| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit gefunden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
01.01.2010, 18:45
| #1 |
 |  Rootkit gefunden! Hallo, beim Durchsuchen meines PCs sind verdächtige Rootkitaktivitäten gesichtet worden. Hier meine Programme Code:
ATTFilter Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
AGEIA PhysX v7.11.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audiograbber 1.83 SE
Avira AntiVir Premium
BioShock
Bonjour
Browser Address Error Redirector
Call of Duty(R) 2
CCleaner (remove only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack für 2007 Office System
CrissCross 8.40
Crossword Compiler Deutsch 8 Testversion
Dell Handbuch zum Einstieg
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Karte
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EDocs
Foto-Mosaik-Edda 5.5.0
Free YouTube to Mp3 Converter version 3.1
Google Chrome
Google Talk (remove only)
HijackThis 2.0.2
ICQ6.5
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kalender-Excel 8.5.1
kikin Plugin (Foto-Mosaik-Edda Edition) 1.11
Lehrstoffmanager Version 1.1 Rev.64
Logitech QuickCam
Logitech® Camera-Treiber
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
NVIDIA Drivers
Opera 9.64
PC Connectivity Solution
PeaZip 2.2
Picasa 3
PixiePack Codec Pack
QuickSet
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Skype™ 4.0
Sonic CinePlayer Decoder Pack
SopCast 3.0.3
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TeamViewer 3
Uninstall 1.0.0.1
VideoLAN VLC media player 0.8.6i
Vista Profile Pack
Windows Live Anmelde-Assistent
Windows Live installer
Windows Media Player Firefox Plugin
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
|
|
01.01.2010, 18:47
| #2 |
| | Rootkit gefunden! und hier das, was beim Scan mit dem gmer-Programm rausgekommen ist!
__________________Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 18:40:43
Windows 6.0.6001 Service Pack 1
Running: ilfmjif8.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\fxldipod.sys
---- System - GMER 1.0.15 ----
SSDT 9A310584 ZwCreateThread
SSDT 9A310570 ZwOpenProcess
SSDT 9A310575 ZwOpenThread
SSDT 9A31057F ZwTerminateProcess
SSDT 9A31057A ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82308A18 4 Bytes [84, 05, 31, 9A]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82308BE8 4 Bytes [70, 05, 31, 9A]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82308C04 4 Bytes [75, 05, 31, 9A]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82308E18 4 Bytes [7F, 05, 31, 9A]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 82308E78 4 Bytes [7A, 05, 31, 9A]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F002340, 0x3E9407, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Napster\napster.exe[2176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[2176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[2176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Napster\napster.exe[2176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [019D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [019D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [019D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell\QuickSet\quickset.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [019D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2820] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2820] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2820] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[2820] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BC88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C098A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BC7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BE7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03FC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03FC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03FC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03FC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[3176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[3176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[3176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[3176] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[3520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[3520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01D82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[3520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[3520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[3684] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00E72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[3684] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00E72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[3684] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WLTRAY.EXE[3684] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00E72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01A52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3872] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00142F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3872] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00142D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3872] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00142CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3872] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00142CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01B12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[4020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[4020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[4020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe[4020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5172] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [015B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [015B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [015B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[28604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[28604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[28604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[28604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[30780] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[30780] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[30780] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Tobias\Desktop\ilfmjif8.exe[30780] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000064 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000066 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
|
|
01.01.2010, 18:47
| #3 |
| | Rootkit gefunden! gmer Teil 2
__________________Code:
ATTFilter ---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2143474600
Process (*** hidden *** ) -2072492536
Process (*** hidden *** ) -2065797632
Process (*** hidden *** ) -2065732096
Process (*** hidden *** ) -2065680424
Process (*** hidden *** ) -2065660552
Process (*** hidden *** ) -2065017864
Process (*** hidden *** ) -2063105168
Process (*** hidden *** ) -2062563880
Process (*** hidden *** ) -2059479168
Process (*** hidden *** ) -2046878208
Process (*** hidden *** ) -2045450792
Process (*** hidden *** ) -2043712000
Process (*** hidden *** ) -2042665472
Process (*** hidden *** ) -2041441280
Process (*** hidden *** ) -2040930120
Process (*** hidden *** ) -2040927416
Process (*** hidden *** ) -2040513024
Process (*** hidden *** ) -2040442696
Process (*** hidden *** ) -2040390144
Process (*** hidden *** ) -2040039512
Process (*** hidden *** ) -2040038816
Process (*** hidden *** ) -2039147176
Process (*** hidden *** ) -2038764032
Process (*** hidden *** ) -2038673224
Process (*** hidden *** ) -2038497792
Process (*** hidden *** ) -2038432256
Process (*** hidden *** ) -2038402072
Process (*** hidden *** ) -2038333952
Process (*** hidden *** ) -2038272512
Process (*** hidden *** ) -2038136648
Process (*** hidden *** ) -2038094648
Process (*** hidden *** ) -2038036336
Process (*** hidden *** ) -2038035640
Process (*** hidden *** ) -2038001480
Process (*** hidden *** ) -2037954416
Process (*** hidden *** ) -2037948928
Process (*** hidden *** ) -2037772800
Process (*** hidden *** ) -2037629440
Process (*** hidden *** ) -2037535232
Process (*** hidden *** ) -2037508728
Process (*** hidden *** ) -2037459472
Process (*** hidden *** ) -2037428736
Process (*** hidden *** ) -2037405888
Process (*** hidden *** ) -2037359848
Process (*** hidden *** ) -2037357192
Process (*** hidden *** ) -2037356448
Process (*** hidden *** ) -2037301760
Process (*** hidden *** ) -2037289472
Process (*** hidden *** ) -2037274480
Process (*** hidden *** ) -2037236224
Process (*** hidden *** ) -2037112648
Process (*** hidden *** ) -2037078712
Process (*** hidden *** ) -2037077968
Process (*** hidden *** ) -2037043016
Process (*** hidden *** ) -2036931472
Process (*** hidden *** ) -2036721112
Process (*** hidden *** ) -2030423880
Process (*** hidden *** ) -2030348440
Process (*** hidden *** ) -2030160368
Process (*** hidden *** ) -2019237704
Process (*** hidden *** ) -2019234304
Process (*** hidden *** ) -2019214792
Process (*** hidden *** ) -2017102288
Process (*** hidden *** ) -2016794816
Process (*** hidden *** ) -2011882240
Process (*** hidden *** ) -2011866824
Process (*** hidden *** ) -2011418440
Process (*** hidden *** ) -2011329720
Process (*** hidden *** ) -2011307552
Process (*** hidden *** ) -2011301048
Process (*** hidden *** ) -2011213640
Process (*** hidden *** ) -2011084264
Process (*** hidden *** ) -2011067952
Process (*** hidden *** ) -2010880304
Process (*** hidden *** ) -2010878912
Process (*** hidden *** ) -2010705336
Process (*** hidden *** ) -2010679584
Process (*** hidden *** ) -2010594864
Process (*** hidden *** ) -2010575448
Process (*** hidden *** ) -2010566472
Process (*** hidden *** ) -2010555952
Process (*** hidden *** ) -2010488648
Process (*** hidden *** ) -2010440544
Process (*** hidden *** ) -2010406728
Process (*** hidden *** ) -2009991744
Process (*** hidden *** ) -2009989704
Process (*** hidden *** ) -2009988936
Process (*** hidden *** ) -2009984840
Process (*** hidden *** ) -2009983840
Process (*** hidden *** ) -2009521008
Process (*** hidden *** ) -2009520312
Process (*** hidden *** ) -2009515328
Process (*** hidden *** ) -2009488256
Process (*** hidden *** ) -2009373672
Process (*** hidden *** ) -2009301504
Process (*** hidden *** ) -2009298480
Process (*** hidden *** ) -2009174800
Process (*** hidden *** ) -2009144656
Process (*** hidden *** ) -2009130824
Process (*** hidden *** ) -2009061536
Process (*** hidden *** ) -2009043640
Process (*** hidden *** ) -2009016696
Process (*** hidden *** ) -2008812304
Process (*** hidden *** ) -2008804200
Process (*** hidden *** ) -2008497992
Process (*** hidden *** ) -2008343720
Process (*** hidden *** ) -2008186696
Process (*** hidden *** ) -2008183992
Process (*** hidden *** ) -2008107088
Process (*** hidden *** ) -2008069944
Process (*** hidden *** ) -2007904072
Process (*** hidden *** ) -2007899976
Process (*** hidden *** ) -2007738096
Process (*** hidden *** ) -2007562976
Process (*** hidden *** ) -2007543624
Process (*** hidden *** ) -2007495208
Process (*** hidden *** ) -2007477976
Process (*** hidden *** ) -2007467184
Process (*** hidden *** ) -2007291760
Process (*** hidden *** ) -2007288360
Process (*** hidden *** ) -2007088968
Process (*** hidden *** ) -2007043912
Process (*** hidden *** ) -2007018576
Process (*** hidden *** ) -2007001392
Process (*** hidden *** ) -2006901496
Process (*** hidden *** ) -2006521816
Process (*** hidden *** ) -2006481824
Process (*** hidden *** ) -2006480056
Process (*** hidden *** ) -2006448176
Process (*** hidden *** ) -2006404096
Process (*** hidden *** ) -2006339400
Process (*** hidden *** ) -2006188544
Process (*** hidden *** ) -2006168064
Process (*** hidden *** ) -2006057472
Process (*** hidden *** ) -2005935640
Process (*** hidden *** ) -2005832192
Process (*** hidden *** ) -2005825352
Process (*** hidden *** ) -2005824000
Process (*** hidden *** ) -2005553664
Process (*** hidden *** ) -2005549568
Process (*** hidden *** ) -2005542736
Process (*** hidden *** ) -2005523200
Process (*** hidden *** ) -2005470112
Process (*** hidden *** ) -2005348168
Process (*** hidden *** ) -2005326112
Process (*** hidden *** ) -2005317440
Process (*** hidden *** ) -2005255312
Process (*** hidden *** ) -2005247536
Process (*** hidden *** ) -2004953736
Process (*** hidden *** ) -2004843296
Process (*** hidden *** ) -2004720824
Process (*** hidden *** ) -2004460032
Process (*** hidden *** ) -2004371800
Process (*** hidden *** ) -2004289872
Process (*** hidden *** ) -2004289176
Process (*** hidden *** ) -2004282912
Process (*** hidden *** ) -2004225864
Process (*** hidden *** ) -2004160328
Process (*** hidden *** ) -2004121520
Process (*** hidden *** ) -2004111176
Process (*** hidden *** ) -699009352
Process (*** hidden *** ) -699007656
Process (*** hidden *** ) -693242152
Process (*** hidden *** ) -690491208
Process (*** hidden *** ) -684329168
Process (*** hidden *** ) -683757384
Process (*** hidden *** ) -683624216
Process (*** hidden *** ) -681674488
Process (*** hidden *** ) -680540904
Process (*** hidden *** ) -680276648
Process (*** hidden *** ) -680165888
Process (*** hidden *** ) -678716072
Process (*** hidden *** ) -675971584
Process (*** hidden *** ) -670895944
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bfdb120@002345616f05 0x40 0xB0 0xA9 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186409207@002345616f05 0xE0 0x9F 0x07 0x5C ...
---- EOF - GMER 1.0.15 ----
|
|
02.01.2010, 06:40
| #4 | |
| /// Helfer-Team    | Rootkit gefunden! hi 1. Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
- Lade dir RSIT - 3. ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen:: → Klicke unter Start auf Arbeitsplatz. → Klicke im Menü Extras auf Ordneroptionen. → Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen → Geschützte und Systemdateien ausblenden → Haken entfernen → Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen. → Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 4. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! Zitat:
Coverflow |
|
02.01.2010, 12:20
| #5 |
| | Rootkit gefunden! Hier der Malwarebiteslog: Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3428
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
02.01.2010 12:15:02
mbam-log-2010-01-02 (12-15-02).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 310997
Laufzeit: 1 hour(s), 59 minute(s), 58 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-01-02 12:17:09
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe"
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\_setup.exe -runfromtemp -l0x0007 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
CrissCross 8.40-->MsiExec.exe /I{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}
Crossword Compiler Deutsch 8 Testversion-->C:\Program Files\Crossword Compiler Deutsch\uninstall.exe
Dell Handbuch zum Einstieg-->MsiExec.exe /I{FD023F61-65E9-465C-B558-7C64EB2B97E6}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Karte-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Foto-Mosaik-Edda 5.5.0-->"C:\Program Files\Foto-Mosaik-Edda\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kalender-Excel 8.5.1-->"C:\Users\Tobias\Documents\Kalender-Excel\unins000.exe"
kikin Plugin (Foto-Mosaik-Edda Edition) 1.11-->C:\Program Files\kikin\uninst.exe
Lehrstoffmanager Version 1.1 Rev.64-->C:\LSM\setup\setup.exe
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D53DF17-8AED-4ACE-A474-002372AAB399}
Logitech® Camera-Treiber-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0007 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PeaZip 2.2-->"C:\Program Files\PeaZip\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Modem V2 Software-->C:\Windows\system32\Samsung_USB_Drivers\3_6810\SSCEUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Profile Pack-->MsiExec.exe /X{D31FB582-86AE-4A05-BFC1-5C5CA944E234}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
======Security center information======
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Tobi
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 207008
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100102090545.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 207009
Source Name: Service Control Manager
Time Written: 20100102090545.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet".
Record Number: 207010
Source Name: Service Control Manager
Time Written: 20100102091545.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 207011
Source Name: Service Control Manager
Time Written: 20100102092157.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 6013
Message: Die aktive Systemzeit ist 7152 Sekunden.
Record Number: 207012
Source Name: EventLog
Time Written: 20100102110059.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: Tobi
Event Code: 0
Message:
Record Number: 42440
Source Name: iPod Service
Time Written: 20100102090249.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 42441
Source Name: Microsoft-Windows-WMI
Time Written: 20100102090251.000000-000
Event Type: Fehler
User:
Computer Name: Tobi
Event Code: 0
Message:
Record Number: 42442
Source Name: gupdate1ca07b46e687e50
Time Written: 20100102090302.000000-000
Event Type: Informationen
User:
Computer Name: Tobi
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 42443
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100102090323.097949-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Tobi
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 42444
Source Name: SecurityCenter
Time Written: 20100102090428.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Tobi
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 66316
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100102111704.270949-000
Event Type: Überwachung gescheitert
User:
Computer Name: Tobi
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 66317
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100102111704.345949-000
Event Type: Überwachung gescheitert
User:
Computer Name: Tobi
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 66318
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100102111704.429949-000
Event Type: Überwachung gescheitert
User:
Computer Name: Tobi
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 66319
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100102111704.497949-000
Event Type: Überwachung gescheitert
User:
Computer Name: Tobi
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 66320
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100102111704.582949-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
02.01.2010, 12:21
| #6 |
| | Rootkit gefunden! und hier der zweite log: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Tobias at 2010-01-02 12:16:51 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 121 GB (53%) free of 228 GB Total RAM: 3070 MB (52% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:06, on 02.01.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Napster\napster.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Opera\opera.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Tobias\Desktop\RSIT.exe C:\Program Files\trend micro\Tobias.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programm_Download\SuperAntiSpyWare\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Avira AntiVir Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1ca07b46e687e50) (gupdate1ca07b46e687e50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 10816 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{773D4BC6-D14B-4341-A7B7-454FF3EC4E7B}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2009-07-14 429280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ECenter"=C:\Dell\E-Center\EULALauncher.exe [2008-02-29 17920] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-02-22 159744] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-22 4907008] "Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-05-16 3444736] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312] "NapsterShell"=C:\Program Files\Napster\napster.exe [2008-12-19 323216] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704] "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-06-09 96800] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "NPSStartup"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3293184] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-11-12 102400] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Programm_Download\SuperAntiSpyWare\SASWINLO.DLL [2008-12-10 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programm_Download\SuperAntiSpyWare\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer" "C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ" "C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-01-02 12:16:51 ----D---- C:\rsit 2009-12-25 18:55:50 ----D---- C:\Users\Tobias\AppData\Roaming\Malwarebytes 2009-12-25 18:55:44 ----D---- C:\ProgramData\Malwarebytes 2009-12-25 18:55:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-09 15:24:47 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-09 15:24:46 ----A---- C:\Windows\system32\httpapi.dll 2009-12-09 08:48:03 ----A---- C:\Windows\system32\mshtml.dll 2009-12-09 08:48:02 ----A---- C:\Windows\system32\ieframe.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\wininet.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\urlmon.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\occache.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\iertutil.dll 2009-12-09 08:48:01 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-09 08:48:00 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-09 08:48:00 ----A---- C:\Windows\system32\ieui.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\iesetup.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\iernonce.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\iepeers.dll 2009-12-09 08:48:00 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-09 08:47:49 ----A---- C:\Windows\system32\rastls.dll 2009-12-09 08:47:49 ----A---- C:\Windows\system32\raschap.dll ======List of files/folders modified in the last 1 months====== 2010-01-02 12:17:06 ----D---- C:\Windows\Prefetch 2010-01-02 12:17:06 ----D---- C:\Program Files\Trend Micro 2010-01-02 12:16:59 ----D---- C:\Windows\temp 2010-01-02 12:05:20 ----D---- C:\Users\Tobias\AppData\Roaming\Skype 2010-01-02 10:03:53 ----D---- C:\Users\Tobias\AppData\Roaming\skypePM 2010-01-02 10:02:43 ----D---- C:\Windows 2010-01-01 19:03:38 ----SHD---- C:\System Volume Information 2010-01-01 17:08:36 ----D---- C:\Windows\System32 2010-01-01 17:08:36 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-01 17:08:35 ----D---- C:\Windows\inf 2009-12-28 09:42:42 ----D---- C:\Windows\system32\catroot2 2009-12-26 14:06:15 ----D---- C:\Program Files\Mozilla Firefox 2009-12-25 20:48:52 ----D---- C:\Windows\system32\drivers 2009-12-25 20:48:52 ----D---- C:\Windows\AppPatch 2009-12-25 20:47:49 ----D---- C:\Users\Tobias\AppData\Roaming\Desktopicon 2009-12-25 18:55:44 ----RD---- C:\Program Files 2009-12-25 18:55:44 ----HD---- C:\ProgramData 2009-12-09 17:33:32 ----D---- C:\Windows\winsxs 2009-12-09 17:22:50 ----D---- C:\Windows\system32\catroot 2009-12-09 17:20:57 ----D---- C:\Windows\system32\migration 2009-12-09 17:20:55 ----D---- C:\Program Files\Internet Explorer 2009-12-09 17:20:54 ----D---- C:\Program Files\Windows Mail 2009-12-09 15:25:47 ----SHD---- C:\Windows\Installer 2009-12-09 15:25:47 ----SHD---- C:\Config.Msi ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys [2009-05-29 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-29 75096] R1 SASDIFSV;SASDIFSV; \??\C:\Programm_Download\SuperAntiSpyWare\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL; \??\C:\Programm_Download\SuperAntiSpyWare\SASKUTIL.sys [2008-11-17 55024] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys [2009-05-29 52056] R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-16 1044984] R3 BthAvrcp;Bluetooth-AVRCP-Profil; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] R3 BTHFILT;Bluetooth-Befehlsfilter; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-07-15 36608] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-22 2054872] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624] R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-22 48472] R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-22 43480] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-22 106496] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-22 155136] S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752] S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632] S3 SASENUM;SASENUM; \??\C:\Programm_Download\SuperAntiSpyWare\SASENUM.SYS [2008-11-17 7408] S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-10-15 44320] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-09 611664] R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-22 77824] R2 AntiVirMailService;Avira AntiVir Premium MailGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-11-28 164097] R2 AntiVirScheduler;Avira AntiVir Premium Planer; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-10-15 151297] R2 antivirwebservice;Avira AntiVir Premium WebGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 AVEService;Avira AntiVir Premium MailGuard Hilfsdienst; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-07-15 233472] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-11-17 185640] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-05-16 24064] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate1ca07b46e687e50;Google Update Service (gupdate1ca07b46e687e50); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-18 133104] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 138168] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- |
|
11.01.2010, 22:39
| #7 |
| | Rootkit gefunden! Bis jetzt hab ich nichts mehr gefunden, oder irgendwelche Meldungen bekommen... Is der Rechner jetzt clean? |
|
12.01.2010, 23:49
| #8 |
| /// Helfer-Team | Rootkit gefunden! hi 1. - CombiFix entfernen: Start --> Ausführen -->Kopiere rein Combofix /Uninstall --> OK Entferne auf C:\ Qoobox (falls noch vorhanden) -->Papierkorb leeren oder einfach nur entfernen, C:\ Qoobox (falls noch vorhanden) auch löschen-->Papierkorb leeren 2. wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes: Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung 3. Alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. Zum Schluss, scanne dein Sytem mit mindestens 3 Onlinescanner (Externe Sachen bitte anschliessen): - Einstellungen Internet Explorer: Extras → Internetoptionen → Sicherheit → Stufe anpassen: alles auf Standardstufe stellen - Active X erlauben - dies ist notwendig, damit auf deine Festplatte zugegriffen werden kann - nach jedem Scanvorgang starte dein system neu auf - speichere und poste das Logfile des Scans - die Ergebnisse als*.txt Datei speichern Code:
ATTFilter ESET Online Scanner bitdefender emsisoft Symantec Security Check |
|
19.01.2010, 01:13
| #9 |
| | Rootkit gefunden! Also die ersten beiden Scanner haben nichts gefunden, der dritte folgendes: Code:
ATTFilter a-squared Web Malware Scanner v. 4.0
Scan Einstellungen:
Objekte: Speicher, Traces, Cookies, C:\, D:\
Archiv Scan: Ein
Heuristik: Aus
ADS Scan: Ein
Scan Start: 18.01.2010 23:12:27
Gescannt
Dateien: 171726
Traces: 412933
Cookies: 85
Prozesse: 71
Gefunden
Dateien: 0
Traces: 2
Cookies: 5
Prozesse: 0
Scan Ende: 19.01.2010 00:36:01
Scan Zeit: 01:23:34
Code:
ATTFilter a-squared Web Malware Scanner v. 4.0
(C) 2003-2009 Emsi Software GmbH - www.emsisoft.com
ID Object
0 C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@tradedoubler[2].txt erkannt: Trace.TrackingCookie.tradedoubler!A2
1 C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@specificclick[1].txt erkannt: Trace.TrackingCookie.specificclick!A2
2 C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@doubleclick[1].txt erkannt: Trace.TrackingCookie.doubleclick!A2
3 C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@doubleclick[2].txt erkannt: Trace.TrackingCookie.doubleclick!A2
4 C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@adtech[1].txt erkannt: Trace.TrackingCookie.adtech!A2
5 c:\users\tobias\favorites\amazon.url erkannt: Trace.File.Ezula!A2
|
|
| Themen zu Rootkit gefunden! |
| antivir, center, code, control, download, error, firefox, flash player, ics, live, mobile phone, modem, mp3, office, pcs, programme, rootkit, software, sp2, usb, visual c++, vlc media player, web, wireless, wlan, youtube |
Hybrid-Darstellung
