|
TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\sysayg.dll gefunden So ich habe mir das Ding auch eingefangen. Habe aber von der Materie so gut wie keine Ahnung. Wer kann mir dabei helfen. Anti vir hat ihn zwar erkannt, und verschiebt in auch in Quarantäne, aber zieht sich übers Internet immer wieder neu runter. |
Hallo und :hallo: Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen. |
So cc ist durchgelaufen Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3926 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29.03.2010 15:37:19 mbam-log-2010-03-29 (15-37-19).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 116441 Laufzeit: 31 minute(s), 22 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Mal eine Frage: Hast Du zufällig die Daemon-Tools für virtuelle DVD-Laufwerke installiert? Mach bitte zusätzlich auch Logfiles mit GMER und OSAM und poste sie. |
Logfile of random's system information tool 1.06 (written by random/random) Run by LordX at 2010-03-29 15:40:59 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 136 GB (91%) free of 150 GB Total RAM: 1022 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:41:34, on 29.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Logitech\Logitech WebCam Software\LWS.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Carambis\Driver Updater\dupdater.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\LordX\Desktop\RSIT.exe C:\Programme\trend micro\LordX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Driver Updater] C:\Programme\Carambis\Driver Updater\dupdater.exe /minimized O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 8828 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-11-21 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "BlackBerryAutoUpdate"=C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-08-31 623960] ""= [] "RoxWatchTray"=C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-11-21 149280] "HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152] "hpqSRMon"=C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "LogitechQuickCamRibbon"=C:\Programme\Logitech\Logitech WebCam Software\LWS.exe [2009-09-15 2788624] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Driver Updater"=C:\Programme\Carambis\Driver Updater\dupdater.exe [2009-10-01 4805632] "ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112] "Skype"=C:\Programme\Skype\\Phone\Skype.exe [2010-03-09 26100520] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Dokumente und Einstellungen\LordX\Startmenü\Programme\Autostart OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe"="C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-03-29 15:14:52 ----D---- C:\Programme\trend micro 2010-03-29 15:14:45 ----D---- C:\rsit 2010-03-29 15:02:28 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\Malwarebytes 2010-03-29 15:02:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-29 15:02:01 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-03-29 14:31:34 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\WinRAR 2010-03-29 14:31:05 ----D---- C:\Programme\WinRAR 2010-03-28 13:03:11 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\QuickScan 2010-03-27 09:44:47 ----D---- C:\Programme\Gemeinsame Dateien\Skype 2010-03-20 20:22:01 ----D---- C:\Programme\Sony Online Entertainment 2010-03-17 19:53:38 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment 2010-03-17 11:57:07 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\Roxio 2010-03-17 11:50:23 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\MAGIX 2010-03-17 11:50:18 ----A---- C:\WINDOWS\system32\mgxoschk.dll 2010-03-17 11:50:04 ----D---- C:\Programme\ALDI Süd Foto Service 2010-03-17 11:50:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice 2010-03-17 11:49:42 ----D---- C:\Programme\Aldi Sued Fotoservice 2010-03-17 11:49:27 ----A---- C:\WINDOWS\system32\wmv8dmod.dll 2010-03-17 11:49:27 ----A---- C:\WINDOWS\system32\mpg4c32.dll 2010-03-17 11:48:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX 2010-03-17 11:48:34 ----A---- C:\WINDOWS\system32\TTIC32.dll 2010-03-17 11:48:34 ----A---- C:\WINDOWS\system32\TTI32.dll 2010-03-17 11:48:34 ----A---- C:\WINDOWS\system32\STRING32.dll 2010-03-17 11:48:34 ----A---- C:\WINDOWS\system32\MXRestore.exe 2010-03-17 11:48:34 ----A---- C:\WINDOWS\system32\mgxcdr.txt 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLTPO32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLRES32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLRD32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLPTL32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLPRF32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLPNT32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLMSC32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLIX.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLISO32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLIO32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLIMG32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLDRV32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLDIR32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLDEV32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLCPY32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLCDF32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLCDA32.dll 2010-03-17 11:48:33 ----A---- C:\WINDOWS\system32\DLLAV32.dll 2010-03-17 11:48:01 ----A---- C:\WINDOWS\system32\msxml4a.dll 2010-03-17 11:47:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALDI Sued Foto Service 2010-03-17 11:47:50 ----D---- C:\Programme\ALDI Sued Foto Service 2010-03-17 11:47:50 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll 2010-03-17 11:47:20 ----D---- C:\Programme\Gemeinsame Dateien\MAGIX Services 2010-03-12 20:56:46 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-12 20:55:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage 2010-03-12 19:28:33 ----D---- C:\Programme\PartyGaming 2010-03-12 01:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ ======List of files/folders modified in the last 1 months====== 2010-03-29 15:41:03 ----D---- C:\WINDOWS\Prefetch 2010-03-29 15:26:08 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\Skype 2010-03-29 15:14:52 ----RD---- C:\Programme 2010-03-29 15:02:10 ----D---- C:\WINDOWS\system32\drivers 2010-03-29 14:57:32 ----D---- C:\Programme\Mozilla Firefox 2010-03-29 14:54:36 ----D---- C:\WINDOWS\Debug 2010-03-29 14:54:36 ----D---- C:\WINDOWS 2010-03-29 14:54:30 ----D---- C:\WINDOWS\Temp 2010-03-29 12:55:12 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-29 12:53:29 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\skypePM 2010-03-29 12:52:01 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-03-29 08:32:03 ----D---- C:\WINDOWS\system32 2010-03-27 09:44:50 ----SHD---- C:\WINDOWS\Installer 2010-03-27 09:44:50 ----HD---- C:\Config.Msi 2010-03-27 09:44:47 ----D---- C:\Programme\Gemeinsame Dateien 2010-03-24 15:25:54 ----D---- C:\Programme\Opera 2010-03-18 22:52:38 ----D---- C:\Dokumente und Einstellungen 2010-03-18 22:33:50 ----D---- C:\NVIDIA 2010-03-18 22:33:39 ----D---- C:\1a4e34b1eb80fea6a41cbc 2010-03-18 07:58:29 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-17 22:50:28 ----D---- C:\WINDOWS\security 2010-03-17 12:38:02 ----SHD---- C:\RECYCLER 2010-03-17 11:58:41 ----D---- C:\Dokumente und Einstellungen\LordX\Anwendungsdaten\Research In Motion 2010-03-17 11:53:08 ----HD---- C:\WINDOWS\inf 2010-03-12 20:57:13 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-12 20:57:13 ----D---- C:\Programme\Internet Explorer 2010-03-12 20:57:12 ----D---- C:\WINDOWS\ie8updates 2010-03-12 20:56:53 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-12 20:53:56 ----D---- C:\WINDOWS\SoftwareDistribution 2010-03-12 01:32:10 ----D---- C:\Programme\Movie Maker 2010-03-09 15:01:45 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield 2010-03-09 15:01:14 ----HD---- C:\Programme\InstallShield Installation Information 2010-03-09 15:00:52 ----RSD---- C:\WINDOWS\Fonts 2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-07-24 42496] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-09-15 25752] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 ntnox;ntnox; \??\C:\WINDOWS\system32\drivers\ntnox.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-07-16 23832] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568] S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-07-16 265624] S3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-07-16 6756632] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-06 6912] S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-06 11392] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-11-21 153376] R2 LVPrcSrv;Process Monitor; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-09-15 154136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
info.txt logfile of random's system information tool 1.06 2010-03-29 15:48:59 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} ALDI Süd Foto Manager Free-->C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Manager_Free\unwise.exe ALDI Süd Foto Service-->C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\unwise.exe Aldi Süd Fotoservice-->"C:\Programme\Aldi Sued Fotoservice\unins000.exe" ALDI Süd Online Druck Service 4.6-->C:\Programme\ALDI Süd Foto Service\ALDI_ODS\Deinstallieren.exe Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{13333239-0A15-4855-BEEB-0232DAA5B7EA} BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{13333239-0A15-4855-BEEB-0232DAA5B7EA} BlackBerry Device Software v5.0.0 für das BlackBerry 9500-Smartphone-->MsiExec.exe /X{DCE6C238-62C4-4FA0-99BC-7BBC458C927D} BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314} CCleaner-->"C:\Programme\CCleaner\uninst.exe" C-Media Audio-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\C-Media Audio\Uninst.isu" -c"C:\Programme\C-Media Audio\CMIUnInstall.DLL" C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Der Stein der Weisen-->C:\PROGRA~1\PURPLE~1\DERSTE~1\UNWISE.EXE C:\PROGRA~1\PURPLE~1\DERSTE~1\INSTALL.LOG DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Driver Updater-->"C:\Programme\InstallShield Installation Information\{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}\setup.exe" -runfromtemp -l0x0007 -removeonly Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485} Free Audio CD Burner version 1.2-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" HP Customer Participation Program 10.0-->C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Programme\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop HP Imaging Device Functions 10.0-->C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 2.5-->C:\Programme\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->C:\Programme\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 10.0-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Logitech for Business Webcam Software-->MsiExec.exe /I{97B56D25-365E-4BD6-BD70-2C3FAE3B279D} Logitech for Business Webcam Software-Treiberpaket-->"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\12.10.1044\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progress Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.5.8)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} NVIDIA Drivers-->C:\Programme\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740} Opera 10.51-->MsiExec.exe /X{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A} PartyPoker-->"C:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programme\PartyGaming\PartyPoker\install.log" Rocks'n'Diamonds 3.2.4-->"C:\Programme\Rocks'n'Diamonds\unins000.exe" Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06} Shop for HP Supplies-->C:\Programme\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update für Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} VIA Rhine Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex Rhine Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PRIVAT-0F9168C6 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet. Record Number: 4671 Source Name: Service Control Manager Time Written: 20100210064321.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: PRIVAT-0F9168C6 Event Code: 7036 Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt". Record Number: 4670 Source Name: Service Control Manager Time Written: 20100210064321.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 7036 Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt". Record Number: 4669 Source Name: Service Control Manager Time Written: 20100210064321.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet. Record Number: 4668 Source Name: Service Control Manager Time Written: 20100210064321.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: PRIVAT-0F9168C6 Event Code: 7036 Message: Dienst "LiveShare P2P Server 9" befindet sich jetzt im Status "Beendet". Record Number: 4667 Source Name: Service Control Manager Time Written: 20100210064319.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: PRIVAT-0F9168C6 Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst ContentIndex (ContentIndex) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 5 Source Name: LoadPerf Time Written: 20091118153928.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 4 Source Name: LoadPerf Time Written: 20091118153926.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 3 Source Name: LoadPerf Time Written: 20091118153759.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 2 Source Name: LoadPerf Time Written: 20091118153736.000000+060 Event Type: Informationen User: Computer Name: PRIVAT-0F9168C6 Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 1 Source Name: LoadPerf Time Written: 20091118153735.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
machst Du das auch noch? Zitat:
|
GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-03-29 16:50:37 Windows 5.1.2600 Service Pack 3 Running: ieh56q7x.exe; Driver: C:\DOKUME~1\LordX\LOKALE~1\Temp\uwpiqkoc.sys ---- System - GMER 1.0.15 ---- SSDT F7D16CF6 ZwCreateKey SSDT F7D16CEC ZwCreateThread SSDT F7D16CFB ZwDeleteKey SSDT F7D16D05 ZwDeleteValueKey SSDT F7D16D0A ZwLoadKey SSDT F7D16CD8 ZwOpenProcess SSDT F7D16CDD ZwOpenThread SSDT F7D16D14 ZwReplaceKey SSDT F7D16D0F ZwRestoreKey SSDT F7D16D00 ZwSetValueKey SSDT F7D16CE7 ZwTerminateProcess Code \??\C:\WINDOWS\system32\drivers\ntnox.sys (Windows interface driver/Microsoft Corporation) ZwResumeThread [0xF4610590] ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwResumeThread 805CACB0 7 Bytes JMP F4610594 \??\C:\WINDOWS\system32\drivers\ntnox.sys (Windows interface driver/Microsoft Corporation) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BE5360, 0x3E57A5, 0xE8000020] .text ntnox.sys F460E486 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ntnox.sys F460E492 3 Bytes [00, 00, 00] .text ntnox.sys F460E496 55 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ntnox.sys F460E4CF 2 Bytes [00, 00] {ADD [EAX], AL} .text ntnox.sys F460E4D2 51 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \??\C:\WINDOWS\system32\drivers\ntnox.sys[HAL.dll!KfRaiseIrql] 8B3372EB IAT \??\C:\WINDOWS\system32\drivers\ntnox.sys[HAL.dll!KfLowerIrql] 6CB9FDC5 IAT \??\C:\WINDOWS\system32\drivers\ntnox.sys[HAL.dll!KeGetCurrentIrql] A784473C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01042F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01042C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01042CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01042CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [0059696C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [00596C62] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [00597AB6] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] [00597800] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileInformationByHandle] [00596432] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [00597BEA] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileExW] [00596BFF] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleExW] [00595567] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00597BEA] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSizeEx] [00598088] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesExW] [0059792B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingA] [0059831E] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!MapViewOfFileEx] [00598539] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetFileSizeEx] [00598088] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [00597BEA] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [00597AB6] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [00596C62] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [0059696C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0059D8B7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] [0059810B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileInformationByHandle] [00596432] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesExW] [0059792B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingA] [0059831E] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindFirstFileA] [0059696C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindNextFileA] [00596C62] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileInformationByHandle] [00596432] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindFirstFileExW] [00596BFF] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileAttributesA] [00597AB6] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileAttributesExW] [0059792B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [0059824A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [0059D8B7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleExW] [00595567] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] [00598539] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] [00598496] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0059D8B7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] [00597800] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileInformationByHandle] [00596432] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] [0059831E] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [0059792B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!OpenFileMappingA] [00598441] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileMappingA] [0059831E] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MapViewOfFileEx] [00598539] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!UnmapViewOfFile] [00598651] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FindFirstFileA] [0059696C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FindNextFileA] [00596C62] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] [0059810B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] [00597AB6] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesExA] [0059786D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileSizeEx] [00598088] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetFilePointerEx] [00597F7C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleExA] [005954E5] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [005953BB] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [0059548C] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [00597BEA] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0059D903] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!MapViewOfFile] [005985F2] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileMappingW] [005983E4] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!DuplicateHandle] [005976D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0059D882] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetFilePointer] [00597E71] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [00597C8A] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0059D8B7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesW] [00597B26] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileTime] [00597769] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileSize] [00598002] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetModuleFileNameW] [00595311] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] [00598170] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FindClose] [0059765B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FindNextFileW] [005975D7] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FindFirstFileW] [00596A16] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileAttributesExW] [0059792B] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [00597D80] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [0059D94F] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetModuleFileNameA] [00595243] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [0059D84D] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!FreeLibrary] [005950FC] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Carambis\Driver Updater\dupdater.exe[1052] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [00596637] C:\Programme\Carambis\Driver Updater\dupdater.exe (Carambis Driver Updater/Media Fog Ltd.) IAT C:\Programme\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02D22F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02D22C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02D22CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02D22CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\explorer.exe[10708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\explorer.exe[10708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\explorer.exe[10708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\explorer.exe[10708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- EOF - GMER 1.0.15 ---- |
[Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "ntnox" (ntnox) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnox.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "uwpiqkoc" (uwpiqkoc) - ? - C:\DOKUME~1\LordX\LOKALE~1\Temp\uwpiqkoc.sys (Hidden registry entry, rootkit activity | File not found) "VIA USB Host Controller Lower Filter" (vulfnths) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfnth.sys "VIA USB Roothub Lower Filter" (vulfntrs) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfntr.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\LordX\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Driver Updater" - "Media Fog Ltd." - C:\Programme\Carambis\Driver Updater\dupdater.exe /minimized "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "RoxWatchTray" - "Sonic Solutions" - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveShare P2P Server 9" (RoxLiveShare9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe "Roxio Upnp Server 9" (Roxio Upnp Server 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Osam mußte es trennen da es zu lang war hoffe das geht in ordnung. |
Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:12:04 on 29.03.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Opera Software Opera Internet Browser 10.51 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "ntnox" (ntnox) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnox.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "uwpiqkoc" (uwpiqkoc) - ? - C:\DOKUME~1\LordX\LOKALE~1\Temp\uwpiqkoc.sys (Hidden registry entry, rootkit activity | File not found) "VIA USB Host Controller Lower Filter" (vulfnths) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfnth.sys "VIA USB Roothub Lower Filter" (vulfntrs) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfntr.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\LordX\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Driver Updater" - "Media Fog Ltd." - C:\Programme\Carambis\Driver Updater\dupdater.exe /minimized "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "RoxWatchTray" - "Sonic Solutions" - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveShare P2P Server 9" (RoxLiveShare9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe "Roxio Upnp Server 9" (Roxio Upnp Server 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Code: [Drivers]C:\WINDOWS\system32\drivers\ntnox.sys C:\DOKUMENTE UND EINSTELLUNGEN\LordX\LOKALE EINSTELLUNGEN\Temp\uwpiqkoc.sys C:\WINDOWS\system32\drivers\WDICA.sys bei Virustotal auswerten. Bitte dann die Ergebnislinks posten. |
C:\WINDOWS\system32\drivers\ntnox.sys erledigt C:\DOKUMENTE UND EINSTELLUNGEN\LordX\LOKALE EINSTELLUNGEN\Temp\uwpiqkoc.sys wo finde ich die datei bei Osam C:\WINDOWS\system32\drivers\WDICA.sys erledigt Virustotal auswerten lassen ? Was meinst du damit? Sorry habe es nicht Kapiert. |
Du gehst auf https://www.virustotal.com und lädst dort die Dateien hoch. Alle nacheinander. |
C:\DOKUMENTE UND EINSTELLUNGEN\LordX\LOKALE EINSTELLUNGEN\Temp\uwpiqkoc.sys wo finde ich die datei bei Osam |
Ahrg... vergiss diese Datei uwpiqkoc.sys denn sie gehört zu GMER und ist gutartig :crazy: |
Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:21:52 on 29.03.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Opera Software Opera Internet Browser 10.51 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "VIA USB Host Controller Lower Filter" (vulfnths) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfnth.sys "VIA USB Roothub Lower Filter" (vulfntrs) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfntr.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\LordX\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Driver Updater" - "Media Fog Ltd." - C:\Programme\Carambis\Driver Updater\dupdater.exe /minimized "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "RoxWatchTray" - "Sonic Solutions" - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveShare P2P Server 9" (RoxLiveShare9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe "Roxio Upnp Server 9" (Roxio Upnp Server 9) - "Sonic Solutions" - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Bei virustotal komme ich bei dem Ordner system32 nicht weiter kommt eine lupe und er hängt sich auf. Sehe keine dateien und auch kein Ordner Driver |
Du kannst die Pfade auch kopieren. Oder Du versuchst erstmal manuell in den Ordner zu gehen und kopierst die Dateien C:\WINDOWS\system32\drivers\ntnox.sys C:\WINDOWS\system32\drivers\WDICA.sys auf den Desktop und wertest sie von da bei VT aus. |
Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.29 - AntiVir 7.10.5.248 2010.03.29 - Antiy-AVL 2.0.3.7 2010.03.29 - Authentium 5.2.0.5 2010.03.29 - Avast 4.8.1351.0 2010.03.29 - Avast5 5.0.332.0 2010.03.29 - AVG 9.0.0.787 2010.03.29 PSW.Generic7.BUJM BitDefender 7.2 2010.03.29 - CAT-QuickHeal 10.00 2010.03.29 - ClamAV 0.96.0.0-git 2010.03.29 - Comodo 4428 2010.03.29 - DrWeb 5.0.2.03220 2010.03.29 - eSafe 7.0.17.0 2010.03.28 - eTrust-Vet 35.2.7394 2010.03.29 - F-Prot 4.5.1.85 2010.03.29 - F-Secure 9.0.15370.0 2010.03.29 - Fortinet 4.0.14.0 2010.03.29 - GData 19 2010.03.29 - Ikarus T3.1.1.80.0 2010.03.29 - Jiangmin 13.0.900 2010.03.29 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.29 - McAfee 5935 2010.03.29 Generic PWS!hv.aq McAfee+Artemis 5935 2010.03.29 Generic PWS!hv.aq Microsoft 1.5605 2010.03.29 Trojan:WinNT/Mediyes.A NOD32 4983 2010.03.29 - Norman 6.04.10 2010.03.29 - nProtect 2009.1.8.0 2010.03.29 - Panda 10.0.2.2 2010.03.29 - PCTools 7.0.3.5 2010.03.29 - Rising 22.41.00.04 2010.03.29 - Sophos 4.52.0 2010.03.29 Sus/UnkPack-C Sunbelt 6113 2010.03.29 - Symantec 20091.2.0.41 2010.03.29 Suspicious.Insight TheHacker 6.5.2.0.247 2010.03.29 - TrendMicro 9.120.0.1004 2010.03.29 - VBA32 3.12.12.2 2010.03.29 - ViRobot 2010.3.29.2250 2010.03.29 - VirusBuster 5.0.27.0 2010.03.29 - weitere Informationen File size: 393088 bytes MD5...: c52a443f0b793a100e4816a456db66ab SHA1..: 7e42d9c827848631580076e0caadadb80447c832 SHA256: 261808d7d866ebb6cf3d69d50d6397135eeedcbb055a936325b8557bfb4a644a ssdeep: 6144:wj5gvGw3WZ9wGSmlyK9fD9vA4UY2VDUzl5+Ob9QUqZXfxhE0DUpAtfRprGs TBYk:Gwcw0yK/A4cYn+mSZfEx+H6sTj PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5e73e timedatestamp.....: 0x4baf813a (Sun Mar 28 16:18:02 2010) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x480 0x9c17 0x9c80 6.54 da108e60ef479b96808042103108ef6d .rdata 0xa100 0x540bc 0x54100 7.99 826669a0a74feec03f94fa5904ecd0a4 .data 0x5e200 0x48c 0x500 0.28 6abd3798dccac827025d7c9287a91421 INIT 0x5e700 0x700 0x700 5.56 cc322e3cfc98088fb7b211601a3b2b60 .rsrc 0x5ee00 0x2c8 0x300 2.99 56a10fc57e7b9f0396349df3ee342781 .reloc 0x5f100 0xe68 0xe80 5.03 90cf5c55088cdb775c11783920f19384 ( 2 imports ) > ntoskrnl.exe: ObOpenObjectByName, RtlInitUnicodeString, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, RtlCopyUnicodeString, ExAllocatePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwSetInformationProcess, ZwDuplicateToken, ZwOpenProcessToken, ZwOpenProcess, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, memset, ZwLoadDriver, ZwSetValueKey, ZwCreateKey, IoDeleteDevice, RtlImageDirectoryEntryToData, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ZwAllocateVirtualMemory, ZwOpenFile, ObReferenceObjectByHandle, ZwQueryInformationThread, ZwQuerySystemInformation, memmove, KeInitializeMutex, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, memcpy, ZwQueryInformationFile, ZwQueryVolumeInformationFile, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, IofCompleteRequest, KeServiceDescriptorTable, RtlImageNtHeader, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, ZwMapViewOfSection, ZwCreateSection, ZwUnmapViewOfSection, KeTickCount, KeBugCheckEx, ObfDereferenceObject, ZwClose, wcsncmp, RtlUnwind > HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: Microsoft Corporation copyright....: n/a product......: Microsoft_ Windows_ Operating System description..: Windows interface driver original name: n/a internal name: n/a file version.: 5.1.2600.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Win32 Executable Generic (58.4%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) VXD Driver (0.2%) ACHTUNG ACHTUNG: VirusTotal ist ein kostenloser Dienst bereitgestellt von Hispasec Sistemas. Es gibt keine Garantie zur Verfügbarkeit sowie Fortbestehen der Dienstleistung. Obwohl die Erkennungsrate mehrerer Antivirus-Engines besser ist als nur durch ein Produkt, garantieren die Ergebnisse des Scans nicht die Harmlosigkeit einer Datei. Gegenwärtig gibt es keine Lösung, welche eine Erkennungsrate aller Viren und Malware zu 100% bietet. |
Bitte den Ergebnislink posten! |
https://www.virustotal.com/de/analisis/261808d7d866ebb6cf3d69d50d6397135eeedcbb055a936325b8557bfb4a644a-1269888573 die datei WDICA.sys finde ich nirgens nicht manuell nicht kopiert und auch über suchen in versteckte ordner und dateien nicht. Danke schon mal für deine Geduld. Gruß Jürgen |
Ok. Dann mach mal nun bitte ein Log mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
(doppelt, bitte ignorieren) |
ComboFix 10-03-28.03 - LordX 29.03.2010 21:43:58.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.614 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\LordX\Desktop\Cofi.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 )))))))))))))))))))))))))))))) . 2010-03-29 18:09 . 2010-03-29 18:09 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Online Solutions 2010-03-29 13:14 . 2010-03-29 13:47 -------- d-----w- c:\programme\trend micro 2010-03-29 13:14 . 2010-03-29 13:15 -------- d-----w- C:\rsit 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Malwarebytes 2010-03-29 13:02 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-03-29 13:02 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-28 11:03 . 2010-03-28 11:05 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\QuickScan 2010-03-28 11:03 . 2010-03-26 12:33 668648 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-03-28 11:03 . 2010-03-26 12:33 830864 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-03-27 07:44 . 2010-03-27 07:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype 2010-03-20 18:22 . 2010-03-20 18:22 -------- d-----w- c:\programme\Sony Online Entertainment 2010-03-17 18:18 . 2010-03-17 18:18 -------- d-----w- c:\dokumente und einstellungen\LordX\Lokale Einstellungen\Anwendungsdaten\SCE 2010-03-17 18:16 . 2009-07-07 20:59 22528 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll 2010-03-17 18:16 . 2010-02-22 18:48 29184 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll 2010-03-17 18:16 . 2010-03-17 18:16 238905 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\npsoeact.dll 2010-03-17 17:53 . 2010-03-17 18:16 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment 2010-03-17 10:20 . 2010-03-18 17:25 -------- d-----w- c:\dokumente und einstellungen\LordX\ALDI Süd Online Druck Service 2010-03-17 09:57 . 2010-03-17 09:57 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Roxio 2010-03-17 09:57 . 2010-03-17 09:57 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Roxio 2010-03-17 09:55 . 2010-03-17 17:02 256 ----a-w- c:\dokumente und einstellungen\LordX\pool.bin 2010-03-17 09:50 . 2010-03-17 09:53 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\MAGIX 2010-03-17 09:50 . 2007-01-04 10:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll 2010-03-17 09:50 . 2010-03-17 09:50 -------- d-----w- c:\programme\ALDI Süd Foto Service 2010-03-17 09:50 . 2010-03-17 09:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice 2010-03-17 09:49 . 2010-03-17 09:50 -------- d-----w- c:\programme\Aldi Sued Fotoservice 2010-03-17 09:49 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll 2010-03-17 09:49 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll 2010-03-17 09:47 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2010-03-17 09:47 . 2010-03-17 09:48 -------- d-----w- c:\programme\Gemeinsame Dateien\MAGIX Services 2010-03-12 18:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-12 17:28 . 2010-03-12 19:27 -------- d-----w- c:\programme\PartyGaming 2010-03-11 05:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-29 19:49 . 2009-11-19 20:05 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\skypePM 2010-03-29 19:48 . 2009-11-19 20:03 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Skype 2010-03-24 13:25 . 2009-11-18 16:43 -------- d-----w- c:\programme\Opera 2010-03-24 07:30 . 2009-11-22 16:19 1 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-19 03:24 . 2010-03-17 18:17 12784984 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe 2010-03-19 03:15 . 2010-03-17 18:17 106496 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll 2010-03-19 03:15 . 2010-03-17 18:17 2854912 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll 2010-03-18 20:49 . 2010-03-17 10:36 40264 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\mdbu.bin 2010-03-17 09:58 . 2009-11-18 16:20 32728 ----a-w- c:\dokumente und einstellungen\LordX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-03-17 09:58 . 2009-11-18 18:08 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Research In Motion 2010-03-17 09:49 . 2010-03-17 09:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MAGIX 2010-03-17 09:48 . 2010-03-17 09:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ALDI Sued Foto Service 2010-03-17 09:48 . 2010-03-17 09:47 -------- d-----w- c:\programme\ALDI Sued Foto Service 2010-03-16 00:43 . 2010-03-17 18:17 98136 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe 2010-03-09 13:01 . 2009-11-18 17:57 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield 2010-03-09 13:01 . 2009-11-18 15:48 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-02-27 09:54 . 2009-11-29 20:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-02-27 09:54 . 2009-11-29 20:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-02-15 09:01 . 2009-11-22 16:04 -------- d-----w- c:\programme\Ask.com 2010-02-13 08:07 . 2010-02-13 08:07 2131336 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-02-09 20:11 . 2010-03-17 18:17 868352 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll 2010-01-20 19:18 . 2010-03-17 18:17 456024 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GDF.dll 2010-01-12 05:57 . 2004-08-04 12:00 80302 ----a-w- c:\windows\system32\perfc007.dat 2010-01-12 05:57 . 2004-08-04 12:00 448800 ----a-w- c:\windows\system32\perfh007.dat 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Updater"="c:\programme\Carambis\Driver Updater\dupdater.exe" [2009-10-01 4805632] "ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Skype"="c:\programme\Skype\\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "BlackBerryAutoUpdate"="c:\programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960] "RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-11-21 149280] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-09-15 2788624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpiscnapp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpqkygrp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.11.2009 18:49 108289] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 18:09 1253376] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-03-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2010-02-04 15:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ FF - ProfilePath - c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\ FF - component: c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\programme\Sony Online Entertainment\npsoe.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-03-29 21:50 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(3084) c:\dokume~1\LordX\LOKALE~1\Temp\catchme.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\RunDll32.exe c:\programme\Skype\Phone\Skype.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin c:\programme\Java\jre6\bin\jqs.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe c:\programme\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe c:\programme\HP\Digital Imaging\bin\hpqbam08.exe c:\programme\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-03-29 21:51:22 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-03-29 19:51 Vor Suchlauf: 7 Verzeichnis(se), 142.437.695.488 Bytes frei Nach Suchlauf: 9 Verzeichnis(se), 142.613.225.472 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 31036B7B947F115251783E388A1AE78A |
Hast Du die ntnox.sys noch? Wenn ja, bitte bei uns hochlad, Anleitung hier > http://www.trojaner-board.de/54791-a...ner-board.html Danach: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code: http://www.trojaner-board.de/84212-tr-agent-ruo-trojan-c-windows-system32-sysayg-dll-gefunden.html#post5124824. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. http://users.pandora.be/bluepatchy/m...s/CFScript.gif 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
ComboFix 10-03-28.03 - LordX 29.03.2010 22:39:24.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.586 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\LordX\Desktop\Cofi.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\LordX\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} file zipped: c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll file zipped: c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll file zipped: c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll file zipped: c:\windows\system32\drivers\ntnox.sys . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll c:\windows\system32\drivers\ntnox.sys c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NTNOX ((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 )))))))))))))))))))))))))))))) . 2010-03-29 19:37 . 2010-03-29 19:51 -------- d-----w- C:\Cofi 2010-03-29 18:09 . 2010-03-29 18:09 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Online Solutions 2010-03-29 13:14 . 2010-03-29 13:47 -------- d-----w- c:\programme\trend micro 2010-03-29 13:14 . 2010-03-29 13:15 -------- d-----w- C:\rsit 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Malwarebytes 2010-03-29 13:02 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-03-29 13:02 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-28 11:03 . 2010-03-28 11:05 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\QuickScan 2010-03-27 07:44 . 2010-03-27 07:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype 2010-03-20 18:22 . 2010-03-20 18:22 -------- d-----w- c:\programme\Sony Online Entertainment 2010-03-17 18:18 . 2010-03-17 18:18 -------- d-----w- c:\dokumente und einstellungen\LordX\Lokale Einstellungen\Anwendungsdaten\SCE 2010-03-17 18:16 . 2010-02-22 18:48 29184 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll 2010-03-17 18:16 . 2010-03-17 18:16 238905 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\npsoeact.dll 2010-03-17 17:53 . 2010-03-17 18:16 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment 2010-03-17 10:20 . 2010-03-18 17:25 -------- d-----w- c:\dokumente und einstellungen\LordX\ALDI Süd Online Druck Service 2010-03-17 09:57 . 2010-03-17 09:57 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Roxio 2010-03-17 09:57 . 2010-03-17 09:57 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Roxio 2010-03-17 09:55 . 2010-03-17 17:02 256 ----a-w- c:\dokumente und einstellungen\LordX\pool.bin 2010-03-17 09:50 . 2010-03-17 09:53 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\MAGIX 2010-03-17 09:50 . 2007-01-04 10:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll 2010-03-17 09:50 . 2010-03-17 09:50 -------- d-----w- c:\programme\ALDI Süd Foto Service 2010-03-17 09:50 . 2010-03-17 09:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice 2010-03-17 09:49 . 2010-03-17 09:50 -------- d-----w- c:\programme\Aldi Sued Fotoservice 2010-03-17 09:49 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll 2010-03-17 09:49 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll 2010-03-17 09:47 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2010-03-17 09:47 . 2010-03-17 09:48 -------- d-----w- c:\programme\Gemeinsame Dateien\MAGIX Services 2010-03-12 18:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-12 17:28 . 2010-03-12 19:27 -------- d-----w- c:\programme\PartyGaming 2010-03-11 05:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-29 20:45 . 2009-11-19 20:03 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Skype 2010-03-29 19:49 . 2009-11-19 20:05 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\skypePM 2010-03-24 13:25 . 2009-11-18 16:43 -------- d-----w- c:\programme\Opera 2010-03-24 07:30 . 2009-11-22 16:19 1 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-19 03:24 . 2010-03-17 18:17 12784984 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe 2010-03-19 03:15 . 2010-03-17 18:17 106496 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll 2010-03-19 03:15 . 2010-03-17 18:17 2854912 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll 2010-03-18 20:49 . 2010-03-17 10:36 40264 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\mdbu.bin 2010-03-17 09:58 . 2009-11-18 16:20 32728 ----a-w- c:\dokumente und einstellungen\LordX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-03-17 09:58 . 2009-11-18 18:08 -------- d-----w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Research In Motion 2010-03-17 09:49 . 2010-03-17 09:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MAGIX 2010-03-17 09:48 . 2010-03-17 09:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ALDI Sued Foto Service 2010-03-17 09:48 . 2010-03-17 09:47 -------- d-----w- c:\programme\ALDI Sued Foto Service 2010-03-16 00:43 . 2010-03-17 18:17 98136 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe 2010-03-09 13:01 . 2009-11-18 17:57 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield 2010-03-09 13:01 . 2009-11-18 15:48 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-02-27 09:54 . 2009-11-29 20:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-02-27 09:54 . 2009-11-29 20:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-02-15 09:01 . 2009-11-22 16:04 -------- d-----w- c:\programme\Ask.com 2010-02-13 08:07 . 2010-02-13 08:07 2131336 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-02-09 20:11 . 2010-03-17 18:17 868352 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll 2010-01-20 19:18 . 2010-03-17 18:17 456024 ----a-w- c:\dokumente und einstellungen\LordX\Anwendungsdaten\Sony Online Entertainment\Installed Games\Free Realms\GDF.dll 2010-01-12 05:57 . 2004-08-04 12:00 80302 ----a-w- c:\windows\system32\perfc007.dat 2010-01-12 05:57 . 2004-08-04 12:00 448800 ----a-w- c:\windows\system32\perfh007.dat 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((( SnapShot@2010-03-29_19.48.46 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-29 20:44 . 2010-03-29 20:44 16384 c:\windows\Temp\Perflib_Perfdata_760.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Updater"="c:\programme\Carambis\Driver Updater\dupdater.exe" [2009-10-01 4805632] "ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Skype"="c:\programme\Skype\\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "BlackBerryAutoUpdate"="c:\programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960] "RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-11-21 149280] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-09-15 2788624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] c:\dokumente und einstellungen\LordX\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpiscnapp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpqkygrp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.11.2009 18:49 108289] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 18:09 1253376] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-03-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2010-02-04 15:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ FF - ProfilePath - c:\dokumente und einstellungen\LordX\Anwendungsdaten\Mozilla\Firefox\Profiles\r3g238y2.default\ FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\programme\Sony Online Entertainment\npsoe.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-03-29 22:46 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(1908) c:\dokume~1\LordX\LOKALE~1\Temp\catchme.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvsvc32.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\RUNDLL32.EXE c:\programme\Skype\Phone\Skype.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe c:\programme\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-03-29 22:47:29 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-03-29 20:47 ComboFix2.txt 2010-03-29 19:51 Vor Suchlauf: 9 Verzeichnis(se), 142.611.034.112 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 142.511.108.096 Bytes frei - - End Of File - - C4EF51EB1CB744430EDD645115419EC0 |
Sieht ok aus. Poppt die Meldung zum TR/Agent.ruo noch auf? Mach bitte Kontrollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Sorry Arne hatte gestern einen 10 Stunden Einsatz FFW lasse gerade Malwerbyte durchlaufen , aber Anti Vir hat ihn schon wieder gefunden, er ist also noch da. Grüße Jürgen |
Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3936 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31.03.2010 10:46:19 mbam-log-2010-03-31 (10-46-19).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 97961 Laufzeit: 4 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Sieht gut aus. Das Rootkit hatten wir auch zerlegt ;) Zitat:
|
Ok dann ganz herzlichen Dank Arne |
Schön :D Dann prüf mal jetzt die wichtigsten Updates: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:38 Uhr. |
Copyright ©2000-2025, Trojaner-Board