| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir und andere Virenprogramme starten nicht / Rootkit?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2010, 19:31
| #1 |
 |  Antivir und andere Virenprogramme starten nicht / Rootkit? Guten Abend, bei mir lassen sich seit gestern Virenprogramme nicht mehr starten. Da anscheinend im Moment mehrere dieses Problem haben, habe ich mich, soweit ich konnte, schonmal bei anderen Threads schlau gemacht. Soweit ich das überblicke, handelt es sich um "Rootkit". Gmer spuckt dazu Folgendes aus: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-03 17:43:40 Windows 5.1.2600 Service Pack 3 Running: cew3mevn.exe; Driver: C:\DOKUME~1\Jasper\LOKALE~1\Temp\pglyifow.sys ---- System - GMER 1.0.15 ---- Code 826A10D0 ZwEnumerateKey Code 826A1958 ZwFlushInstructionCache Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous Code 826B14A6 IofCallDriver Code 826A460E IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 826B14AB .text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 826A4613 PAGE ntoskrnl.exe!ZwFlushInstructionCache 8056E42A 5 Bytes JMP 826A195C PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 5 Bytes JMP 826A10D4 ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Mozilla Firefox\firefox.exe[4004] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 0263000A .text C:\Programme\Mozilla Firefox\firefox.exe[4004] WS2_32.dll!connect 71A14A07 5 Bytes JMP 0262000A .text C:\Programme\Mozilla Firefox\firefox.exe[4004] WS2_32.dll!send 71A14C27 5 Bytes JMP 0264000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F372C820] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F372C820] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\irda.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice] [F372C6D0] \??\C:\WINDOWS.0\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe[832] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00ED2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe[832] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00ED2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe[832] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00ED2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe[832] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00ED2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\Jasper\Desktop\cew3mevn.exe[2036] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F72F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\Jasper\Desktop\cew3mevn.exe[2036] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F72CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\Jasper\Desktop\cew3mevn.exe[2036] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00F72D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\Jasper\Desktop\cew3mevn.exe[2036] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F72CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[2140] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\System32\sistray.EXE[2468] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2468] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2468] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2468] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2488] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CD2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2488] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CD2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2488] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00CD2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2488] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CD2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2532] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EC2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2532] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EC2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2532] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00EC2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2532] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EC2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2632] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2632] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2632] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2632] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2764] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2764] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2764] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2764] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\wuauclt.exe[2808] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\wuauclt.exe[2808] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\wuauclt.exe[2808] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\wuauclt.exe[2808] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2932] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2932] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2932] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Microsoft Office\Office10\WINWORD.EXE[2932] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTbaviyqvppp.sys (*** hidden *** ) F3C11000-F3C2E000 (118784 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [136] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [436] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [1016] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1336] 0x00D00000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1536] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [1704] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [1904] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll (*** hidden *** ) @ C:\WINDOWS.0\Explorer.EXE [2140] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTqpuirvakoo.dll (*** hidden *** ) @ C:\Programme\Mozilla Firefox\firefox.exe [4004] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS.0\system32\drivers\H8SRTbaviyqvppp.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTbaviyqvppp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTbaviyqvppp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqowykmovrg.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrrprqrdylq.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTqpuirvakoo.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTbaviyqvppp.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTbaviyqvppp.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqowykmovrg.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrrprqrdylq.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqxlxmrxqjy.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTqpuirvakoo.dll In anderen Threads habe ich nun gelesen, dass ich mit Avenger Herr des Problems werden kann. Ich weiß allerdings nicht, wie ich das Script hierfür gestalten muss. Für jede Hilfe bin ich sehr dankbar. @ Chris4You: Dir jetzt schon einmal besten Dank!!! Grüße Gumbu |
|
03.01.2010, 19:37
| #2 |
  | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi,
__________________Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Drivers to delete:
H8SRTd.sys
Files to delete:
C:\WINDOWS.0\system32\drivers\H8SRTbaviyqvppp.sys
C:\WINDOWS.0\system32\H8SRTqpuirvakoo.dll
C:\WINDOWS.0\system32\H8SRTqowykmovrg.dll
C:\WINDOWS.0\system32\H8SRTrrprqrdylq.dat
C:\WINDOWS.0\system32\H8SRTqxlxmrxqjy.dll
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Danach bitte Fullscan mit MAM... Das Windows wurde schoneinmal neu aufgesetzt, oder? chris
__________________ |
|
03.01.2010, 21:28
| #3 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi Chris,
__________________Avenger spuckt Erfolge aus: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTbaviyqvppp.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" deleted successfully. File "C:\WINDOWS.0\system32\drivers\H8SRTbaviyqvppp.sys" deleted successfully. File "C:\WINDOWS.0\system32\H8SRTqpuirvakoo.dll" deleted successfully. File "C:\WINDOWS.0\system32\H8SRTqowykmovrg.dll" deleted successfully. File "C:\WINDOWS.0\system32\H8SRTrrprqrdylq.dat" deleted successfully. File "C:\WINDOWS.0\system32\H8SRTqxlxmrxqjy.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. MAM ist durchgelaufen und sagt Folgendes: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2775 Windows 5.1.2600 Service Pack 3 03.01.2010 20:57:55 mbam-log-2010-01-03 (20-57-55).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 182824 Laufzeit: 1 hour(s), 5 minute(s), 10 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\mp.mediapops (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mp.mediapops.1 (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hwclock (Backdoor.IRCBot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Antivir läuft wieder und ich entspanne mich langsam. Ich werde jetzt noch Deine Tipps aus dem anderen Thread durchführen, Dir ganz herzlichen Dank für die Unterstützung, Gumbu PS: Wenn ich mich richtig erinnere, ist Windows auf diesem Rechner nie neu aufgesetzt worden. |
|
03.01.2010, 21:47
| #4 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi, Avira in der aggresiven Einstellunge mit Komplettscan... Das hier ist aber typisch für sowas: C:\WINDOWS.0 (Neuaufsetzen)... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
03.01.2010, 22:46
| #5 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Entwarnung kam leider etwas zu früh. Nach ca. der Hälfte des Avira-Scans geht der Rechner ohne Vorwarnung aus. Habs jetzt 3x probiert. Windows neu aufzusetzen ist wohl ein sehr vernünftiger Vorschlag... |
|
04.01.2010, 01:46
| #6 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Mittlerweile ist nun auch Avira mit den aggressiven Einstellungen komplett durchgelaufen. Ergebnis: Kein Fund! Das klingt doch ganz gut, oder? Gute Nacht! |
|
04.01.2010, 10:20
| #7 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi, poste noch ein neues RSIT-Log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.01.2010, 13:16
| #8 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Logfile of random's system information tool 1.06 (written by random/random) Run by XXXX at 2010-01-04 13:08:59 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 9 GB (32%) free of 29 GB Total RAM: 351 MB (22% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:09:28, on 04.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS.0\system32\slserv.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\System32\sistray.EXE C:\WINDOWS.0\System32\khooker.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\iTunes\iTunes.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\XXXX\Desktop\RSIT.exe C:\Programme\trend micro\XXXX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.rz.uni-passau.de:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uni-passau.de;*.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS.0\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS.0\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\sisUSBrg.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSetup] F:\setup.exe /skip_all_checks /p /start /restart /l:deu O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186037039801 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186036979254 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab O16 - DPF: {C94BFF60-7315-11D2-A844-0060086FEFD7} (Internet Banking und Brokerage) - http://www.izb-hb.de/SPK_Passau/SBrokerXXXX.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Update Service (gupdate1c9f0fce0e3c9c0) (gupdate1c9f0fce0e3c9c0) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe -- End of file - 7865 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"=C:\WINDOWS.0\System32\sistray.EXE [2002-05-09 303104] "SiS KHooker"=C:\WINDOWS.0\System32\khooker.exe [2002-01-25 290816] "SiSUSBRG"=C:\WINDOWS.0\sisUSBrg.exe [2002-04-26 32768] "Microsoft Works Update Detection"=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-24 28672] "LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360] "PowerBar"= [] "LogitechSetup"=F:\setup.exe /skip_all_checks /p /start /restart /l:deu [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-15 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Programme\Ahead\InCD\InCD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS.0^Startmenü^Programme^Autostart^VPN Client.lnk] C:\WINDOWS.0\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-08-02 6144] C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe"="C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*  esigner.exe""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS.0\system32\dpnsvr.exe"="C:\WINDOWS.0\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server" "C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:* isabled:BF1942""C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:* isabled:Bonjour""C:\Programme\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe"="C:\Programme\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe:* isabledH2005Demo""C:\Programme\Illusion Softworks\Hidden & Dangerous 2\HD2.exe"="C:\Programme\Illusion Softworks\Hidden & Dangerous 2\HD2.exe:* isabled:HD2""C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:* isabled:iTunes""C:\Programme\PATRIZIER II Gold\Patrizier 2.exe"="C:\Programme\PATRIZIER II Gold\Patrizier 2.exe:* isabled:Patrizier 2""C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 3 months====== 2010-01-04 13:09:01 ----D---- C:\Programme\trend micro 2010-01-04 13:08:58 ----D---- C:\rsit 2010-01-04 11:57:09 ----SHD---- C:\Config.Msi 2010-01-03 21:16:55 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira 2010-01-03 21:16:54 ----D---- C:\Programme\Avira 2010-01-03 19:49:39 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes 2010-01-03 19:48:05 ----D---- C:\Avenger 2010-01-03 19:48:05 ----A---- C:\avenger.txt 2010-01-03 17:23:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-03 17:23:48 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes 2010-01-03 12:49:31 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\QuickScan 2010-01-03 01:16:58 ----A---- C:\WINDOWS.0\system32\krl32mainweq.dll 2010-01-03 01:12:33 ----A---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\sysReserve.ini 2009-12-29 16:04:33 ----D---- C:\WINDOWS.0\pss 2009-12-10 23:28:40 ----HDC---- C:\WINDOWS.0\$NtUninstallKB970430$ 2009-12-10 23:28:26 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974318$ 2009-12-10 23:27:15 ----HDC---- C:\WINDOWS.0\$NtUninstallKB973904$ 2009-12-10 23:25:47 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974392$ 2009-12-10 23:25:27 ----HDC---- C:\WINDOWS.0\$NtUninstallKB971737$ 2009-11-27 13:23:31 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\DVD Shrink 2009-11-25 19:38:19 ----HDC---- C:\WINDOWS.0\$NtUninstallKB976098-v2$ 2009-11-25 19:37:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB973687$ 2009-11-11 23:15:20 ----HDC---- C:\WINDOWS.0\$NtUninstallKB969947$ 2009-10-14 23:26:45 ----HDC---- C:\WINDOWS.0\$NtUninstallKB958869$ 2009-10-14 23:23:29 ----HDC---- C:\WINDOWS.0\$NtUninstallKB969059$ 2009-10-14 23:22:25 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954155_WM9$ 2009-10-14 23:22:16 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974112$ 2009-10-14 23:22:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB975025$ 2009-10-14 23:20:32 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974571$ 2009-10-14 23:19:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB971486$ 2009-10-14 23:17:59 ----HDC---- C:\WINDOWS.0\$NtUninstallKB973525$ 2009-10-14 23:17:36 ----HDC---- C:\WINDOWS.0\$NtUninstallKB975467$ ======List of files/folders modified in the last 3 months====== 2010-01-04 13:09:01 ----RD---- C:\Programme 2010-01-04 13:08:44 ----D---- C:\WINDOWS.0\Prefetch 2010-01-04 12:21:24 ----D---- C:\Programme\Mozilla Firefox 2010-01-04 12:08:21 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Adobe 2010-01-04 12:08:02 ----SHD---- C:\WINDOWS.0\Installer 2010-01-04 12:04:50 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-01-04 11:56:27 ----D---- C:\WINDOWS.0\system32 2010-01-04 11:56:01 ----D---- C:\WINDOWS.0 2010-01-04 11:49:05 ----D---- C:\WINDOWS.0\Temp 2010-01-04 11:48:51 ----D---- C:\WINDOWS.0\system32\CatRoot2 2010-01-04 02:16:37 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2010-01-03 23:22:31 ----D---- C:\WINDOWS.0\system32\drivers 2010-01-03 21:18:40 ----HD---- C:\WINDOWS.0\inf 2010-01-03 21:15:45 ----D---- C:\WINDOWS.0\WinSxS 2010-01-03 16:05:29 ----D---- C:\WINDOWS.0\Minidump 2010-01-03 15:01:42 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Skype 2010-01-03 12:55:41 ----RASH---- C:\boot.ini 2010-01-03 12:55:41 ----A---- C:\WINDOWS.0\win.ini 2010-01-03 12:55:41 ----A---- C:\WINDOWS.0\system.ini 2010-01-03 01:18:02 ----D---- C:\WINDOWS.0\Debug 2009-12-30 22:48:37 ----D---- C:\Programme\Google 2009-12-29 16:17:37 ----D---- C:\Programme\ahead 2009-12-11 16:56:35 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI 2009-12-10 23:28:50 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2009-12-10 23:27:11 ----HD---- C:\WINDOWS.0\$hf_mig$ 2009-12-10 23:26:44 ----D---- C:\WINDOWS.0\system32\de-de 2009-12-10 23:26:44 ----D---- C:\Programme\Internet Explorer 2009-12-10 23:26:19 ----D---- C:\WINDOWS.0\ie7updates 2009-12-01 21:06:19 ----A---- C:\WINDOWS.0\system32\MRT.exe 2009-11-21 13:13:22 ----SD---- C:\WINDOWS.0\Downloaded Program Files 2009-11-16 21:12:54 ----HD---- C:\Programme\InstallShield Installation Information 2009-11-16 19:17:04 ----RD---- C:\Programme\Skype 2009-11-16 19:16:18 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Skype 2009-10-29 08:41:02 ----A---- C:\WINDOWS.0\system32\wininet.dll 2009-10-29 08:41:02 ----A---- C:\WINDOWS.0\system32\webcheck.dll 2009-10-29 08:41:02 ----A---- C:\WINDOWS.0\system32\urlmon.dll 2009-10-29 08:41:01 ----N---- C:\WINDOWS.0\system32\pngfilt.dll 2009-10-29 08:41:01 ----N---- C:\WINDOWS.0\system32\occache.dll 2009-10-29 08:41:01 ----N---- C:\WINDOWS.0\system32\mstime.dll 2009-10-29 08:41:01 ----A---- C:\WINDOWS.0\system32\url.dll 2009-10-29 08:41:00 ----N---- C:\WINDOWS.0\system32\msrating.dll 2009-10-29 08:41:00 ----N---- C:\WINDOWS.0\system32\mshtmled.dll 2009-10-29 08:41:00 ----A---- C:\WINDOWS.0\system32\mshtml.dll 2009-10-29 08:40:59 ----A---- C:\WINDOWS.0\system32\msfeedsbs.dll 2009-10-29 08:40:59 ----A---- C:\WINDOWS.0\system32\msfeeds.dll 2009-10-29 08:40:58 ----N---- C:\WINDOWS.0\system32\jsproxy.dll 2009-10-29 08:40:58 ----A---- C:\WINDOWS.0\system32\iertutil.dll 2009-10-29 08:40:57 ----N---- C:\WINDOWS.0\system32\iernonce.dll 2009-10-29 08:40:57 ----A---- C:\WINDOWS.0\system32\ieframe.dll 2009-10-29 08:40:56 ----N---- C:\WINDOWS.0\system32\iedkcs32.dll 2009-10-29 08:40:56 ----A---- C:\WINDOWS.0\system32\ieencode.dll 2009-10-29 08:40:55 ----N---- C:\WINDOWS.0\system32\ieaksie.dll 2009-10-29 08:40:55 ----A---- C:\WINDOWS.0\system32\ieapfltr.dll 2009-10-29 08:40:54 ----N---- C:\WINDOWS.0\system32\ieakeng.dll 2009-10-29 08:40:54 ----N---- C:\WINDOWS.0\system32\extmgr.dll 2009-10-29 08:40:54 ----N---- C:\WINDOWS.0\system32\dxtrans.dll 2009-10-29 08:40:54 ----N---- C:\WINDOWS.0\system32\dxtmsft.dll 2009-10-29 08:40:54 ----N---- C:\WINDOWS.0\system32\corpol.dll 2009-10-29 08:40:54 ----A---- C:\WINDOWS.0\system32\icardie.dll 2009-10-29 08:40:54 ----A---- C:\WINDOWS.0\system32\advpack.dll 2009-10-28 16:07:15 ----N---- C:\WINDOWS.0\system32\tzchange.exe 2009-10-28 15:35:50 ----N---- C:\WINDOWS.0\system32\ie4uinit.exe 2009-10-28 15:35:50 ----A---- C:\WINDOWS.0\system32\ieudinit.exe 2009-10-28 07:52:46 ----N---- C:\WINDOWS.0\system32\ieakui.dll 2009-10-21 06:38:36 ----A---- C:\WINDOWS.0\system32\strmfilt.dll 2009-10-21 06:38:36 ----A---- C:\WINDOWS.0\system32\httpapi.dll 2009-10-15 11:59:34 ----D---- C:\WINDOWS.0\Microsoft.NET 2009-10-15 11:59:19 ----RSD---- C:\WINDOWS.0\assembly 2009-10-13 11:32:34 ----A---- C:\WINDOWS.0\system32\oakley.dll 2009-10-12 14:38:18 ----A---- C:\WINDOWS.0\system32\rastls.dll 2009-10-12 14:38:18 ----A---- C:\WINDOWS.0\system32\raschap.dll 2009-10-06 17:54:31 ----D---- C:\WINDOWS.0\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS.0\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS.0\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SiSkp;SiSkp; C:\WINDOWS.0\system32\drivers\srvkp.sys [2002-04-03 5760] R1 SSHDRV58;SSHDRV58; \??\C:\WINDOWS.0\System32\drivers\SSHDRV58.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS.0\system32\Drivers\CVPNDRVA.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS.0\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 Sentinel;Sentinel; C:\WINDOWS.0\System32\Drivers\SENTINEL.SYS [1999-07-20 73216] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS.0\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS.0\system32\DRIVERS\dne2000.sys [2007-01-31 127376] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS.0\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS.0\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS.0\System32\DRIVERS\Mtlmnt5.sys [2002-05-05 194128] R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS.0\System32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 pfc;Padus ASPI Shell; C:\WINDOWS.0\system32\drivers\pfc.sys [2003-12-05 10368] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS.0\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SiS315;SiS315; C:\WINDOWS.0\System32\DRIVERS\sisgrp.sys [2002-06-13 201600] R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS.0\system32\drivers\sis7012.sys [2002-06-17 798739] R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS.0\System32\DRIVERS\sisnic.sys [2002-04-16 32256] R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS.0\System32\DRIVERS\slntamr.sys [2002-06-17 417552] R3 SlWdmSup;SlWdmSup; C:\WINDOWS.0\System32\DRIVERS\SlWdmSup.sys [2002-03-14 39348] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS.0\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS.0\system32\drivers\cdrbsvsd.sys [] S2 Sntnlusb;Sntnlusb; C:\WINDOWS.0\System32\Drivers\SNTNLUSB.SYS [1999-07-20 8128] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Bridge;MAC-Brücke; C:\WINDOWS.0\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS.0\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS.0\System32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS.0\System32\DRIVERS\enum1394.sys [2001-08-17 6400] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS.0\system32\DRIVERS\k750mdm.sys [2005-02-11 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS.0\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS.0\system32\DRIVERS\k750obex.sys [2005-02-11 79488] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS.0\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS.0\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS.0\system32\drivers\LVUSBSta.sys [2007-07-19 41752] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS.0\System32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 Mtlstrm;Mtlstrm; C:\WINDOWS.0\System32\DRIVERS\Mtlstrm.sys [2002-04-18 1805544] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 NtMtlFax;NtMtlFax; C:\WINDOWS.0\System32\DRIVERS\NtMtlFax.sys [2002-03-14 161984] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS.0\system32\DRIVERS\LV302V32.SYS [2007-07-19 1278104] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS.0\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SlNtHal;SlNtHal; C:\WINDOWS.0\System32\DRIVERS\Slnthal.sys [2002-03-14 84720] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS.0\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA-IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS.0\System32\vsdatant.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584] R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112] R2 Irmon;Infrarotüberwachung; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336] R2 LVCOMSer;LVCOMSer; C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904] R2 LVPrcSrv;Process Monitor; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752] R2 SLService;SmartLinkService; C:\WINDOWS.0\system32\slserv.exe [2002-05-05 45056] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-03-12 656168] S2 gupdate1c9f0fce0e3c9c0;Google Update Service (gupdate1c9f0fce0e3c9c0); C:\Programme\Google\Update\GoogleUpdate.exe [2009-06-19 133104] S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
04.01.2010, 16:33
| #9 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi, da ist noch was... Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
C:\WINDOWS.0\system32\krl32mainweq.dll
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Update MAM und lass es im Fullscanmode laufen und alles bereinigen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.01.2010, 19:14
| #10 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Oh, dann schnell weg damit. Avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS.0\system32\krl32mainweq.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
04.01.2010, 20:29
| #11 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi, na, was treibt der Rechner so? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.01.2010, 20:34
| #12 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hey Chris, grad ist MAM fertig geworden und hat nochmal was gefunden: Malwarebytes' Anti-Malware 1.43 Datenbank Version: 3492 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 04.01.2010 20:33:37 mbam-log-2010-01-04 (20-33-37).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 199978 Laufzeit: 1 hour(s), 12 minute(s), 52 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Temp\H8SRTfc56.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. |
|
04.01.2010, 20:41
| #13 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Hi, Rest oder Neuinfektion dass ist hier die Frage... Shakespare oder Chris... Okay, lass uns nachschauen mit GMER (kennst Du ja jetzt schon, bitte Rootkitscann)... chris Ps.: Denke es ist nur ein "Rest"
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.01.2010, 20:45
| #14 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? Ok, GMER läuft, RSIT bietet derweil Folgendes an: Logfile of random's system information tool 1.06 (written by random/random) Run by XXXX at 2010-01-04 20:41:02 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 9 GB (32%) free of 29 GB Total RAM: 351 MB (34% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:13, on 04.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS.0\system32\slserv.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\wuauclt.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\System32\sistray.EXE C:\WINDOWS.0\System32\khooker.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Adobe\Reader 9.0\XXXX\Reader_sl.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Dokumente und Einstellungen\Jasper\Desktop\RSIT.exe C:\Programme\trend micro\XXXX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.rz.uni-passau.de:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uni-passau.de;*.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS.0\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS.0\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\sisUSBrg.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSetup] F:\setup.exe /skip_all_checks /p /start /restart /l:deu O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186037039801 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186036979254 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab O16 - DPF: {C94BFF60-7315-11D2-A844-0060086FEFD7} (Internet Banking und Brokerage) - http://www.izb-hb.de/SPK_Passau/SBrokerXXXX.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Update Service (gupdate1c9f0fce0e3c9c0) (gupdate1c9f0fce0e3c9c0) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe -- End of file - 7714 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"=C:\WINDOWS.0\System32\sistray.EXE [2002-05-09 303104] "SiS KHooker"=C:\WINDOWS.0\System32\khooker.exe [2002-01-25 290816] "SiSUSBRG"=C:\WINDOWS.0\sisUSBrg.exe [2002-04-26 32768] "Microsoft Works Update Detection"=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-24 28672] "LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360] "PowerBar"= [] "LogitechSetup"=F:\setup.exe /skip_all_checks /p /start /restart /l:deu [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-15 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Programme\Ahead\InCD\InCD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2009-03-12 342312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS.0^Startmenü^Programme^Autostart^VPN Client.lnk] C:\WINDOWS.0\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-08-02 6144] C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe"="C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:* esigner.exe""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS.0\system32\dpnsvr.exe"="C:\WINDOWS.0\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server" "C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:* isabled:BF1942""C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:* isabled:Bonjour""C:\Programme\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe"="C:\Programme\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe:* isabledH2005Demo""C:\Programme\Illusion Softworks\Hidden & Dangerous 2\HD2.exe"="C:\Programme\Illusion Softworks\Hidden & Dangerous 2\HD2.exe:* isabled:HD2""C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:* isabled:iTunes""C:\Programme\PATRIZIER II Gold\Patrizier 2.exe"="C:\Programme\PATRIZIER II Gold\Patrizier 2.exe:* isabled:Patrizier 2""C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-01-04 13:09:01 ----D---- C:\Programme\trend micro 2010-01-04 13:08:58 ----D---- C:\rsit 2010-01-04 11:57:09 ----SHD---- C:\Config.Msi 2010-01-03 21:16:55 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira 2010-01-03 21:16:54 ----D---- C:\Programme\Avira 2010-01-03 19:49:39 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes 2010-01-03 17:23:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-03 17:23:48 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes 2010-01-03 12:49:31 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\QuickScan 2010-01-03 01:12:33 ----A---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\sysReserve.ini 2009-12-29 16:04:33 ----D---- C:\WINDOWS.0\pss 2009-12-10 23:28:40 ----HDC---- C:\WINDOWS.0\$NtUninstallKB970430$ 2009-12-10 23:28:26 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974318$ 2009-12-10 23:27:15 ----HDC---- C:\WINDOWS.0\$NtUninstallKB973904$ 2009-12-10 23:25:47 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974392$ 2009-12-10 23:25:27 ----HDC---- C:\WINDOWS.0\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2010-01-04 20:39:42 ----D---- C:\WINDOWS.0\Temp 2010-01-04 20:39:28 ----D---- C:\WINDOWS.0\system32\CatRoot2 2010-01-04 20:38:19 ----D---- C:\WINDOWS.0\system32\drivers 2010-01-04 20:37:04 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2010-01-04 20:33:49 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974571$ 2010-01-04 19:18:36 ----D---- C:\WINDOWS.0\Prefetch 2010-01-04 19:14:01 ----D---- C:\Programme\Mozilla Firefox 2010-01-04 19:11:12 ----D---- C:\WINDOWS.0\system32 2010-01-04 13:09:01 ----RD---- C:\Programme 2010-01-04 12:08:21 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Adobe 2010-01-04 12:08:02 ----SHD---- C:\WINDOWS.0\Installer 2010-01-04 12:04:50 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-01-04 11:56:01 ----D---- C:\WINDOWS.0 2010-01-03 21:18:40 ----HD---- C:\WINDOWS.0\inf 2010-01-03 21:15:45 ----D---- C:\WINDOWS.0\WinSxS 2010-01-03 16:05:29 ----D---- C:\WINDOWS.0\Minidump 2010-01-03 15:01:42 ----D---- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Skype 2010-01-03 12:55:41 ----RASH---- C:\boot.ini 2010-01-03 12:55:41 ----A---- C:\WINDOWS.0\win.ini 2010-01-03 12:55:41 ----A---- C:\WINDOWS.0\system.ini 2010-01-03 01:18:02 ----D---- C:\WINDOWS.0\Debug 2009-12-30 22:48:37 ----D---- C:\Programme\Google 2009-12-29 16:17:37 ----D---- C:\Programme\ahead 2009-12-11 16:56:35 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI 2009-12-10 23:28:50 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2009-12-10 23:27:11 ----HD---- C:\WINDOWS.0\$hf_mig$ 2009-12-10 23:26:44 ----D---- C:\WINDOWS.0\system32\de-de 2009-12-10 23:26:44 ----D---- C:\Programme\Internet Explorer 2009-12-10 23:26:19 ----D---- C:\WINDOWS.0\ie7updates ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS.0\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS.0\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SiSkp;SiSkp; C:\WINDOWS.0\system32\drivers\srvkp.sys [2002-04-03 5760] R1 SSHDRV58;SSHDRV58; \??\C:\WINDOWS.0\System32\drivers\SSHDRV58.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS.0\system32\Drivers\CVPNDRVA.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS.0\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 Sentinel;Sentinel; C:\WINDOWS.0\System32\Drivers\SENTINEL.SYS [1999-07-20 73216] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS.0\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS.0\system32\DRIVERS\dne2000.sys [2007-01-31 127376] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS.0\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS.0\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS.0\System32\DRIVERS\Mtlmnt5.sys [2002-05-05 194128] R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS.0\System32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 pfc;Padus ASPI Shell; C:\WINDOWS.0\system32\drivers\pfc.sys [2003-12-05 10368] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS.0\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SiS315;SiS315; C:\WINDOWS.0\System32\DRIVERS\sisgrp.sys [2002-06-13 201600] R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS.0\system32\drivers\sis7012.sys [2002-06-17 798739] R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS.0\System32\DRIVERS\sisnic.sys [2002-04-16 32256] R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS.0\System32\DRIVERS\slntamr.sys [2002-06-17 417552] R3 SlWdmSup;SlWdmSup; C:\WINDOWS.0\System32\DRIVERS\SlWdmSup.sys [2002-03-14 39348] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS.0\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS.0\system32\drivers\cdrbsvsd.sys [] S2 Sntnlusb;Sntnlusb; C:\WINDOWS.0\System32\Drivers\SNTNLUSB.SYS [1999-07-20 8128] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Bridge;MAC-Brücke; C:\WINDOWS.0\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS.0\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS.0\System32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS.0\System32\DRIVERS\enum1394.sys [2001-08-17 6400] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS.0\system32\DRIVERS\k750mdm.sys [2005-02-11 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS.0\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS.0\system32\DRIVERS\k750obex.sys [2005-02-11 79488] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS.0\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS.0\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS.0\system32\drivers\LVUSBSta.sys [2007-07-19 41752] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS.0\System32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 Mtlstrm;Mtlstrm; C:\WINDOWS.0\System32\DRIVERS\Mtlstrm.sys [2002-04-18 1805544] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 NtMtlFax;NtMtlFax; C:\WINDOWS.0\System32\DRIVERS\NtMtlFax.sys [2002-03-14 161984] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS.0\system32\DRIVERS\LV302V32.SYS [2007-07-19 1278104] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS.0\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SlNtHal;SlNtHal; C:\WINDOWS.0\System32\DRIVERS\Slnthal.sys [2002-03-14 84720] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS.0\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA-IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS.0\System32\vsdatant.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584] R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112] R2 Irmon;Infrarotüberwachung; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336] R2 LVCOMSer;LVCOMSer; C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904] R2 LVPrcSrv;Process Monitor; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752] R2 SLService;SmartLinkService; C:\WINDOWS.0\system32\slserv.exe [2002-05-05 45056] S2 gupdate1c9f0fce0e3c9c0;Google Update Service (gupdate1c9f0fce0e3c9c0); C:\Programme\Google\Update\GoogleUpdate.exe [2009-06-19 133104] S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-03-12 656168] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Ich hoffe ja schwerstens auf einen klitzekleinen Rest, mit dem wir es hier zu tun haben. Geändert von GumbuEsquire (04.01.2010 um 20:50 Uhr) |
|
04.01.2010, 21:15
| #15 |
| | Antivir und andere Virenprogramme starten nicht / Rootkit? So, GMER sorgt wieder für spontanes Abschalten des Rechners. Was ich soweit retten konnte ist Folgendes: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-04 21:13:21 Windows 5.1.2600 Service Pack 3 Running: cew3mevn.exe; Driver: C:\DOKUME~1\XXXX\LOKALE~1\Temp\pglyifow.sys ---- System - GMER 1.0.15 ---- SSDT F7C90E7E ZwCreateKey SSDT F7C90E74 ZwCreateThread SSDT F7C90E83 ZwDeleteKey SSDT F7C90E8D ZwDeleteValueKey SSDT F7C90E92 ZwLoadKey SSDT F7C90E60 ZwOpenProcess SSDT F7C90E65 ZwOpenThread SSDT F7C90E9C ZwReplaceKey SSDT F7C90E97 ZwRestoreKey SSDT F7C90E88 ZwSetValueKey SSDT F7C90E6F ZwTerminateProcess ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[1212] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\System32\sistray.EXE[2292] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2292] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2292] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\sistray.EXE[2292] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\XXXX\Desktop\cew3mevn.exe[2336] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\XXXX\Desktop\cew3mevn.exe[2336] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\XXXX\Desktop\cew3mevn.exe[2336] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\XXXX\Desktop\cew3mevn.exe[2336] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2428] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2428] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2428] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\System32\khooker.exe[2428] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2484] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2484] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2484] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe[2484] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2604] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2604] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2604] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2604] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2644] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2644] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2644] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2644] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2712] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2712] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2712] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2712] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2780] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2780] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2780] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtClose] [00512D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS.0\system32\ctfmon.exe[2780] @ C:\WINDOWS.0\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) |
|
| Themen zu Antivir und andere Virenprogramme starten nicht / Rootkit? |
| .dll, afd.sys, antivir, controlset002, crypt, dateien, desktop, einstellungen, explorer.exe, firefox, firefox.exe, helper, helper.exe, internet, internet security, mozilla, ntdll.dll, problem, programme, registry, rootkit, rootkit?, scan, security, shell32.dll, starten, starten nicht, starten., svchost.exe, system, system32, temp, udp, wuauclt.exe |
Linear-Darstellung
