_{18371FB9-3371-476A-9B6A-596FAACC0DE2} 866401F8
Device \Driver\volmgr \Device\VolMgrControl 8558C1F8
Device \Driver\usbuhci \Device\USBPDO-0 866DF1F8
Device \Driver\usbuhci \Device\USBPDO-1 866DF1F8
Device \Driver\usbuhci \Device\USBPDO-2 866DF1F8
Device \Driver\sptd \Device\1949078047 sprg.sys
Device \Driver\usbuhci \Device\USBPDO-3 866DF1F8
Device \Driver\usbehci \Device\USBPDO-4 866DC500
Device \Driver\volmgr \Device\HarddiskVolume1 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\NetBT \Device\NetBT_Tcpip_{F3FD4E9E-962D-47D7-8B97-5D67A6E80929} 866401F8
Device \Driver\volmgr \Device\HarddiskVolume2 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\cdrom \Device\CdRom0 8657A500
Device \Driver\ACPI_HAL \Device\00000065 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume3 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\cdrom \Device\CdRom1 8657A500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8558E1F8
Device \Driver\atapi \Device\Ide\IdePort0 8558E1F8
Device \Driver\atapi \Device\Ide\IdePort1 8558E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8558E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 866401F8
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 866DF1F8
Device \Driver\usbuhci \Device\USBFDO-1 866DF1F8
Device \Driver\usbuhci \Device\USBFDO-2 866DF1F8
Device \Driver\PCI_PNP4043 \Device\0000006e sprg.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{D84C3DD2-7BC5-4992-A91D-AEF998552E13} 866401F8
Device \Driver\usbuhci \Device\USBFDO-3 866DF1F8
Device \Driver\usbehci \Device\USBFDO-4 866DC500
Device \Driver\axzqo30l \Device\Scsi\axzqo30l1Port2Path0Target0Lun0 865811F8
Device \Driver\axzqo30l \Device\Scsi\axzqo30l1 865811F8
 
---- Threads - GMER 1.0.15 ----
 
Thread System [4:3572] 9AF1CF2E
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???m???????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????STORAGE\VolumeSnapshot??????????s????????????4?????????????m????? ???????m?????m???????1????????????????????machine.inf??????????????m???????????????????????5???????????????????2??? ???????m???????????l?1????????????????????????os???m?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????m?????m???????1????????????&??????????????????????????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????k?????????????-???????????????????????4???????m????? ???????m?????m???????1???????????????????????m???m???m???m???m???m???m???m???m????????????? ???????m???????????l?1????????@???????????? ???????k?????????????-?????????????????f?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1?????????????????????????????????????m?m?????????????,??12?????m????? ???????k?????m???????-??????????g?????S-??? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???|?????????????????????????????|?????|?????|???|??????????????v_mscdsc.inf_x86_neutral_ef3a0c30c03f0225???MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB52F9BB-0B6B-47A2-86C4-0138AD6BB34B}] DATAGRAM 4????????????`??????????.NT?????????????????? ???????o??????????????????????|????????i??? ??????????????????Microsoft????????????2????????m?????????Microsoft?????????????????????J?????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{B713D249-7ED1-4BA4-A5B6-8A992B91E427}] SEQPACKET 16?????\SystemRoot\system32\drivers\ws2ifsl.sys????tu???????????|???|???????????????????????????????????????????????????????????????????|???|??? ???????o?????|?????|????????$???????????????J??|?????????e????@%SystemRoot%\system32\dwm.exe,-2000?????????|??????p????????|????????h?????%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted?????J??|?????????n????@%SystemRoot%\system32\dwm.exe,-2001????? ???|??????????????localSystem?????????????????????????ServiceMain?????????????????t??????? ?????????????,??|?????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xFC 0xEA 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????s???????e???????????{???????????????????????????????????s??? ???????s?????s???????????????????? ?????? ???????s????? ???????s???????????????????????????????????????s?s?s??? ???????s????????????????????r?p??? ?????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s??????????????/??????????????X???(??????P????????????(??????P??????????????'0??s???,???????????????????/???????????????????????????;???????t????????????????D??s???9?????????????????????????0???(??????P???????????????D??????c????????????/e10?????????????????e?????s???????s????????????H??s?????????????????????????4?????????? ???????????????????H??s???????????/?????????????4?????????? ???????????????????0??s?????????????????s???s???????s?????????????????????????????????9p??s????????????????????????????????/????????????????\???(??????P??????????????????? ??????????????????????????0??e2??? ???????s???????????s?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???se5??@%systemroot%\system32\wkssvc.dll,-1002???????R??????????????d??????????????????????Terminal Server Device Redirector Driver?D???D?????s?????s???????s???????e??????????????????????????11??????? ???????o?????s????????????????^???????????????????????????? ???}??????????????disk_install????????????????t???????????????t?????????????????????m?????Microsoft???????????????kbd101.dll?72???System32\Drivers\ksecdd.sys?????????????????????????????????????????t???????? ????:??s????????h??????s???s??????????????????????????????????? D??????}??????ee???s??? ???????s????????????????????4????? ?????????????????????????????s?????????????????????????????????????????????????? ???????o?????s?????s??????????R????????V??\SystemRoot\system32\DRIVERS\iaStorV.sys?l??SCSI Miniport?????R??s???????????d??iastorv.inf_x86_neutral_18cccb83b34e1453?????s?s?s?s?s?s?s?????????????g?????????????????????-??e5??*6to4mp??????????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p????????v???v?
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x36 0x0F 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ...
 
---- EOF - GMER 1.0.15 ----
--- --- ---
 

Themen zu GMER Auswertung verdacht auf Rootkit
0 bytes, appdata, auswertung, bios, cdrom, code, controlset002, crypt, dwm.exe, gmer, ide, lanmanworkstation, live, localsystemnetworkrestricted, local\temp, locker, log-datei, mail, neu, notification, ntdll.dll, registry, rootkit, scan, secur, server, services, shell32.dll, software, svchost.exe, system, system32, temp, usbport.sys, verdacht, win32, windows live


« Trojaner_Clicker in sims 2 die Haustiere | Windows Protection Center »


Ähnliche Themen: GMER Auswertung verdacht auf Rootkit


  1. GMER-Rootkit-Analyse !
    Log-Analyse und Auswertung - 05.11.2014 (6)
  2. GMER - Rootkit - Analayse
    Log-Analyse und Auswertung - 09.07.2014 (3)
  3. gmer log bei rootkit
    Log-Analyse und Auswertung - 21.12.2013 (7)
  4. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  5. Rootkit? - Hilfe bei Auswertung von gmer Log
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  6. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  7. GMER hat Rootkit gefunden (vdrv1000.sys)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (5)
  8. Gmer.exe findet Rootkit/Malware
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (5)
  9. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  10. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  11. Gmer meldet Rootkit Verdacht: HIDDEN MSSQL Service
    Log-Analyse und Auswertung - 04.08.2010 (5)
  12. GMER hat Rootkit gefunden!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2010 (1)
  13. Rootkit mit Gmer gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (5)
  14. Rootkit? (Bisher nur gmer-Log)
    Mülltonne - 08.02.2010 (2)
  15. Rootkit Untersuchung mit GMER
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (5)
  16. Frage zu GMER Rootkit Scan
    Antiviren-, Firewall- und andere Schutzprogramme - 17.02.2009 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GMER Auswertung verdacht auf Rootkit - Hallo Leute, ich habe den Verdacht das sich bei mir ein Rootkit eingeschlichen hat. Könnte sich bitte ein Fachmann mal diese log-Datei anschauen? GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter - GMER Auswertung verdacht auf Rootkit...
Archiv
Du betrachtest: GMER Auswertung verdacht auf Rootkit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129