| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet plötzlich langsam 5 Trojaner gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.12.2009, 17:56
| #1 |
 |  Internet plötzlich langsam 5 Trojaner gefunden Hallo, seit einigen Tage läuft mein Internet nur noch sehr langsam. Hab jetzt gelesen, dass ich mir da was eingefangen haben könnte und mal den Avira Antivirenscanner drüber laufen lassen. Es wurden dann folgende Trojaner gefunden: Fund: Objekt: TR/Agent.15360.1l ~TM1E.tmp TR/Dldr.Java.2349 jar_cache51455.tmp TR/Drop.HDrop.AK siszyd32.exe TR/Crypt.2PACK.Gen ~TM15.tmp TR/Agent.15360.1l ~TM1E.tmp ich habe sie, so hoffte ich, mit dem Avira entfernt und nach dem Neustart und nem erneuten Scan waren sie auch weg, aber das Internet ist immer noch langsam, glaube also, dass da immer noch was ist und habe deswegen nach eurer Anleitung folgendes gemacht: Habe nun den CCleaner laufen lassen, dann den Malwarebytes - Anti - Malwarescanner und zum Schluss noch das RSIT-Programm Der Malwarescanner hat 6 infizierte Dateien angezeigt, die ich entfernt habe, seitdem läuft das Internet wieder besser. Ich poste mal die Ergebnisse hier. Wie soll ich nun weiterverfahren? Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3427
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
25.12.2009 17:55:03
mbam-log-2009-12-25 (17-54-51).txt
Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 156206
Laufzeit: 49 minute(s), 47 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\drivers\fbmtsg.sys (Rootkit.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\fvgqad.dat (Malware.Trace) -> No action taken.
Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Caro at 2009-12-25 18:00:30 Microsoft Windows XP Professional Service Pack 3 System drive C: has 25 GB (58%) free of 43 GB Total RAM: 1919 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:00:36, on 25.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\Hewlett-Packard\IAM\bin\asghost.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R3YYAYCM\RSIT[1].exe C:\Programme\trend micro\Caro.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 8825 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Automatische Problemsuche.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-23 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-24 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] Credential Manager for HP ProtectTools - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 71192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-23 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448] "SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088] "PTHOSTTR"=C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184] "CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392] "hpWirelessAssistant"=C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] "WatchDog"=C:\Programme\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-05-26 413696] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-05-30 292136] "Google Quick Search Box"=C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-08-01 122368] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] ""= [] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-01 39408] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart DVD Check.lnk - C:\Programme\InterVideo\DVD Check\DVDCheck.exe Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico C:\Dokumente und Einstellungen\Caro\Startmenü\Programme\Autostart CCC.lnk - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-07 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=67108863 "NoRecentDocsNetHood"=1 "NoSimpleStartMenu"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7cf14a0-d350-11dd-8351-0021002a7cc3}] shell\1\command - F:\.\recycled\info.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe ======List of files/folders created in the last 1 months====== 2009-12-25 17:03:20 ----D---- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes 2009-12-25 17:03:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-25 17:03:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-25 16:53:46 ----D---- C:\Programme\trend micro 2009-12-25 16:53:44 ----D---- C:\rsit 2009-12-25 16:44:42 ----D---- C:\Programme\CCleaner 2009-12-25 15:56:17 ----A---- C:\WINDOWS\system32\TURegOpt.exe 2009-12-25 15:56:16 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2009-12-25 15:55:42 ----D---- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\TuneUp Software 2009-12-25 15:55:22 ----D---- C:\Programme\TuneUp Utilities 2010 2009-12-25 15:55:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2009-12-25 15:54:53 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-12-20 09:38:42 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat 2009-12-19 12:18:09 ----D---- C:\Programme\MSECache 2009-12-09 13:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 13:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 13:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 13:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 13:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2009-12-25 17:58:25 ----D---- C:\WINDOWS\Temp 2009-12-25 17:58:23 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-25 17:58:17 ----D---- C:\WINDOWS 2009-12-25 17:57:01 ----SHD---- C:\WINDOWS\Installer 2009-12-25 17:57:01 ----D---- C:\WINDOWS\system32\drivers 2009-12-25 17:56:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-25 17:03:13 ----RD---- C:\Programme 2009-12-25 16:46:53 ----D---- C:\WINDOWS\Minidump 2009-12-25 16:46:53 ----D---- C:\WINDOWS\Debug 2009-12-25 16:38:22 ----D---- C:\WINDOWS\system32 2009-12-25 16:38:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-25 16:34:45 ----D---- C:\WINDOWS\Prefetch 2009-12-25 16:22:56 ----D---- C:\WINDOWS\system32\config 2009-12-25 16:22:44 ----SD---- C:\WINDOWS\Tasks 2009-12-20 09:39:05 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-19 12:18:56 ----SD---- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft 2009-12-19 12:18:27 ----RSD---- C:\WINDOWS\Fonts 2009-12-19 12:18:27 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2009-12-19 12:18:23 ----D---- C:\Programme\Microsoft Office 2009-12-09 13:42:58 ----HD---- C:\WINDOWS\inf 2009-12-09 13:42:43 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-09 13:42:34 ----D---- C:\WINDOWS\system32\de-de 2009-12-09 13:42:34 ----D---- C:\Programme\Internet Explorer 2009-12-09 13:42:24 ----D---- C:\WINDOWS\ie7updates ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-02-16 288768] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-01-02 1160320] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296] R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-01 604928] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 b57w2k;Broadcom 590x 10/100 Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-27 160256] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 33024] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608] R2 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 SWIHPWMI;SWIHPWMI; C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-05-30 541992] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 182768] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 RoxMediaDB9;RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544] S3 stllssvr;stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [2006-11-01 73728] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-25 435016] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
26.12.2009, 10:12
| #2 | ||
| /// Helfer-Team    | Internet plötzlich langsam 5 Trojaner gefunden Hallo und Herzlich Willkommen!
__________________ Zitat:
- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen:: → Klicke unter Start auf Arbeitsplatz. → Klicke im Menü Extras auf Ordneroptionen. → Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen → Geschützte und Systemdateien ausblenden → Haken entfernen → Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen. → Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 2. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! 3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! ** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten. Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow |
|
27.12.2009, 18:46
| #3 |
| | Internet plötzlich langsam 5 Trojaner gefunden Hallo, also, ich arbeite ja bei dieser Sache mit 2 PCs. Der eigentliche Problemfall, wegen dem ich geschrieben habe geht nicht mehr ins Netz und ich benutze dafür meinen anderen. Jetzt habe ich mal die ganzen Sachen wie aufgetragen auf dem Problempc gemacht und werde auch jetzt dann alles Posten. Habe nebenher aber auch mal auf diesem PC das GMER-Programm laufen lassen und da zeigt er mir an, dass auf diesem Rootkit-Aktivitäten sind (oder so ähnlich) Ich würde dir dazu auch mal das Ergebnis gerne posten:
__________________Also: Hier die Ergebnisse von PC 1 (eigentlicher Problemfall): Code:
ATTFilter ----- Root -----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\
27.12.2009 17:24 43 filelist.txt
25.12.2009 17:57 2.012.532.736 hiberfil.sys
25.12.2009 17:57 2.145.386.496 pagefile.sys
18 Datei(en) 4.158.224.839 Bytes
0 Verzeichnis(se), 26.482.937.856 Bytes frei
----- Windows --------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS
27.12.2009 17:21 1.967.094 WindowsUpdate.log
25.12.2009 17:57 2.048 bootstat.dat
25.12.2009 17:56 7.104 SchedLgU.Txt
56 Datei(en) 7.257.903 Bytes
0 Verzeichnis(se), 26.482.933.760 Bytes frei
----- System ---
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\system
25 Datei(en) 929.787 Bytes
0 Verzeichnis(se), 26.482.933.760 Bytes frei
----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\system32
25.12.2009 18:02 432.690 perfh009.dat
25.12.2009 18:02 449.044 perfh007.dat
25.12.2009 18:02 67.646 perfc009.dat
25.12.2009 18:02 80.306 perfc007.dat
25.12.2009 18:02 1.042.054 PerfStringBackup.INI
25.12.2009 16:10 140 fjhdyfhsn.bat
23.12.2009 14:21 2.206 wpa.dbl
20.12.2009 20:54 197.752 FNTCACHE.DAT
09.12.2009 13:45 30.536 TURegOpt.exe
09.12.2009 13:38 30.024 uxtuneup.dll
25.11.2009 13:42 216.788 TZLog.log
29.10.2009 08:41 1.168.384 urlmon.dll
29.10.2009 08:41 832.512 wininet.dll
29.10.2009 08:41 233.472 webcheck.dll
29.10.2009 08:41 102.912 occache.dll
29.10.2009 08:41 44.544 pngfilt.dll
29.10.2009 08:41 105.984 url.dll
29.10.2009 08:41 671.232 mstime.dll
29.10.2009 08:41 193.024 msrating.dll
29.10.2009 08:41 3.598.336 mshtml.dll
29.10.2009 08:41 477.696 mshtmled.dll
29.10.2009 08:40 52.224 msfeedsbs.dll
29.10.2009 08:40 459.264 msfeeds.dll
29.10.2009 08:40 27.648 jsproxy.dll
29.10.2009 08:40 1.830.912 inetcpl.cpl
29.10.2009 08:40 268.288 iertutil.dll
29.10.2009 08:40 6.067.200 ieframe.dll
29.10.2009 08:40 44.544 iernonce.dll
29.10.2009 08:40 78.336 ieencode.dll
29.10.2009 08:40 385.024 iedkcs32.dll
29.10.2009 08:40 380.928 ieapfltr.dll
29.10.2009 08:40 230.400 ieaksie.dll
29.10.2009 08:40 63.488 icardie.dll
29.10.2009 08:40 214.528 dxtrans.dll
29.10.2009 08:40 17.408 corpol.dll
29.10.2009 08:40 133.120 extmgr.dll
29.10.2009 08:40 153.088 ieakeng.dll
29.10.2009 08:40 347.136 dxtmsft.dll
29.10.2009 08:40 124.928 advpack.dll
28.10.2009 16:07 46.080 tzchange.exe
28.10.2009 15:36 389.120 html.iec
28.10.2009 15:35 13.824 ieudinit.exe
28.10.2009 15:35 70.656 ie4uinit.exe
28.10.2009 07:52 161.792 ieakui.dll
21.10.2009 06:38 75.776 strmfilt.dll
21.10.2009 06:38 25.088 httpapi.dll
13.10.2009 11:32 271.360 oakley.dll
12.10.2009 14:38 79.872 raschap.dll
12.10.2009 14:38 150.528 rastls.dll
11.09.2009 15:17 136.192 msv1_0.dll
04.09.2009 22:03 58.880 msasn1.dll
01.09.2009 15:46 282.654 msaud32.acm
26.08.2009 09:00 247.326 strmdll.dll
25.08.2009 10:17 354.816 winhttp.dll
14.08.2009 16:10 1.850.752 win32k.sys
13.08.2009 16:15 512.000 jscript.dll
06.08.2009 19:24 327.896 wucltui.dll
06.08.2009 19:24 209.632 wuweb.dll
06.08.2009 19:24 18.144 wuaueng.dll.mui
06.08.2009 19:24 15.584 wuapi.dll.mui
06.08.2009 19:24 35.552 wups.dll
06.08.2009 19:24 44.768 wups2.dll
06.08.2009 19:24 217.816 wuaucpl.cpl
06.08.2009 19:24 53.472 wuauclt.exe
06.08.2009 19:24 15.584 wuaucpl.cpl.mui
06.08.2009 19:24 96.480 cdm.dll
06.08.2009 19:24 23.264 wucltui.dll.mui
06.08.2009 19:23 575.704 wuapi.dll
06.08.2009 19:23 1.929.952 wuaueng.dll
05.08.2009 09:59 206.336 mswebdvd.dll
04.08.2009 18:26 2.147.840 ntoskrnl.exe
04.08.2009 18:25 2.026.496 ntkrnlpa.exe
31.07.2009 10:02 1.372.672 msxml6.dll
31.07.2009 05:32 1.172.480 msxml3.dll
21.07.2009 00:05 1.348.432 msxml4.dll
17.07.2009 20:01 58.880 atl.dll
17.07.2009 17:15 1.441.792 query.dll
13.07.2009 22:43 286.208 wmpdxm.dll
13.07.2009 22:43 10.841.088 wmp.dll
13.07.2009 08:34 32.228 mlfcache.dat
29.06.2009 09:33 2.452.872 ieapfltr.dat
25.06.2009 09:25 147.456 schannel.dll
25.06.2009 09:25 301.568 kerberos.dll
25.06.2009 09:25 54.272 wdigest.dll
25.06.2009 09:25 737.792 lsasrv.dll
25.06.2009 09:25 56.832 secur32.dll
16.06.2009 15:36 81.920 fontsub.dll
16.06.2009 15:36 119.808 t2embed.dll
15.06.2009 11:43 78.848 telnet.exe
15.06.2009 11:43 82.944 tlntsess.exe
10.06.2009 15:13 85.504 avifil32.dll
10.06.2009 08:19 2.066.432 mstscax.dll
10.06.2009 07:14 132.096 wkssvc.dll
03.06.2009 20:09 1.296.896 quartz.dll
26.05.2009 16:18 90.112 QuickTimeVR.qtx
26.05.2009 16:18 57.344 QuickTime.qts
26.05.2009 14:47 1.040.384 ieframe.dll.mui
26.05.2009 12:40 18.808 spmsg.dll
20.05.2009 03:56 2.458.112 WMVCore.dll
07.05.2009 16:32 348.160 localspl.dll
2135 Datei(en) 425.121.980 Bytes
0 Verzeichnis(se), 26.482.745.344 Bytes frei
----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\Prefetch
25.12.2009 19:24 193.886 Layout.ini
25.12.2009 17:58 817.888 NTOSBOOT-B00DFAAD.pf
2 Datei(en) 1.011.774 Bytes
0 Verzeichnis(se), 26.482.831.360 Bytes frei
----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\tasks
27.12.2009 17:20 260 WGASetup.job
27.12.2009 17:19 568 Automatische Problemsuche.job
25.12.2009 17:57 6 SA.DAT
25.12.2009 16:33 276 AppleSoftwareUpdate.job
5 Datei(en) 1.175 Bytes
0 Verzeichnis(se), 26.482.827.264 Bytes frei
----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\Temp
25.12.2009 16:08 12.288 ~TM16.tmp
20.12.2009 09:39 131.072 835758262bec29e3ecff1815.tmp
24.11.2009 00:05 21.123 GoogleToolbarInstaller1.log
23.11.2009 23:42 14.965 GoogleToolbarInstaller2.log
14.10.2009 23:08 5.158 ASPNETSetup_00002.log
12.09.2009 20:12 38.005 dneinst.log
24.08.2009 09:52 4.374 dd_wcf_retCA63E6.txt
24.08.2009 09:51 5.158 ASPNETSetup_00001.log
24.08.2009 09:50 272.524 dd_dotnetfx35install.txt
24.08.2009 09:50 36.558 uxeventlog.txt
24.08.2009 09:49 1.441.116 dd_NET_Framework35_MSI7B14.txt
24.08.2009 09:49 3.228.758 dd_NET_Framework30_Setup7A43.txt
24.08.2009 09:49 4.574 dd_wcf_retCA601.txt
24.08.2009 09:48 15.166 dd_XPS.txt
24.08.2009 09:48 16.384 Perflib_Perfdata_ad4.dat
24.08.2009 09:48 11.124.452 dd_NET_Framework20_Setup77ED.txt
24.08.2009 09:47 5.158 ASPNETSetup_00000.log
24.08.2009 09:45 134.446 dd_RGB9RAST_x86.msi77DD.txt
24.08.2009 09:45 7.944 dd_clwireg.txt
24.08.2009 09:45 204.204 dd_depcheck_NETFX_EXP_35.txt
24.08.2009 09:44 2 dd_dotnetfx35error.txt
22 Datei(en) 16.729.667 Bytes
0 Verzeichnis(se), 26.482.827.264 Bytes frei
----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\DOKUME~1\Caro\LOKALE~1\Temp
25.12.2009 19:51 19.880 GoogleQuickSearchBox.log
25.12.2009 15:54 2.450.944 TUMF.tmp
21.12.2009 22:10 1.660 wmplog00.sqm
20.12.2009 09:38 8.377 java_install_reg.log
19.12.2009 12:18 1.321.666 Compatibility Pack f�r 2007 Office System (0).log
22.11.2009 15:32 835.584 ~DFD698.tmp
22.11.2009 10:08 11.166 dd_vcredistUI0125.txt
22.11.2009 10:08 516.176 dd_vcredistMSI0125.txt
22.11.2009 10:06 11.406 dd_vcredistUI7FAD.txt
22.11.2009 10:06 518.398 dd_vcredistMSI7FAD.txt
29.10.2009 15:39 5.735.080 fla29.tmp
25.10.2009 21:18 512 ~DF459D.tmp
25.10.2009 21:15 512 ~DFF98D.tmp
05.10.2009 12:26 16.384 ~DF3655.tmp
05.10.2009 12:25 1.960 wecerr.txt
12.09.2009 14:44 391.568 ASKSUTBLOG
02.08.2009 15:37 18.611.064 fla19.tmp
01.08.2009 19:39 16.384 ~WRF0003.tmp
01.08.2009 19:39 233.372 MSI9977b.LOG
01.08.2009 19:38 233.372 MSI99778.LOG
01.08.2009 19:38 512 ~DF6198.tmp
01.08.2009 19:38 78.848 msoB6A07.doc
01.08.2009 19:38 31.232 ~WRC0000.tmp
01.08.2009 19:38 512 ~DF55AE.tmp
01.08.2009 17:54 16.384 ~DFC15B.tmp
01.08.2009 16:37 134.045 GoogleToolbarInstaller2.log
01.08.2009 16:37 8.075 GoogleToolbarInstaller1.log
01.08.2009 11:20 16.384 ~WRF0002.tmp
01.08.2009 11:20 233.372 MSI11b02.LOG
01.08.2009 11:20 233.372 MSI11aff.LOG
01.08.2009 11:20 512 ~DFF344.tmp
01.08.2009 11:20 72.192 mso955B6.doc
01.08.2009 11:20 512 ~DFE58D.tmp
29.07.2009 21:59 1.007 jar_cache54847.tmp
29.07.2009 21:59 217 jar_cache54844.tmp
29.07.2009 21:59 906 jar_cache54845.tmp
29.07.2009 21:59 639 jar_cache54843.tmp
29.07.2009 21:59 58 jar_cache54846.tmp
29.07.2009 21:59 2.072 jar_cache54841.tmp
29.07.2009 21:59 2.090 jar_cache54842.tmp
17.07.2009 13:20 11.858 jar_cache6156.tmp
09.07.2009 12:05 16.384 ~WRF0001.tmp
09.07.2009 12:05 233.368 MSI5f960.LOG
09.07.2009 12:05 233.368 MSI5f95d.LOG
09.07.2009 12:05 72.192 mso18643.doc
08.07.2009 22:53 1.007 jar_cache52485.tmp
08.07.2009 22:53 603 jar_cache52484.tmp
08.07.2009 22:53 645 jar_cache52483.tmp
24.06.2009 18:36 645 jar_cache18503.tmp
24.06.2009 18:36 603 jar_cache18504.tmp
22.06.2009 10:22 1.220 jar_cache10023.tmp
22.06.2009 10:22 522 jar_cache10022.tmp
22.06.2009 09:54 1.007 jar_cache10021.tmp
22.06.2009 09:53 43 jar_cache10020.tmp
22.06.2009 09:53 639 jar_cache10017.tmp
22.06.2009 09:53 58 jar_cache10018.tmp
22.06.2009 09:53 906 jar_cache10019.tmp
22.06.2009 09:53 217 jar_cache10016.tmp
22.06.2009 09:52 603 jar_cache10014.tmp
22.06.2009 09:52 645 jar_cache10013.tmp
19.06.2009 13:35 233.492 MSI39635.LOG
07.06.2009 18:17 12.420 QTInstallCode.log
07.06.2009 18:16 84 SetupAdminDB8.log
07.06.2009 18:16 3.378 qtplugin.log
02.06.2009 18:14 6.285.100 fla65.tmp
02.06.2009 17:15 512 ~DF7FFE.tmp
02.06.2009 15:10 1.108 msoDC83F.wmf
02.06.2009 15:10 842 msoABD66.wmf
02.06.2009 15:10 762 mso92680.wmf
02.06.2009 15:10 990 mso87081.wmf
02.06.2009 15:09 16.384 ~WRF0000.tmp
02.06.2009 15:09 2.276 mso26FF5.wmf
02.06.2009 15:09 1.614 mso2082A.wmf
02.06.2009 15:09 1.362 msoF9193.wmf
02.06.2009 15:09 2.178 mso8CCE4.wmf
02.06.2009 15:09 1.928 mso1A32E.wmf
02.06.2009 15:09 1.056 mso7A427.wmf
02.06.2009 15:09 848 mso33AA9.wmf
02.06.2009 15:09 1.014 msoD1D88.wmf
02.06.2009 15:09 512 ~DF26E0.tmp
13.05.2009 16:58 2.032 iTunesSetupE88.log
13.05.2009 16:56 2.815.670 SetupAdminAB8.log
146 Datei(en) 111.269.130 Bytes
0 Verzeichnis(se), 26.482.810.880 Bytes frei
Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.32.18
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 9.1.0
Agere Systems HDA Modem
Apple Mobile Device Support Apple Inc. 2.5.0.31
Apple Software Update Apple Inc. 2.1.1.116
ATI Catalyst Control Center 1.007.2007.0202
ATI Display Driver 8.342.2-070202a-044973C-HP
Avira AntiVir Personal - Free Antivirus Avira GmbH
Bonjour Apple Inc. 1.0.106
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 4.100.15.5
Broadcom NetXtreme Ethernet Controller Broadcom Corporation 10.15.15
ccc-Branding ATI 1.00.0000
CCleaner Piriform 2.27
Cisco Systems VPN Client 5.0.03.0530 Cisco Systems, Inc. 5.0.3
Compatibility Pack für 2007 Office System Microsoft Corporation 12.0.6021.5000
Credential Manager for HP ProtectTools Hewlett-Packard 2.5.0.880.13
Google Toolbar for Internet Explorer Google Inc.
HijackThis 2.0.2 TrendMicro 2.0.2
HP BIOS Configuration for ProtectTools Hewlett-Packard 3.00 C1
HP Broadband Wireless Modules Sierra Wireless Inc 18.14.1483.2
HP PCMCIA Smart Card Reader HP 1.01.0001
HP ProtectTools Security Manager Hewlett-Packard 3.00 A10
HP Wireless Assistant Hewlett-Packard 3.00 F1
InterVideo DVD Check
InterVideo WinDVD InterVideo Inc. 5.0-B11.1164
IrfanView (remove only)
iTunes Apple Inc. 8.2.0.23
Java(TM) 6 Update 6 Sun Microsystems, Inc. 1.6.0.60
K-Lite Mega Codec Pack 4.1.4 4.1.4
Malwarebytes' Anti-Malware Malwarebytes Corporation
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 10.0.2701.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
OpenOffice.org 2.4 OpenOffice.org 2.4.9286
QuickTime Apple Inc. 7.62.14.0
Roxio Creator Audio Roxio 3.3.0
Roxio Creator Basic v9 Roxio 3.3.0
Roxio Creator Copy Roxio 3.3.0
Roxio Creator Data Roxio 3.3.0
Roxio Creator Tools Roxio 3.3.0
Roxio Express Labeler 3 Roxio 2.1.0
Roxio MyDVD Basic v9 Roxio 9.0.116
Safari Apple Inc. 3.525.29.0
SopCast 3.2.4 SopCast.com 3.2.4
SoundMAX Analog Devices 5.10.01.5161
Synaptics Pointing Device Driver Synaptics 9.1.11.0
TuneUp Utilities TuneUp Software 9.0.3000.52
Windows Internet Explorer 7 Microsoft Corporation 20070813.185237
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1 Microsoft Corporation 5.1.0715
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Advanced Micro Devices 05/27/2006 1.3.2.0
Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-27 18:38:01
Windows 5.1.2600 Service Pack 3
Running: c9c8zr1j.exe; Driver: C:\DOKUME~1\Caro\LOKALE~1\Temp\awndrfob.sys
---- System - GMER 1.0.15 ----
SSDT F7B251CE ZwCreateKey
SSDT F7B251C4 ZwCreateThread
SSDT F7B251D3 ZwDeleteKey
SSDT F7B251DD ZwDeleteValueKey
SSDT F7B251E2 ZwLoadKey
SSDT F7B251B0 ZwOpenProcess
SSDT F7B251B5 ZwOpenThread
SSDT F7B251EC ZwReplaceKey
SSDT F7B251E7 ZwRestoreKey
SSDT F7B251D8 ZwSetValueKey
SSDT F7B251BF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1960408961-1532298954-839522115-1003@RefCount 8
---- EOF - GMER 1.0.15 ----
|
|
27.12.2009, 18:48
| #4 |
| | Internet plötzlich langsam 5 Trojaner gefunden SO und nun hätte ich noch die Programmliste und die Gmerlogfile Code:
ATTFilter Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
AGEIA PhysX v7.11.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audiograbber 1.83 SE
Avira AntiVir Premium
BioShock
Bonjour
Browser Address Error Redirector
Call of Duty(R) 2
CCleaner (remove only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack für 2007 Office System
CrissCross 8.40
Crossword Compiler Deutsch 8 Testversion
Dell Handbuch zum Einstieg
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Karte
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EDocs
Foto-Mosaik-Edda 5.5.0
Free YouTube to Mp3 Converter version 3.1
Google Chrome
Google Talk (remove only)
HijackThis 2.0.2
ICQ6.5
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kalender-Excel 8.5.1
kikin Plugin (Foto-Mosaik-Edda Edition) 1.11
Lehrstoffmanager Version 1.1 Rev.64
Logitech QuickCam
Logitech® Camera-Treiber
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
NVIDIA Drivers
Opera 9.64
PC Connectivity Solution
PeaZip 2.2
Picasa 3
PixiePack Codec Pack
QuickSet
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Skype™ 4.0
Sonic CinePlayer Decoder Pack
SopCast 3.0.3
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TeamViewer 3
Uninstall 1.0.0.1
VideoLAN VLC media player 0.8.6i
Vista Profile Pack
Windows Live Anmelde-Assistent
Windows Live installer
Windows Media Player Firefox Plugin
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
|
|
27.12.2009, 18:49
| #5 |
| | Internet plötzlich langsam 5 Trojaner gefundenCode:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-27 18:23:37
Windows 6.0.6001 Service Pack 1
Running: ilfmjif8.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\fxldipod.sys
---- System - GMER 1.0.15 ----
SSDT 9BB1B8F4 ZwCreateThread
SSDT 9BB1B8E0 ZwOpenProcess
SSDT 9BB1B8E5 ZwOpenThread
SSDT 9BB1B8EF ZwTerminateProcess
SSDT 9BB1B8EA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 822C3A18 4 Bytes [F4, B8, B1, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 624 822C3BE8 4 Bytes [E0, B8, B1, 9B] {LOOPNZ 0xffffffffffffffba; MOV CL, 0x9b}
.text ntkrnlpa.exe!KeSetTimerEx + 640 822C3C04 4 Bytes [E5, B8, B1, 9B] {IN EAX, 0xb8; MOV CL, 0x9b}
.text ntkrnlpa.exe!KeSetTimerEx + 854 822C3E18 4 Bytes [EF, B8, B1, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 822C3E78 4 Bytes JMP 909BB1B8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E40B340, 0x3E9407, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[1308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[1884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00602F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00602D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00602CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00602CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00222F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00222D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00222CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[2540] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00222CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00202F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00202D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00202CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00202CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01F52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01722F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01722D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01722CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3340] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01722CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00352F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00352D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00352CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00352CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[3488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740488B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740898A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74047A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7407B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7404BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7404074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740406B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740371B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740CD848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74067379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7403E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7403697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740369A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74042465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [005B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [005B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [005B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [005B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00462F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00462D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00462CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[4304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00462CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
|
|
27.12.2009, 18:49
| #6 |
| | Internet plötzlich langsam 5 Trojaner gefunden GMER TEIL 2: Code:
ATTFilter IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5180] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[5468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avcenter.exe[6124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000067 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2110761896
Process (*** hidden *** ) -2072500184
Process (*** hidden *** ) -2072491856
Process (*** hidden *** ) -2066740408
Process (*** hidden *** ) -2066543760
Process (*** hidden *** ) -2064715592
Process (*** hidden *** ) -2064378968
Process (*** hidden *** ) -2062604464
Process (*** hidden *** ) -2062250496
Process (*** hidden *** ) -2062046472
Process (*** hidden *** ) -2061828608
Process (*** hidden *** ) -2058841928
Process (*** hidden *** ) -2058818944
Process (*** hidden *** ) -2058742992
Process (*** hidden *** ) -2046897992
Process (*** hidden *** ) -2046221568
Process (*** hidden *** ) -2045981480
Process (*** hidden *** ) -2045815168
Process (*** hidden *** ) -2045456896
Process (*** hidden *** ) -2044868848
Process (*** hidden *** ) -2041971368
Process (*** hidden *** ) -2041316008
Process (*** hidden *** ) -2039608704
Process (*** hidden *** ) -2033949696
Process (*** hidden *** ) -2033834120
Process (*** hidden *** ) -2033828992
Process (*** hidden *** ) -2031142960
Process (*** hidden *** ) -2031107912
Process (*** hidden *** ) -2030949520
Process (*** hidden *** ) -2030907224
Process (*** hidden *** ) -2030905008
Process (*** hidden *** ) -2030693632
Process (*** hidden *** ) -2029548200
Process (*** hidden *** ) -2020650824
Process (*** hidden *** ) -2020642632
Process (*** hidden *** ) -2020635832
Process (*** hidden *** ) -2020635136
Process (*** hidden *** ) -2019575448
Process (*** hidden *** ) -2018293432
Process (*** hidden *** ) -2017537584
Process (*** hidden *** ) -2017533768
Process (*** hidden *** ) -2017285664
Process (*** hidden *** ) -2017145344
Process (*** hidden *** ) -2012981344
Process (*** hidden *** ) -2012131144
Process (*** hidden *** ) -2012090184
Process (*** hidden *** ) -2011407072
Process (*** hidden *** ) -2010998664
Process (*** hidden *** ) -2010984264
Process (*** hidden *** ) -2010815696
Process (*** hidden *** ) -2010753400
Process (*** hidden *** ) -2010637312
Process (*** hidden *** ) -2010598360
Process (*** hidden *** ) -2010562376
Process (*** hidden *** ) -2010556920
Process (*** hidden *** ) -2010500936
Process (*** hidden *** ) -2010500168
Process (*** hidden *** ) -2010401792
Process (*** hidden *** ) -2010218312
Process (*** hidden *** ) -2009900736
Process (*** hidden *** ) -2009873184
Process (*** hidden *** ) -2009816320
Process (*** hidden *** ) -2009730888
Process (*** hidden *** ) -2009706312
Process (*** hidden *** ) -2009702912
Process (*** hidden *** ) -2009680216
Process (*** hidden *** ) -2009612800
Process (*** hidden *** ) -2009567048
Process (*** hidden *** ) -2009521992
Process (*** hidden *** ) -2009304904
Process (*** hidden *** ) -2009203480
Process (*** hidden *** ) -2008867720
Process (*** hidden *** ) -2008809288
Process (*** hidden *** ) -2008764232
Process (*** hidden *** ) -2008492552
Process (*** hidden *** ) -2008485704
Process (*** hidden *** ) -2008453632
Process (*** hidden *** ) -2008440120
Process (*** hidden *** ) -2008390232
Process (*** hidden *** ) -2008384696
Process (*** hidden *** ) -2008375808
Process (*** hidden *** ) -2008366920
Process (*** hidden *** ) -2008119008
Process (*** hidden *** ) -2008112968
Process (*** hidden *** ) -2008045120
Process (*** hidden *** ) -2008040936
Process (*** hidden *** ) -2007985008
Process (*** hidden *** ) -2007765504
Process (*** hidden *** ) -2007747928
Process (*** hidden *** ) -2007568200
Process (*** hidden *** ) -2007419744
Process (*** hidden *** ) -2007410824
Process (*** hidden *** ) -2007379784
Process (*** hidden *** ) -2007324200
Process (*** hidden *** ) -2007276528
Process (*** hidden *** ) -2007235040
Process (*** hidden *** ) -2007183872
Process (*** hidden *** ) -2007018000
Process (*** hidden *** ) -2007001272
Process (*** hidden *** ) -2006968872
Process (*** hidden *** ) -2006968176
Process (*** hidden *** ) -2006963712
Process (*** hidden *** ) -2006944272
Process (*** hidden *** ) -2006925128
Process (*** hidden *** ) -2006924232
Process (*** hidden *** ) -2006841440
Process (*** hidden *** ) -2006673624
Process (*** hidden *** ) -2006636448
Process (*** hidden *** ) -2006624480
Process (*** hidden *** ) -2006616176
Process (*** hidden *** ) -2006544200
Process (*** hidden *** ) -2006474568
Process (*** hidden *** ) -2006393344
Process (*** hidden *** ) -2006199648
Process (*** hidden *** ) -2006073856
Process (*** hidden *** ) -2005463552
Process (*** hidden *** ) -2005339184
Process (*** hidden *** ) -2005151560
Process (*** hidden *** ) -2004967240
Process (*** hidden *** ) -2004900992
Process (*** hidden *** ) -2004835024
Process (*** hidden *** ) -2004818848
Process (*** hidden *** ) -2004800000
Process (*** hidden *** ) -2004753208
Process (*** hidden *** ) -2004731432
Process (*** hidden *** ) -2004713288
Process (*** hidden *** ) -2004669168
Process (*** hidden *** ) -2004625264
Process (*** hidden *** ) -2004604464
Process (*** hidden *** ) -2004356344
Process (*** hidden *** ) -2004307784
Process (*** hidden *** ) -2004283208
Process (*** hidden *** ) -2004219064
Process (*** hidden *** ) -2004217672
Process (*** hidden *** ) -2004086600
Process (*** hidden *** ) -2003100368
Process (*** hidden *** ) -1991642952
Process (*** hidden *** ) -1986396880
Process (*** hidden *** ) -1231163208
Process (*** hidden *** ) -1228671584
Process (*** hidden *** ) -1174144832
Process (*** hidden *** ) -1141507784
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
---- EOF - GMER 1.0.15 ----
oder soll ich für den zweiten Fall nen extra Thread aufmachen. Viele Grüße |
|
27.12.2009, 18:55
| #7 |
| | Internet plötzlich langsam 5 Trojaner gefunden Ich hoffe du kommst mit den Informationen klar!!!! Sorry, wenn da jetzt ein zweites Problem dazukommt! |
|
28.12.2009, 10:30
| #8 |
| /// Helfer-Team | Internet plötzlich langsam 5 Trojaner gefunden Du..ich kenne mich da sehr bald gar nicht aus...wir können nicht in einem Thread, 2 PC`s zu bearbeiten! also kopiere bitte alle fertige Ergebnisse nochmal da rein v den befallenen Rechner! -> http://www.trojaner-board.de/80753-i...tml#post489120 + ein Logfile v RSIT erstellt |
|
28.12.2009, 10:38
| #9 |
| | Internet plötzlich langsam 5 Trojaner gefunden Alles klar, dann lassen wir mal den 2ten Rechner beiseite. Code:
ATTFilter ----- Root -----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\
27.12.2009 17:24 43 filelist.txt
25.12.2009 17:57 2.012.532.736 hiberfil.sys
25.12.2009 17:57 2.145.386.496 pagefile.sys
18 Datei(en) 4.158.224.839 Bytes
0 Verzeichnis(se), 26.482.937.856 Bytes frei
----- Windows --------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS
27.12.2009 17:21 1.967.094 WindowsUpdate.log
25.12.2009 17:57 2.048 bootstat.dat
25.12.2009 17:56 7.104 SchedLgU.Txt
56 Datei(en) 7.257.903 Bytes
0 Verzeichnis(se), 26.482.933.760 Bytes frei
----- System ---
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\system
25 Datei(en) 929.787 Bytes
0 Verzeichnis(se), 26.482.933.760 Bytes frei
----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\system32
25.12.2009 18:02 432.690 perfh009.dat
25.12.2009 18:02 449.044 perfh007.dat
25.12.2009 18:02 67.646 perfc009.dat
25.12.2009 18:02 80.306 perfc007.dat
25.12.2009 18:02 1.042.054 PerfStringBackup.INI
25.12.2009 16:10 140 fjhdyfhsn.bat
23.12.2009 14:21 2.206 wpa.dbl
20.12.2009 20:54 197.752 FNTCACHE.DAT
09.12.2009 13:45 30.536 TURegOpt.exe
09.12.2009 13:38 30.024 uxtuneup.dll
25.11.2009 13:42 216.788 TZLog.log
29.10.2009 08:41 1.168.384 urlmon.dll
29.10.2009 08:41 832.512 wininet.dll
29.10.2009 08:41 233.472 webcheck.dll
29.10.2009 08:41 102.912 occache.dll
29.10.2009 08:41 44.544 pngfilt.dll
29.10.2009 08:41 105.984 url.dll
29.10.2009 08:41 671.232 mstime.dll
29.10.2009 08:41 193.024 msrating.dll
29.10.2009 08:41 3.598.336 mshtml.dll
29.10.2009 08:41 477.696 mshtmled.dll
29.10.2009 08:40 52.224 msfeedsbs.dll
29.10.2009 08:40 459.264 msfeeds.dll
29.10.2009 08:40 27.648 jsproxy.dll
29.10.2009 08:40 1.830.912 inetcpl.cpl
29.10.2009 08:40 268.288 iertutil.dll
29.10.2009 08:40 6.067.200 ieframe.dll
29.10.2009 08:40 44.544 iernonce.dll
29.10.2009 08:40 78.336 ieencode.dll
29.10.2009 08:40 385.024 iedkcs32.dll
29.10.2009 08:40 380.928 ieapfltr.dll
29.10.2009 08:40 230.400 ieaksie.dll
29.10.2009 08:40 63.488 icardie.dll
29.10.2009 08:40 214.528 dxtrans.dll
29.10.2009 08:40 17.408 corpol.dll
29.10.2009 08:40 133.120 extmgr.dll
29.10.2009 08:40 153.088 ieakeng.dll
29.10.2009 08:40 347.136 dxtmsft.dll
29.10.2009 08:40 124.928 advpack.dll
28.10.2009 16:07 46.080 tzchange.exe
28.10.2009 15:36 389.120 html.iec
28.10.2009 15:35 13.824 ieudinit.exe
28.10.2009 15:35 70.656 ie4uinit.exe
28.10.2009 07:52 161.792 ieakui.dll
21.10.2009 06:38 75.776 strmfilt.dll
21.10.2009 06:38 25.088 httpapi.dll
13.10.2009 11:32 271.360 oakley.dll
12.10.2009 14:38 79.872 raschap.dll
12.10.2009 14:38 150.528 rastls.dll
11.09.2009 15:17 136.192 msv1_0.dll
04.09.2009 22:03 58.880 msasn1.dll
01.09.2009 15:46 282.654 msaud32.acm
26.08.2009 09:00 247.326 strmdll.dll
25.08.2009 10:17 354.816 winhttp.dll
14.08.2009 16:10 1.850.752 win32k.sys
13.08.2009 16:15 512.000 jscript.dll
06.08.2009 19:24 327.896 wucltui.dll
06.08.2009 19:24 209.632 wuweb.dll
06.08.2009 19:24 18.144 wuaueng.dll.mui
06.08.2009 19:24 15.584 wuapi.dll.mui
06.08.2009 19:24 35.552 wups.dll
06.08.2009 19:24 44.768 wups2.dll
06.08.2009 19:24 217.816 wuaucpl.cpl
06.08.2009 19:24 53.472 wuauclt.exe
06.08.2009 19:24 15.584 wuaucpl.cpl.mui
06.08.2009 19:24 96.480 cdm.dll
06.08.2009 19:24 23.264 wucltui.dll.mui
06.08.2009 19:23 575.704 wuapi.dll
06.08.2009 19:23 1.929.952 wuaueng.dll
05.08.2009 09:59 206.336 mswebdvd.dll
04.08.2009 18:26 2.147.840 ntoskrnl.exe
04.08.2009 18:25 2.026.496 ntkrnlpa.exe
31.07.2009 10:02 1.372.672 msxml6.dll
31.07.2009 05:32 1.172.480 msxml3.dll
21.07.2009 00:05 1.348.432 msxml4.dll
17.07.2009 20:01 58.880 atl.dll
17.07.2009 17:15 1.441.792 query.dll
13.07.2009 22:43 286.208 wmpdxm.dll
13.07.2009 22:43 10.841.088 wmp.dll
13.07.2009 08:34 32.228 mlfcache.dat
29.06.2009 09:33 2.452.872 ieapfltr.dat
25.06.2009 09:25 147.456 schannel.dll
25.06.2009 09:25 301.568 kerberos.dll
25.06.2009 09:25 54.272 wdigest.dll
25.06.2009 09:25 737.792 lsasrv.dll
25.06.2009 09:25 56.832 secur32.dll
16.06.2009 15:36 81.920 fontsub.dll
16.06.2009 15:36 119.808 t2embed.dll
15.06.2009 11:43 78.848 telnet.exe
15.06.2009 11:43 82.944 tlntsess.exe
10.06.2009 15:13 85.504 avifil32.dll
10.06.2009 08:19 2.066.432 mstscax.dll
10.06.2009 07:14 132.096 wkssvc.dll
03.06.2009 20:09 1.296.896 quartz.dll
26.05.2009 16:18 90.112 QuickTimeVR.qtx
26.05.2009 16:18 57.344 QuickTime.qts
26.05.2009 14:47 1.040.384 ieframe.dll.mui
26.05.2009 12:40 18.808 spmsg.dll
20.05.2009 03:56 2.458.112 WMVCore.dll
07.05.2009 16:32 348.160 localspl.dll
2135 Datei(en) 425.121.980 Bytes
0 Verzeichnis(se), 26.482.745.344 Bytes frei
----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\Prefetch
25.12.2009 19:24 193.886 Layout.ini
25.12.2009 17:58 817.888 NTOSBOOT-B00DFAAD.pf
2 Datei(en) 1.011.774 Bytes
0 Verzeichnis(se), 26.482.831.360 Bytes frei
----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\tasks
27.12.2009 17:20 260 WGASetup.job
27.12.2009 17:19 568 Automatische Problemsuche.job
25.12.2009 17:57 6 SA.DAT
25.12.2009 16:33 276 AppleSoftwareUpdate.job
5 Datei(en) 1.175 Bytes
0 Verzeichnis(se), 26.482.827.264 Bytes frei
----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\WINDOWS\Temp
25.12.2009 16:08 12.288 ~TM16.tmp
20.12.2009 09:39 131.072 835758262bec29e3ecff1815.tmp
24.11.2009 00:05 21.123 GoogleToolbarInstaller1.log
23.11.2009 23:42 14.965 GoogleToolbarInstaller2.log
14.10.2009 23:08 5.158 ASPNETSetup_00002.log
12.09.2009 20:12 38.005 dneinst.log
24.08.2009 09:52 4.374 dd_wcf_retCA63E6.txt
24.08.2009 09:51 5.158 ASPNETSetup_00001.log
24.08.2009 09:50 272.524 dd_dotnetfx35install.txt
24.08.2009 09:50 36.558 uxeventlog.txt
24.08.2009 09:49 1.441.116 dd_NET_Framework35_MSI7B14.txt
24.08.2009 09:49 3.228.758 dd_NET_Framework30_Setup7A43.txt
24.08.2009 09:49 4.574 dd_wcf_retCA601.txt
24.08.2009 09:48 15.166 dd_XPS.txt
24.08.2009 09:48 16.384 Perflib_Perfdata_ad4.dat
24.08.2009 09:48 11.124.452 dd_NET_Framework20_Setup77ED.txt
24.08.2009 09:47 5.158 ASPNETSetup_00000.log
24.08.2009 09:45 134.446 dd_RGB9RAST_x86.msi77DD.txt
24.08.2009 09:45 7.944 dd_clwireg.txt
24.08.2009 09:45 204.204 dd_depcheck_NETFX_EXP_35.txt
24.08.2009 09:44 2 dd_dotnetfx35error.txt
22 Datei(en) 16.729.667 Bytes
0 Verzeichnis(se), 26.482.827.264 Bytes frei
----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 50D7-F23B
Verzeichnis von C:\DOKUME~1\Caro\LOKALE~1\Temp
25.12.2009 19:51 19.880 GoogleQuickSearchBox.log
25.12.2009 15:54 2.450.944 TUMF.tmp
21.12.2009 22:10 1.660 wmplog00.sqm
20.12.2009 09:38 8.377 java_install_reg.log
19.12.2009 12:18 1.321.666 Compatibility Pack f�r 2007 Office System (0).log
22.11.2009 15:32 835.584 ~DFD698.tmp
22.11.2009 10:08 11.166 dd_vcredistUI0125.txt
22.11.2009 10:08 516.176 dd_vcredistMSI0125.txt
22.11.2009 10:06 11.406 dd_vcredistUI7FAD.txt
22.11.2009 10:06 518.398 dd_vcredistMSI7FAD.txt
29.10.2009 15:39 5.735.080 fla29.tmp
25.10.2009 21:18 512 ~DF459D.tmp
25.10.2009 21:15 512 ~DFF98D.tmp
05.10.2009 12:26 16.384 ~DF3655.tmp
05.10.2009 12:25 1.960 wecerr.txt
12.09.2009 14:44 391.568 ASKSUTBLOG
02.08.2009 15:37 18.611.064 fla19.tmp
01.08.2009 19:39 16.384 ~WRF0003.tmp
01.08.2009 19:39 233.372 MSI9977b.LOG
01.08.2009 19:38 233.372 MSI99778.LOG
01.08.2009 19:38 512 ~DF6198.tmp
01.08.2009 19:38 78.848 msoB6A07.doc
01.08.2009 19:38 31.232 ~WRC0000.tmp
01.08.2009 19:38 512 ~DF55AE.tmp
01.08.2009 17:54 16.384 ~DFC15B.tmp
01.08.2009 16:37 134.045 GoogleToolbarInstaller2.log
01.08.2009 16:37 8.075 GoogleToolbarInstaller1.log
01.08.2009 11:20 16.384 ~WRF0002.tmp
01.08.2009 11:20 233.372 MSI11b02.LOG
01.08.2009 11:20 233.372 MSI11aff.LOG
01.08.2009 11:20 512 ~DFF344.tmp
01.08.2009 11:20 72.192 mso955B6.doc
01.08.2009 11:20 512 ~DFE58D.tmp
29.07.2009 21:59 1.007 jar_cache54847.tmp
29.07.2009 21:59 217 jar_cache54844.tmp
29.07.2009 21:59 906 jar_cache54845.tmp
29.07.2009 21:59 639 jar_cache54843.tmp
29.07.2009 21:59 58 jar_cache54846.tmp
29.07.2009 21:59 2.072 jar_cache54841.tmp
29.07.2009 21:59 2.090 jar_cache54842.tmp
17.07.2009 13:20 11.858 jar_cache6156.tmp
09.07.2009 12:05 16.384 ~WRF0001.tmp
09.07.2009 12:05 233.368 MSI5f960.LOG
09.07.2009 12:05 233.368 MSI5f95d.LOG
09.07.2009 12:05 72.192 mso18643.doc
08.07.2009 22:53 1.007 jar_cache52485.tmp
08.07.2009 22:53 603 jar_cache52484.tmp
08.07.2009 22:53 645 jar_cache52483.tmp
24.06.2009 18:36 645 jar_cache18503.tmp
24.06.2009 18:36 603 jar_cache18504.tmp
22.06.2009 10:22 1.220 jar_cache10023.tmp
22.06.2009 10:22 522 jar_cache10022.tmp
22.06.2009 09:54 1.007 jar_cache10021.tmp
22.06.2009 09:53 43 jar_cache10020.tmp
22.06.2009 09:53 639 jar_cache10017.tmp
22.06.2009 09:53 58 jar_cache10018.tmp
22.06.2009 09:53 906 jar_cache10019.tmp
22.06.2009 09:53 217 jar_cache10016.tmp
22.06.2009 09:52 603 jar_cache10014.tmp
22.06.2009 09:52 645 jar_cache10013.tmp
19.06.2009 13:35 233.492 MSI39635.LOG
07.06.2009 18:17 12.420 QTInstallCode.log
07.06.2009 18:16 84 SetupAdminDB8.log
07.06.2009 18:16 3.378 qtplugin.log
02.06.2009 18:14 6.285.100 fla65.tmp
02.06.2009 17:15 512 ~DF7FFE.tmp
02.06.2009 15:10 1.108 msoDC83F.wmf
02.06.2009 15:10 842 msoABD66.wmf
02.06.2009 15:10 762 mso92680.wmf
02.06.2009 15:10 990 mso87081.wmf
02.06.2009 15:09 16.384 ~WRF0000.tmp
02.06.2009 15:09 2.276 mso26FF5.wmf
02.06.2009 15:09 1.614 mso2082A.wmf
02.06.2009 15:09 1.362 msoF9193.wmf
02.06.2009 15:09 2.178 mso8CCE4.wmf
02.06.2009 15:09 1.928 mso1A32E.wmf
02.06.2009 15:09 1.056 mso7A427.wmf
02.06.2009 15:09 848 mso33AA9.wmf
02.06.2009 15:09 1.014 msoD1D88.wmf
02.06.2009 15:09 512 ~DF26E0.tmp
13.05.2009 16:58 2.032 iTunesSetupE88.log
13.05.2009 16:56 2.815.670 SetupAdminAB8.log
146 Datei(en) 111.269.130 Bytes
0 Verzeichnis(se), 26.482.810.880 Bytes frei
Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.32.18
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 9.1.0
Agere Systems HDA Modem
Apple Mobile Device Support Apple Inc. 2.5.0.31
Apple Software Update Apple Inc. 2.1.1.116
ATI Catalyst Control Center 1.007.2007.0202
ATI Display Driver 8.342.2-070202a-044973C-HP
Avira AntiVir Personal - Free Antivirus Avira GmbH
Bonjour Apple Inc. 1.0.106
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 4.100.15.5
Broadcom NetXtreme Ethernet Controller Broadcom Corporation 10.15.15
ccc-Branding ATI 1.00.0000
CCleaner Piriform 2.27
Cisco Systems VPN Client 5.0.03.0530 Cisco Systems, Inc. 5.0.3
Compatibility Pack für 2007 Office System Microsoft Corporation 12.0.6021.5000
Credential Manager for HP ProtectTools Hewlett-Packard 2.5.0.880.13
Google Toolbar for Internet Explorer Google Inc.
HijackThis 2.0.2 TrendMicro 2.0.2
HP BIOS Configuration for ProtectTools Hewlett-Packard 3.00 C1
HP Broadband Wireless Modules Sierra Wireless Inc 18.14.1483.2
HP PCMCIA Smart Card Reader HP 1.01.0001
HP ProtectTools Security Manager Hewlett-Packard 3.00 A10
HP Wireless Assistant Hewlett-Packard 3.00 F1
InterVideo DVD Check
InterVideo WinDVD InterVideo Inc. 5.0-B11.1164
IrfanView (remove only)
iTunes Apple Inc. 8.2.0.23
Java(TM) 6 Update 6 Sun Microsystems, Inc. 1.6.0.60
K-Lite Mega Codec Pack 4.1.4 4.1.4
Malwarebytes' Anti-Malware Malwarebytes Corporation
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 10.0.2701.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
OpenOffice.org 2.4 OpenOffice.org 2.4.9286
QuickTime Apple Inc. 7.62.14.0
Roxio Creator Audio Roxio 3.3.0
Roxio Creator Basic v9 Roxio 3.3.0
Roxio Creator Copy Roxio 3.3.0
Roxio Creator Data Roxio 3.3.0
Roxio Creator Tools Roxio 3.3.0
Roxio Express Labeler 3 Roxio 2.1.0
Roxio MyDVD Basic v9 Roxio 9.0.116
Safari Apple Inc. 3.525.29.0
SopCast 3.2.4 SopCast.com 3.2.4
SoundMAX Analog Devices 5.10.01.5161
Synaptics Pointing Device Driver Synaptics 9.1.11.0
TuneUp Utilities TuneUp Software 9.0.3000.52
Windows Internet Explorer 7 Microsoft Corporation 20070813.185237
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1 Microsoft Corporation 5.1.0715
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-27 18:38:01
Windows 5.1.2600 Service Pack 3
Running: c9c8zr1j.exe; Driver: C:\DOKUME~1\Caro\LOKALE~1\Temp\awndrfob.sys
---- System - GMER 1.0.15 ----
SSDT F7B251CE ZwCreateKey
SSDT F7B251C4 ZwCreateThread
SSDT F7B251D3 ZwDeleteKey
SSDT F7B251DD ZwDeleteValueKey
SSDT F7B251E2 ZwLoadKey
SSDT F7B251B0 ZwOpenProcess
SSDT F7B251B5 ZwOpenThread
SSDT F7B251EC ZwReplaceKey
SSDT F7B251E7 ZwRestoreKey
SSDT F7B251D8 ZwSetValueKey
SSDT F7B251BF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1960408961-1532298954-839522115-1003@RefCount 8
---- EOF - GMER 1.0.15 ----
Geändert von lennox1982 (28.12.2009 um 10:45 Uhr) |
|
28.12.2009, 11:37
| #10 |
| /// Helfer-Team | Internet plötzlich langsam 5 Trojaner gefunden poste auch erneut: Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! |
|
28.12.2009, 18:19
| #11 |
| | Internet plötzlich langsam 5 Trojaner gefundenCode:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:29:26, on 28.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Programme\Hewlett-Packard\IAM\bin\asghost.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Avira\AntiVir Desktop\update.exe C:\Dokumente und Einstellungen\Caro\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 8750 bytes |
|
29.12.2009, 11:05
| #12 |
| /// Helfer-Team | Internet plötzlich langsam 5 Trojaner gefunden hi 1. starte HijackThis--> wähle: "config -> misc tools --> delete a file on reboot"--> wähle die zu löschende datei - sehe der Inhalt dieser Code-Box (Text kopieren und einfügen, oder "Durchsuchen"), die frage zum neustart mit JA beantworten Code:
ATTFilter
C:\WINDOWS\system32\fjhdyfhsn.bat
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren **Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar. **Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
3. reinige dein System mit Ccleaner:
4.
5. Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit! Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 17 schon fällig!) danach deinstalliere: `Systemsteuerung → Software → Ändern/Entfernen...` Code:
ATTFilter Java(TM) 6 Update 6
Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner - wähle hier "My computer" aus und das Logergebnis speichern "Save as" dann posten Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben 7. Code:
ATTFilter TuneUp Utilities
TuneUp: Wundermittel oder Placebo?/derfisch.de & „Schlangenöl“ für den Speicher - Sogenannte Optimierungstool wie Tuneup, Ashampoo & Co, gibt es viele! Die Hersteller versprechen weitaus mehr, als letztlich wirklich halten können. Windows beschleunigen/optimieren, kostet nur wenig Mühe, alles von Hand zu erledigen, ohne Zusatz-Tool besser - ansonst ist am Ende der Schrecken groß, wenn auf einmal das System nicht mehr startet oder Daten verloren sind. 
8. Wie lange dauert die Startvorgang? - Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben - Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen. "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK" it-academy.cc pqtuning.de Laden von Programmen beim Start von Windows Vista verhindern - Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart... - Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten` (Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.) - Falls Du mal brauchst, kannst manuell auch starten - Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*): Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Gleich ein paar Vorschläge: Code:
ATTFilter O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher solltest Du abschalten: Code:
ATTFilter O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Manuell, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt. 10. poste erneut: Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! filelist.bat - Nur den letzten sechs Monaten! Geändert von kira (29.12.2009 um 11:14 Uhr) |
|
29.12.2009, 22:21
| #13 |
| | Internet plötzlich langsam 5 Trojaner gefunden Hier das Ergebnis des Superantispywarescans: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com
Generiert 12/29/2009 bei 08:27 PM
Version der Applikation : 4.32.1000
Version der Kern-Datenbank : 4421
Version der Spur-Datenbank : 2247
Scan Art : kompletter Scann
Totale Scann-Zeit : 00:18:42
Gescannte Speicherelemente : 706
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 6029
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 18860
Erfasste Datei-Elemente : 0
Code:
ATTFilter Tuesday, December 29, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 29, 2009 19:41:44
Records in database: 3416532
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Objects scanned 45644
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 00:53:36
No threats found. Scanned area is clean.
Selected area has been scanned.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:27, on 29.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Dokumente und Einstellungen\Caro\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programme\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- End of file - 8579 bytes |
|
30.12.2009, 22:58
| #14 |
| /// Helfer-Team | Internet plötzlich langsam 5 Trojaner gefunden Ok, sieht alles gut aus, sonst noch Probleme? |
|
31.12.2009, 14:41
| #15 |
| | Internet plötzlich langsam 5 Trojaner gefunden Hört sich gut an! Bei diesem PC nicht mehr, halt bei meinem anderen, an dem ich ja jetzt über Zufall mit diesem Rootkitprogramm (gmer) gesehen hab, dass da was drauf ist anscheinend. Kannst du mir dabei helfen? Oder muss ich einen neuen Thread aufmachen? glg und einen guten Rutsch!!! |
|
| Themen zu Internet plötzlich langsam 5 Trojaner gefunden |
| adobe, agere systems, antivir guard, avg, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, content.ie5, desktop, disabled.securitycenter, einstellungen, excel, explorer, fontcache, google, hijack, hijackthis, hkus\s-1-5-18, infizierte, infizierte dateien, internet, jar_cache, langsam, malware.trace, notification, registrierungsschlüssel, registry, rojaner gefunden, rundll, scan, security, shell32.dll, sierra, software, system, trojaner, trojaner gefunden, windows xp |
Linear-Darstellung
