| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anti-Virenprogramme starten nicht. Was muss bei Avenger eingegeben werden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.01.2010, 20:56
| #1 |
| |  Anti-Virenprogramme starten nicht. Was muss bei Avenger eingegeben werden? Hallo zusammen, Ich hatte vor ein paar Wochen das Problem mit dem Windows Security Alert und dachte eigentlich es erfolgreich behoben zu haben. Doch jetzt treten immer neue Schwierigkeiten auf: Anti-Virenprogramme lassen sich nicht mehr starten Anti-Virenprogramme lassen sich meist nur durch umbenennen der install.exe installieren google Links werden umgeleitet Ich habe erst einmal ein HijackThis logfile erstellt und ein zwei Sachen gefixed und mich dann an die Anleitung hier auf der Seite "Für alle Hilfesuchenden" gemacht. CCleaner lief durch doch bei Malwarebytes-Anti-Malware ist natürlich Schluss, da ich ja keine Virenprogramme starten kann. In anderen Threads auf dieser Seite habe ich gesehen, dass dann immer das Programm Avenger zum Einsatz kommt. Doch leider weiß ich nicht was ich in meinem Fall dort eingeben muss. Wenn Ihr mir da weiterhelfen könntet... Damit das auch geht hab ich mal die beiden HijackThis logfiles (vor und nach dem fixen) und das logfile von GMER beigefügt. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:41:00, on 06.01.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS.0\system32\LckFldService.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\svchost.exe C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\Programme\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe C:\WINDOWS.0\system32\RunDll32.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\Trillian\trillian.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hoefliger.de:80 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [richtx64.exe] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\richtx64.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - https://***.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - ***://wwwimages.adobe.com/***.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS.0\system32\LckFldService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 5216 bytes Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:02, on 06.01.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\Explorer.EXE C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\Programme\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe C:\WINDOWS.0\system32\RunDll32.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS.0\system32\LckFldService.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wuauclt.exe C:\WINDOWS.0\system32\imapi.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hoefliger.de:80 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - h***s://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - h**p://wwwimages.adobe.com/w*w.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS.0\system32\LckFldService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 4623 bytes Code:
ATTFilter GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-01-06 20:47:40
Windows 5.1.2600 Service Pack 2
Running: yf3vo69d.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxlyypow.sys
---- System - GMER 1.0.15 ----
Code 86531468 ZwEnumerateKey
Code 86531540 ZwFlushInstructionCache
Code 8653138E IofCallDriver
Code 86531216 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86531393
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 8653121B
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D3E 5 Bytes JMP 8653146C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8057917C 5 Bytes JMP 86531544
init C:\WINDOWS.0\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF633C510]
.text C:\WINDOWS.0\system32\drivers\ACEDRV05.sys section is writeable [0xF1FAC000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS.0\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xF1FEE000]
.relo2 C:\WINDOWS.0\system32\drivers\ACEDRV05.sys unknown last section [0xF2009000, 0x8E, 0x42000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 4126D6EC C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 4119541D C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 4136441F C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 41364351 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 413643BC C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 41364222 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 41364284 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 41364482 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 413642E6 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] ole32.dll!OleLoadFromStream 774F9C9D 5 Bytes JMP 413647A0 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[476] WININET.dll!HttpAddRequestHeadersA 408CCF46 5 Bytes JMP 00C7000A
.text C:\Programme\Internet Explorer\iexplore.exe[476] WININET.dll!HttpAddRequestHeadersW 408CFE49 5 Bytes JMP 00D1000A
.text C:\Programme\Internet Explorer\iexplore.exe[476] WS2_32.dll!connect 71A1406A 5 Bytes JMP 02EE000A
.text C:\Programme\Internet Explorer\iexplore.exe[476] WS2_32.dll!send 71A1428A 5 Bytes JMP 02F0000A
.text C:\Programme\Internet Explorer\iexplore.exe[476] WS2_32.dll!recv 71A1615A 5 Bytes JMP 02E8000A
.text C:\Programme\Internet Explorer\iexplore.exe[476] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 02EF000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [71609E8F] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [71609E8F] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [71609E8F] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [71609E8F] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [71609F99] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [71609E8F] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7160A09D] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\iexplore.exe[476] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [71609D8B] C:\WINDOWS.0\AppPatch\AcLayers.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module \systemroot\system32\drivers\H8SRTtapqjxvamd.sys (*** hidden *** ) F1F46000-F1F63000 (118784 bytes)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\Programme\Internet Explorer\iexplore.exe [476] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTvsieertnow.dll (*** hidden *** ) @ C:\Programme\Internet Explorer\iexplore.exe [476] 0x00D20000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1028] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1076] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\Explorer.EXE [1176] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1688] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\System32\svchost.exe [1840] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [1888] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\svchost.exe [2024] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS.0\system32\drivers\H8SRTtapqjxvamd.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTtapqjxvamd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTtapqjxvamd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTielwxyxxns.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTbmykturryk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTvsieertnow.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTtapqjxvamd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTtapqjxvamd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTielwxyxxns.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTbmykturryk.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlbwqwbdutp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTvsieertnow.dll
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\H8SRT4cb9.tmp 343040 bytes executable
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\h8srtmainqt.dll 16485 bytes
File C:\WINDOWS.0\system32\drivers\H8SRTtapqjxvamd.sys 40960 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS.0\system32\H8SRTbmykturryk.dat 202 bytes
File C:\WINDOWS.0\system32\H8SRTielwxyxxns.dll 23040 bytes executable
File C:\WINDOWS.0\system32\H8SRTlbwqwbdutp.dll 36864 bytes executable
File C:\WINDOWS.0\system32\H8SRTvsieertnow.dll 40960 bytes executable
---- EOF - GMER 1.0.15 ----
|
| Themen zu Anti-Virenprogramme starten nicht. Was muss bei Avenger eingegeben werden? |
| 0 bytes, acedrv05.sys, adobe, alert, avg, bho, controlset002, einstellungen, excel, explorer, h8srt, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, ieframe.dll, install.exe, internet, internet explorer, launch, logfile, plug-in, problem, registry, rundll, security, shell32.dll, software, starten, system, temp, usb, windows, windows security, windows security alert, windows xp |
Baum-Darstellung