Rootkit-Scan, kann jemand das Ergebnis beurteilen? - Virus Hilfe

Home » Viren, Trojaner & Malware Forum » Rootkit-Scan, kann jemand das Ergebnis beurteilen? » Themenansicht

Seite(n): 1

Antworten

Rootkit-Scan, kann jemand das Ergebnis beurteilen?

29.07.2007, 10:04 Claudia28 Member Beiträge: 30	#1 Hallo, habe mit McAfee(R) Rootkit Detective 1.0 einen Scan gemacht und hier ist das Ergebnis: McAfee(R) Rootkit Detective 1.0 scan report On 29-07-2007 at 09:43:36 OS-Version 5.1.2600 Service Pack 2.0 ==================================== Object-Type: SSDT-hook Object-Name: ZwConnectPort Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateFile Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreatePort Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateProcess Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateProcessEx Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateSection Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwCreateWaitablePort Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwDeleteFile Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwDeleteKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwDeleteValueKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwDuplicateObject Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwLoadKey2 Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwOpenFile Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwOpenProcess Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwOpenThread Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwReplaceKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwRequestWaitReplyPort Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwRestoreKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwSecureConnectPort Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwSetInformationFile Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwSetValueKey Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: SSDT-hook Object-Name: ZwTerminateProcess Object-Path: C:\WINDOWS\system32\vsdatant.sys Object-Type: IRP-hook Object-Name: \Driver\Tcpip->IRP_MJ_CLEANUP Object-Path: \SystemRoot\System32\vsdatant.sys Object-Type: IRP-hook Object-Name: \Driver\Tcpip->IRP_MJ_INTERNAL_DEVICE_CONTROL Object-Path: \SystemRoot\System32\vsdatant.sys Object-Type: IRP-hook Object-Name: \Driver\Tcpip->IRP_MJ_DEVICE_CONTROL Object-Path: \SystemRoot\System32\vsdatant.sys Object-Type: IRP-hook Object-Name: \Driver\Tcpip->IRP_MJ_CLOSE Object-Path: \SystemRoot\System32\vsdatant.sys Object-Type: IRP-hook Object-Name: \Driver\Tcpip->IRP_MJ_CREATE Object-Path: \SystemRoot\System32\vsdatant.sys Object-Type: Registry-key Object-Name: DatatemRoot\System32\vsdatant.sys Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data Status: Hidden Object-Type: Registry-key Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\Local Machine\Data Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Status: Hidden Object-Type: Registry-key Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Status: Hidden Object-Type: Registry-key Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D} Status: Hidden Object-Type: Registry-value Object-Name: Item Data Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D} Status: Hidden Object-Type: Registry-value Object-Name: Display String Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Status: Hidden Object-Type: Registry-value Object-Name: Display String Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Status: Hidden Object-Type: Registry-key Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\Local Machine\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data 2 Status: Hidden Object-Type: Registry-key Object-Name: WindowsE\Microsoft\Protected Storage System Provider\Local Machine\Data 2 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data 2\Windows Status: Hidden Object-Type: Registry-value Object-Name: Value Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\Local Machine\Data 2\Windows Status: Hidden Object-Type: Process Object-Name: System Idle Process Pid: 0 Object-Path: Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1396 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: avguard.exe Pid: 1800 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avguard.exe Status: Visible Object-Type: Process Object-Name: System Pid: 4 Object-Path: Status: Visible Object-Type: Process Object-Name: lsass.exe Pid: 780 Object-Path: C:\WINDOWS\system32\lsass.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 1896 Object-Path: C:\WINDOWS\system32\ati2evxx.exe Status: Visible Object-Type: Process Object-Name: RocketDock.exe Pid: 1152 Object-Path: C:\Programme\RocketDock\RocketDock.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1216 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 472 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: SOUNDMAN.EXE Pid: 1000 Object-Path: C:\WINDOWS\SOUNDMAN.EXE Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1156 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: ctfmon.exe Pid: 2024 Object-Path: C:\WINDOWS\system32\ctfmon.exe Status: Visible Object-Type: Process Object-Name: winlogon.exe Pid: 724 Object-Path: C:\WINDOWS\system32\winlogon.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 972 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: explorer.exe Pid: 1996 Object-Path: C:\WINDOWS\explorer.exe Status: Visible Object-Type: Process Object-Name: vsmon.exe Pid: 1408 Object-Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe Status: Visible Object-Type: Process Object-Name: csrss.exe Pid: 696 Object-Path: C:\WINDOWS\system32\csrss.exe Status: Visible Object-Type: Process Object-Name: smss.exe Pid: 640 Object-Path: C:\WINDOWS\system32\smss.exe Status: Visible Object-Type: Process Object-Name: avgnt.exe Pid: 1136 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe Status: Visible Object-Type: Process Object-Name: sched.exe Pid: 364 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\sched.exe Status: Visible Object-Type: Process Object-Name: zlclient.exe Pid: 984 Object-Path: C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe Status: Visible Object-Type: Process Object-Name: alg.exe Pid: 1976 Object-Path: C:\WINDOWS\system32\alg.exe Status: Visible Object-Type: Process Object-Name: Rootkit_Detecti Pid: 2628 Object-Path: C:\Dokumente und Einstellungen\Gustel\Desktop\McafeeRootkitDetective_1.0\Rootkit_Detective.exe Status: Visible Object-Type: Process Object-Name: services.exe Pid: 768 Object-Path: C:\WINDOWS\system32\services.exe Status: Visible Object-Type: Process Object-Name: spoolsv.exe Pid: 1760 Object-Path: C:\WINDOWS\system32\spoolsv.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1048 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1328 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 928 Object-Path: C:\WINDOWS\system32\ati2evxx.exe Status: Visible Scan complete. Hidden registry keys/values: 10 LG Claudia

30.07.2007, 08:16 Chris4You Member Beiträge: 694	#2 Hi, vsdatant.sys gehört zu ZoneAlarm (TrueVector Device Treiber), der Rest scheint auch eher ungefährlich zu sein... chris

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1

Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten