GMER 1.0.15.14878 - [url]http://www.gmer.net[/url]
Rootkit scan 2009-03-12 13:22:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT F7BFCEB4 ZwCreateThread
SSDT F7BFCEA0 ZwOpenProcess
SSDT F7BFCEA5 ZwOpenThread
SSDT F7BFCEAF ZwTerminateProcess
SSDT F7BFCEAA ZwWriteVirtualMemory
---- User code sections - GMER 1.0.15 ----
.reloc C:\WINDOWS\system32\svchost.exe[280] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[280] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\rundll32.exe[332] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\rundll32.exe[332] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\programme\google\update\googleupdate.exe[336] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\google\update\googleupdate.exe[336] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\csrss.exe[672] C:\WINDOWS\system32\KERNEL32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\winlogon.exe[696] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\winlogon.exe[696] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[992] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[992] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[1084] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[1084] C:\WINDOWS\system32\WININET.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\Programme\Canon\CAL\CALMAIN.exe[1160] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Canon\CAL\CALMAIN.exe[1160] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\dllhost.exe[1264] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\dllhost.exe[1264] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1356] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1356] C:\WINDOWS\system32\WININET.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\spoolsv.exe[1540] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\spoolsv.exe[1540] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\System32\alg.exe[1648] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\System32\alg.exe[1648] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1672] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Bonjour\mDNSResponder.exe[1688] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Bonjour\mDNSResponder.exe[1688] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1728] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1728] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehRecvr.exe[1752] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehRecvr.exe[1752] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehSched.exe[1788] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehSched.exe[1788] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\Explorer.EXE[2616] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\Explorer.EXE[2616] C:\WINDOWS\system32\WININET.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\ehome\ehtray.exe[3396] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\ehome\ehtray.exe[3396] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\soundman.exe[3404] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\soundman.exe[3404] C:\WINDOWS\system32\wininet.dll section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\cthelper.exe[3424] C:\WINDOWS\system32\kernel32.dll section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\cthelper.exe[3424] C:\WINDOWS\system32\wininet.dll