| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Ukash (anderer Rechner mit Windows XP)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.10.2011, 15:28
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei-Ukash (anderer Rechner mit Windows XP) "copy to quarantine" bedeutet aber so eigentlich nur, dass es in die Quarantäne kopiert wird, sonst wird nichts weiter entfernt. Vllt meinen die damit eher "move to quarantine", das wäre sinniger. Mach bitte ein neues Log mit dem TDSS-Killer
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.10.2011, 10:13
| #17 |
 |  Bundespolizei-Ukash (anderer Rechner mit Windows XP) guten morgen erstmal
__________________ Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7884 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.10.2011 16:46:45 mbam-log-2011-10-06 (16-46-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 240654 Laufzeit: 32 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=a2d87656fa723c45beb2800e41b1aeb9 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-10 09:03:50 # local_time=2011-10-10 11:03:50 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1798 16775141 100 95 5466 57711251 0 0 # compatibility_mode=8192 67108863 100 0 213 213 0 0 # scanned=47536 # found=0 # cleaned=0 # scan_time=1888 hxxp://www.trojaner-board.de/images/icons/icon26.gif |
|
10.10.2011, 10:30
| #18 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) ahja bevor ich das vergesse soll ich die dateien die in der quarantäne sind alle löschen ? bevor der virus evtl zurückkommt ?
__________________ |
|
10.10.2011, 13:21
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Ukash (anderer Rechner mit Windows XP) Ich hab den Eindruck ich bin hier ein wenig durcheinandergekommen, hattest du den TDSS-Killer schon ausgeführt  wil irgendwie seh ich kein Log dazu hab aber was von seiner Quarantäne erwähnt.Welche Qurantäne meinst du wenn in den letzten beiden Logs von MBAM/ESET rein GARNIX zu sehen ist?  Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2011, 13:27
| #20 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) lasse tdss gleichmal drüberlaufen |
|
10.10.2011, 14:02
| #21 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) tdss rüberlaufen lassen finde nirgends die logfile  hat aber auch nur einen fund gehabt was mit der fritzbox nix wildes |
|
10.10.2011, 14:12
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Ukash (anderer Rechner mit Windows XP) Log vom TDSS ist direkt auf C:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2011, 14:19
| #23 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) 14:58:02.0875 3700 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06 14:58:04.0875 3700 ============================================================ 14:58:04.0875 3700 Current date / time: 2011/10/10 14:58:04.0875 14:58:04.0875 3700 SystemInfo: 14:58:04.0875 3700 14:58:04.0875 3700 OS Version: 5.1.2600 ServicePack: 3.0 14:58:04.0875 3700 Product type: Workstation 14:58:04.0875 3700 ComputerName: WILLI 14:58:04.0875 3700 UserName: Teproma 14:58:04.0875 3700 Windows directory: C:\WINDOWS 14:58:04.0875 3700 System windows directory: C:\WINDOWS 14:58:04.0875 3700 Processor architecture: Intel x86 14:58:04.0875 3700 Number of processors: 2 14:58:04.0875 3700 Page size: 0x1000 14:58:04.0875 3700 Boot type: Normal boot 14:58:04.0875 3700 ============================================================ 14:58:05.0656 3700 Initialize success 14:58:10.0609 0780 ============================================================ 14:58:10.0609 0780 Scan started 14:58:10.0609 0780 Mode: Manual; 14:58:10.0609 0780 ============================================================ 14:58:12.0343 0780 A3AB (1f489950b3e4ba796b7c035542f2fb25) C:\WINDOWS\system32\DRIVERS\A3AB.sys 14:58:12.0343 0780 A3AB - ok 14:58:12.0406 0780 Abiosdsk - ok 14:58:12.0421 0780 abp480n5 - ok 14:58:12.0484 0780 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:58:12.0484 0780 ACPI - ok 14:58:12.0562 0780 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 14:58:12.0562 0780 ACPIEC - ok 14:58:12.0625 0780 adpu160m - ok 14:58:12.0687 0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:58:12.0687 0780 aec - ok 14:58:12.0796 0780 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 14:58:12.0796 0780 AFD - ok 14:58:12.0843 0780 Aha154x - ok 14:58:12.0859 0780 aic78u2 - ok 14:58:12.0875 0780 aic78xx - ok 14:58:12.0890 0780 AliIde - ok 14:58:12.0968 0780 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 14:58:12.0984 0780 Ambfilt - ok 14:58:13.0062 0780 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 14:58:13.0062 0780 AmdPPM - ok 14:58:13.0109 0780 amsint - ok 14:58:13.0125 0780 asc - ok 14:58:13.0140 0780 asc3350p - ok 14:58:13.0156 0780 asc3550 - ok 14:58:13.0218 0780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:58:13.0218 0780 AsyncMac - ok 14:58:13.0296 0780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 14:58:13.0296 0780 atapi - ok 14:58:13.0343 0780 Atdisk - ok 14:58:13.0390 0780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:58:13.0390 0780 Atmarpc - ok 14:58:13.0484 0780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:58:13.0484 0780 audstub - ok 14:58:13.0578 0780 avfwim (32f20f013ac88f9b1d3194f7bbff6324) C:\WINDOWS\system32\DRIVERS\avfwim.sys 14:58:13.0578 0780 avfwim - ok 14:58:13.0656 0780 avfwot (9d46038fc08b9d129ad001e2ccebd25d) C:\WINDOWS\system32\DRIVERS\avfwot.sys 14:58:13.0656 0780 avfwot - ok 14:58:13.0718 0780 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 14:58:13.0718 0780 avgio - ok 14:58:13.0812 0780 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 14:58:13.0812 0780 avgntflt - ok 14:58:13.0890 0780 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 14:58:13.0890 0780 avipbb - ok 14:58:13.0968 0780 AVMCOWAN (56acae37faeef24d346b99f45d17ef4b) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys 14:58:13.0968 0780 AVMCOWAN - ok 14:58:14.0046 0780 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys 14:58:14.0046 0780 AVMPORT - ok 14:58:14.0109 0780 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys 14:58:14.0109 0780 AVMWAN - ok 14:58:14.0187 0780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:58:14.0187 0780 Beep - ok 14:58:14.0281 0780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 14:58:14.0281 0780 cbidf2k - ok 14:58:14.0343 0780 cd20xrnt - ok 14:58:14.0375 0780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:58:14.0375 0780 Cdaudio - ok 14:58:14.0453 0780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:58:14.0453 0780 Cdfs - ok 14:58:14.0531 0780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:58:14.0531 0780 Cdrom - ok 14:58:14.0578 0780 Changer - ok 14:58:14.0609 0780 CmdIde - ok 14:58:14.0671 0780 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys 14:58:14.0687 0780 cmuda - ok 14:58:14.0750 0780 Cpqarray - ok 14:58:14.0781 0780 dac2w2k - ok 14:58:14.0796 0780 dac960nt - ok 14:58:14.0843 0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:58:14.0843 0780 Disk - ok 14:58:14.0937 0780 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 14:58:14.0937 0780 dmboot - ok 14:58:15.0015 0780 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys 14:58:15.0015 0780 dmio - ok 14:58:15.0093 0780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:58:15.0093 0780 dmload - ok 14:58:15.0171 0780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:58:15.0171 0780 DMusic - ok 14:58:15.0218 0780 dpti2o - ok 14:58:15.0265 0780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:58:15.0265 0780 drmkaud - ok 14:58:15.0359 0780 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 14:58:15.0359 0780 ElbyCDIO - ok 14:58:15.0421 0780 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 14:58:15.0421 0780 ElbyDelay - ok 14:58:15.0500 0780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:58:15.0500 0780 Fastfat - ok 14:58:15.0593 0780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 14:58:15.0593 0780 Fdc - ok 14:58:15.0687 0780 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 14:58:15.0687 0780 Fips - ok 14:58:15.0765 0780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 14:58:15.0765 0780 Flpydisk - ok 14:58:15.0843 0780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 14:58:15.0843 0780 FltMgr - ok 14:58:15.0921 0780 fpcibase (45b5129aeae91ea096a9bbebff99e098) C:\WINDOWS\system32\DRIVERS\fpcibase.sys 14:58:15.0921 0780 fpcibase - ok 14:58:15.0953 0780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:58:15.0968 0780 Fs_Rec - ok 14:58:16.0015 0780 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:58:16.0015 0780 Ftdisk - ok 14:58:16.0093 0780 G400 (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys 14:58:16.0093 0780 G400 - ok 14:58:16.0187 0780 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys 14:58:16.0187 0780 G400DH - ok 14:58:16.0265 0780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:58:16.0265 0780 Gpc - ok 14:58:16.0343 0780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 14:58:16.0343 0780 HDAudBus - ok 14:58:16.0390 0780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:58:16.0390 0780 HidUsb - ok 14:58:16.0437 0780 hpn - ok 14:58:16.0484 0780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:58:16.0484 0780 HTTP - ok 14:58:16.0546 0780 i2omgmt - ok 14:58:16.0562 0780 i2omp - ok 14:58:16.0609 0780 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:58:16.0609 0780 i8042prt - ok 14:58:16.0828 0780 ialm (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 14:58:16.0859 0780 ialm - ok 14:58:16.0937 0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:58:16.0937 0780 Imapi - ok 14:58:16.0984 0780 ini910u - ok 14:58:17.0171 0780 IntcAzAudAddService (364d3642ae236c3f2f5f55f43b09ffda) C:\WINDOWS\system32\drivers\RtkHDAud.sys 14:58:17.0203 0780 IntcAzAudAddService - ok 14:58:17.0250 0780 IntelIde - ok 14:58:17.0296 0780 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:58:17.0296 0780 intelppm - ok 14:58:17.0328 0780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 14:58:17.0328 0780 ip6fw - ok 14:58:17.0406 0780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:58:17.0406 0780 IpFilterDriver - ok 14:58:17.0484 0780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:58:17.0484 0780 IpInIp - ok 14:58:17.0625 0780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:58:17.0625 0780 IpNat - ok 14:58:17.0796 0780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:58:17.0796 0780 IPSec - ok 14:58:17.0953 0780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:58:17.0953 0780 IRENUM - ok 14:58:18.0078 0780 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:58:18.0078 0780 isapnp - ok 14:58:18.0140 0780 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:58:18.0140 0780 Kbdclass - ok 14:58:18.0187 0780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:58:18.0187 0780 kmixer - ok 14:58:18.0265 0780 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 14:58:18.0265 0780 KSecDD - ok 14:58:18.0328 0780 lbrtfdc - ok 14:58:18.0343 0780 lrgwx - ok 14:58:18.0390 0780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 14:58:18.0390 0780 MBAMProtector - ok 14:58:18.0437 0780 mgabg (005992e527c5c159702dd82f9aa82c28) C:\WINDOWS\system32\drivers\mgabg.sys 14:58:18.0437 0780 mgabg - ok 14:58:18.0468 0780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:58:18.0468 0780 mnmdd - ok 14:58:18.0546 0780 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 14:58:18.0546 0780 Modem - ok 14:58:18.0625 0780 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 14:58:18.0640 0780 Monfilt - ok 14:58:18.0718 0780 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:58:18.0718 0780 Mouclass - ok 14:58:18.0796 0780 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:58:18.0796 0780 mouhid - ok 14:58:18.0843 0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:58:18.0843 0780 MountMgr - ok 14:58:18.0890 0780 mraid35x - ok 14:58:18.0937 0780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:58:18.0937 0780 MRxDAV - ok 14:58:19.0031 0780 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:58:19.0031 0780 MRxSmb - ok 14:58:19.0171 0780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:58:19.0171 0780 Msfs - ok 14:58:19.0250 0780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:58:19.0250 0780 MSKSSRV - ok 14:58:19.0343 0780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:58:19.0343 0780 MSPCLOCK - ok 14:58:19.0437 0780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:58:19.0437 0780 MSPQM - ok 14:58:19.0531 0780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:58:19.0531 0780 mssmbios - ok 14:58:19.0578 0780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 14:58:19.0578 0780 Mup - ok 14:58:19.0671 0780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:58:19.0671 0780 NDIS - ok 14:58:19.0765 0780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:58:19.0765 0780 NdisTapi - ok 14:58:19.0859 0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:58:19.0859 0780 Ndisuio - ok 14:58:19.0953 0780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:58:19.0953 0780 NdisWan - ok 14:58:20.0046 0780 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 14:58:20.0046 0780 NDProxy - ok 14:58:20.0125 0780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:58:20.0125 0780 NetBIOS - ok 14:58:20.0203 0780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:58:20.0203 0780 NetBT - ok 14:58:20.0281 0780 NETFRITZ (0b4eae4191d88e10bc81cc649650d9fc) C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS 14:58:20.0281 0780 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS. Real md5: 0b4eae4191d88e10bc81cc649650d9fc, Fake md5: 0277a68f44c932168e8afb48f55abab8 14:58:20.0281 0780 NETFRITZ ( ForgedFile.Multi.Generic ) - warning 14:58:20.0281 0780 NETFRITZ - detected ForgedFile.Multi.Generic (1) 14:58:20.0359 0780 NIOC (bfc971937636909f15af81ef45ae167d) C:\WINDOWS\System32\NIOC.SYS 14:58:20.0359 0780 NIOC - ok 14:58:20.0421 0780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:58:20.0421 0780 Npfs - ok 14:58:20.0500 0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:58:20.0515 0780 Ntfs - ok 14:58:20.0593 0780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:58:20.0593 0780 Null - ok 14:58:20.0671 0780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:58:20.0671 0780 NwlnkFlt - ok 14:58:20.0750 0780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:58:20.0765 0780 NwlnkFwd - ok 14:58:20.0843 0780 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 14:58:20.0843 0780 Parport - ok 14:58:20.0937 0780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:58:20.0937 0780 PartMgr - ok 14:58:21.0015 0780 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 14:58:21.0015 0780 ParVdm - ok 14:58:21.0093 0780 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 14:58:21.0093 0780 PCI - ok 14:58:21.0156 0780 PCIDump - ok 14:58:21.0187 0780 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 14:58:21.0187 0780 PCIIde - ok 14:58:21.0265 0780 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 14:58:21.0265 0780 Pcmcia - ok 14:58:21.0328 0780 PDCOMP - ok 14:58:21.0343 0780 PDFRAME - ok 14:58:21.0359 0780 PDRELI - ok 14:58:21.0375 0780 PDRFRAME - ok 14:58:21.0406 0780 perc2 - ok 14:58:21.0421 0780 perc2hib - ok 14:58:21.0484 0780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:58:21.0484 0780 PptpMiniport - ok 14:58:21.0562 0780 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 14:58:21.0562 0780 Processor - ok 14:58:21.0640 0780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:58:21.0640 0780 PSched - ok 14:58:21.0703 0780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:58:21.0703 0780 Ptilink - ok 14:58:21.0734 0780 ql1080 - ok 14:58:21.0750 0780 Ql10wnt - ok 14:58:21.0765 0780 ql12160 - ok 14:58:21.0781 0780 ql1240 - ok 14:58:21.0796 0780 ql1280 - ok 14:58:21.0843 0780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:58:21.0843 0780 RasAcd - ok 14:58:21.0906 0780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:58:21.0906 0780 Rasl2tp - ok 14:58:21.0984 0780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:58:21.0984 0780 RasPppoe - ok 14:58:22.0093 0780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:58:22.0093 0780 Raspti - ok 14:58:22.0171 0780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:58:22.0171 0780 Rdbss - ok 14:58:22.0250 0780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:58:22.0250 0780 RDPCDD - ok 14:58:22.0328 0780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:58:22.0328 0780 rdpdr - ok 14:58:22.0421 0780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 14:58:22.0421 0780 RDPWD - ok 14:58:22.0515 0780 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:58:22.0515 0780 redbook - ok 14:58:22.0593 0780 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 14:58:22.0593 0780 ROOTMODEM - ok 14:58:22.0703 0780 RTLE8023xp (387c8f70e992efa3d25816ecc1ab2b8b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 14:58:22.0703 0780 RTLE8023xp - ok 14:58:22.0781 0780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:58:22.0781 0780 Secdrv - ok 14:58:22.0828 0780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 14:58:22.0828 0780 serenum - ok 14:58:22.0890 0780 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 14:58:22.0890 0780 Serial - ok 14:58:22.0953 0780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 14:58:22.0953 0780 Sfloppy - ok 14:58:22.0984 0780 Simbad - ok 14:58:23.0015 0780 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 14:58:23.0015 0780 sisagp - ok 14:58:23.0046 0780 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys 14:58:23.0062 0780 SISNIC - ok 14:58:23.0140 0780 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys 14:58:23.0140 0780 snapman - ok 14:58:23.0156 0780 Sparrow - ok 14:58:23.0203 0780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:58:23.0203 0780 splitter - ok 14:58:23.0250 0780 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 14:58:23.0250 0780 sr - ok 14:58:23.0312 0780 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 14:58:23.0312 0780 Srv - ok 14:58:23.0390 0780 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 14:58:23.0390 0780 ssmdrv - ok 14:58:23.0437 0780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:58:23.0437 0780 swenum - ok 14:58:23.0468 0780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:58:23.0468 0780 swmidi - ok 14:58:23.0515 0780 symc810 - ok 14:58:23.0531 0780 symc8xx - ok 14:58:23.0546 0780 sym_hi - ok 14:58:23.0562 0780 sym_u3 - ok 14:58:23.0593 0780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:58:23.0609 0780 sysaudio - ok 14:58:23.0718 0780 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:58:23.0718 0780 Tcpip - ok 14:58:23.0781 0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:58:23.0781 0780 TDPIPE - ok 14:58:23.0828 0780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:58:23.0828 0780 TDTCP - ok 14:58:23.0859 0780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:58:23.0859 0780 TermDD - ok 14:58:23.0968 0780 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 14:58:23.0968 0780 tifsfilter - ok 14:58:24.0015 0780 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys 14:58:24.0015 0780 timounter - ok 14:58:24.0156 0780 TosIde - ok 14:58:24.0265 0780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:58:24.0265 0780 Udfs - ok 14:58:24.0312 0780 ultra - ok 14:58:24.0375 0780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:58:24.0375 0780 Update - ok 14:58:24.0421 0780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:58:24.0421 0780 usbccgp - ok 14:58:24.0500 0780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:58:24.0500 0780 usbehci - ok 14:58:24.0546 0780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:58:24.0546 0780 usbhub - ok 14:58:24.0625 0780 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 14:58:24.0625 0780 usbohci - ok 14:58:24.0687 0780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 14:58:24.0687 0780 usbprint - ok 14:58:24.0750 0780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:58:24.0750 0780 usbscan - ok 14:58:24.0796 0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:58:24.0796 0780 USBSTOR - ok 14:58:24.0875 0780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:58:24.0875 0780 usbuhci - ok 14:58:24.0890 0780 UtilNT - ok 14:58:24.0937 0780 VClone (1a131c2ca1b99542f9b0dd0c901f6587) C:\WINDOWS\system32\DRIVERS\VClone.sys 14:58:24.0937 0780 VClone - ok 14:58:25.0015 0780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:58:25.0015 0780 VgaSave - ok 14:58:25.0031 0780 ViaIde - ok 14:58:25.0062 0780 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 14:58:25.0062 0780 VolSnap - ok 14:58:25.0125 0780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:58:25.0125 0780 Wanarp - ok 14:58:25.0140 0780 WDICA - ok 14:58:25.0187 0780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:58:25.0187 0780 wdmaud - ok 14:58:25.0296 0780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 14:58:25.0296 0780 WS2IFSL - ok 14:58:25.0343 0780 MBR (0x1B8) (6e2f5812efa4914e420e8ee64c1dbd8b) \Device\Harddisk0\DR0 14:58:28.0234 0780 \Device\Harddisk0\DR0 - ok 14:58:28.0234 0780 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR11 14:58:28.0390 0780 \Device\Harddisk1\DR11 - ok 14:58:28.0406 0780 Boot (0x1200) (535b5891ff6abc7523d9600cecdd70d8) \Device\Harddisk0\DR0\Partition0 14:58:28.0406 0780 \Device\Harddisk0\DR0\Partition0 - ok 14:58:28.0406 0780 Boot (0x1200) (12f20bd0447fbc554189a34162c323b1) \Device\Harddisk0\DR0\Partition1 14:58:28.0406 0780 \Device\Harddisk0\DR0\Partition1 - ok 14:58:28.0437 0780 Boot (0x1200) (e0ed1fe2f8c398af6008637cda31862a) \Device\Harddisk0\DR0\Partition2 14:58:28.0437 0780 \Device\Harddisk0\DR0\Partition2 - ok 14:58:28.0437 0780 Boot (0x1200) (31a0181048ade140451c55fb64cea6e7) \Device\Harddisk1\DR11\Partition0 14:58:28.0437 0780 \Device\Harddisk1\DR11\Partition0 - ok 14:58:28.0437 0780 ============================================================ 14:58:28.0437 0780 Scan finished 14:58:28.0437 0780 ============================================================ 14:58:28.0437 1252 Detected object count: 1 14:58:28.0437 1252 Actual detected object count: 1 14:58:42.0687 1252 NETFRITZ ( ForgedFile.Multi.Generic ) - skipped by user 14:58:42.0687 1252 NETFRITZ ( ForgedFile.Multi.Generic ) - User select action: Skip 14:59:54.0296 4076 Deinitialize success |
|
10.10.2011, 14:21
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Ukash (anderer Rechner mit Windows XP) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2011, 15:15
| #25 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) Combofix Logfile: Code:
ATTFilter ComboFix 11-10-10.01 - Teproma 10.10.2011 15:58:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.989.398 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Teproma\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Joerg\WINDOWS
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PASSWORD
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-10 bis 2011-10-10 ))))))))))))))))))))))))))))))
.
.
2011-10-10 08:28 . 2011-10-10 08:28 -------- d-----w- c:\programme\ESET
2011-10-06 14:11 . 2011-10-06 14:11 -------- d-----w- c:\dokumente und einstellungen\Teproma\Anwendungsdaten\Malwarebytes
2011-10-06 14:10 . 2011-10-06 14:12 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-10-06 14:10 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-20 11:27 . 2011-09-20 11:27 -------- d-----w- c:\dokumente und einstellungen\Joerg\Anwendungsdaten\Malwarebytes
2011-09-20 11:27 . 2011-09-20 11:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"PDFPrint"="e:\nils\pdf24\pdf24.exe" [2010-03-11 208528]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\System32\igfxpers.exe" [2008-10-27 150040]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2003-04-02 40960]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
FRITZ!fax.lnk - c:\programme\FRITZ!\FriFax32.exe [2006-10-24 1425408]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]
2000-08-14 18:17 503808 ----a-r- c:\windows\system32\pdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"D-Link AirPro Utility"=c:\programme\D-Link\AirPro Utility\WLANmon.exe
"VirtualCloneDrive"="d:\systemprogramme\VirtualCloneDrive\VCDDaemon.exe" /s
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [11.12.2009 12:46 106904]
R2 AntiVirFirewallService;Avira Firewall;c:\programme\Avira\AntiVir Desktop\avfwsvc.exe [11.12.2009 12:46 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [11.12.2009 12:46 340136]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.12.2009 12:46 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [11.12.2009 12:46 428200]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [24.10.2006 09:01 59520]
R2 Matrox Centering Service;Matrox Centering Service;c:\programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [06.02.2009 15:09 1263872]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [06.02.2009 15:08 344832]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.10.2011 16:10 366152]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [22.05.2002 16:27 28200]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [11.12.2009 12:46 82952]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [24.11.2005 01:00 53632]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [15.09.2000 05:00 37568]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [15.09.2000 05:00 444416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.10.2011 16:10 22216]
S0 lrgwx;lrgwx;c:\windows\system32\drivers\ardabc.sys --> c:\windows\system32\drivers\ardabc.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [18.10.2006 14:45 323008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.01.2011 12:52 1691480]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\NETFRITZ.SYS [18.10.2006 16:05 200192]
S3 OOTextMode;OOTextMode;c:\windows\system32\drivers\oobctm.sys [11.05.2005 01:37 30720]
S3 UtilNT;UtilNT; [x]
S3 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 12:15 36864]
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-10 c:\windows\Tasks\1-Klick-Wartung.job
- d:\systemprogramme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 14:46]
.
2011-10-10 c:\windows\Tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.200
TCP: Interfaces\{0BEF5F9E-A6A2-44B2-ACA8-4BAC119CC134}: NameServer = 192.168.0.1
TCP: Interfaces\{82A17C66-7117-4B34-9286-98FA62F118F3}: NameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Acrobat Assistant 7 - d:\acrobat 7\Distillr\Acrotray.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-10 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D2E2FEF5D2CECBC408F48B6BF0046900340491F6D88434DB1D586508F003EA8DBAB4436ADA0E88B02D6FF646EF18336646601A72D5463F571E1ED810171AC3F63588D5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC79338EDD5E5BE2F6E6671C2573CA2A9BA7815F959C6BE3D59201749EA389B23D00F410F3EFE2ED0E80C31E796992F2B3AF135E639596776D391F57E294FB9B8636A815E4DE8E569A5E6F3D61601A29EE00B76BBBD33D2D54CB6A61AB81CD68A4F5BE0DC1BD49F9C020F153723C578EAE9493B2B439DF2A3D55E036316AA54337F52D2E834583A7314ADCCC039425B5D661F1792657DE675BD5258B6D7D0F29E7618E4765E5918024D4E42AB0353E07D1CBC014AEF982326A3EFE2F1D2379EB5E59263664412CFB562FE202DB9CC63E892F91ECAD9BF22BA7F8587EC37339B24CF155F0C5AD6FE50737D37EA701C2E9705798834A6E4145D4DDC06D27BB04F562B225FD8FB6DC5C794458DAFCC69B6F7B87B2E7EC555E4BB5BDEB83507E75045718C07C8D1AD6D17520B568078B1E06A2F55CC2C169A059175BAEDA0FF08DFD6791781ACDCA278C4685D50EB69DFCB9614B38CC3AF7C1E0446C05A4F4FCB05B4E03401D25EDFAA8BCA643C3BF81CCE9BAA68AD48D80E1A5901E0FA2583EA4E351C5AFDBA8606014AA28AF981B6E87C9B11B3EBDB1B782C0CF8E0DAC52089536B62403C2B5AFCD9269A3F1AB834F8A63CEADE0FC67068B1FDBCF68AD41E01243C8609AD3EA1D9AB9D32581327AC3968FA057A41CAC094481156A2A26C9FE0F53D5ABF8222AA08374CAAEF97744A05200350760BBC7105D7C5A5882274FD2E2FC3030C7D69B64A903AF359ED6E7EB4537241F0C0CC19F68F91109435AFB7C49302F0AD02D2A4710F56BA053C3B262DD8E8275C754E8F1DBB525DFE4F83FD2602E2E470675055B20B56ACF9FC1B3716DB070D3D26ECC7193BF033381D3CBDDAD8C8A6D791420E6257B1B12B2E9BF3F2A9E8C789548C3C04BFD1C4E57CD16DB97B5A77465823165D05871AD5CE96EA22C2A7B951965E531A72965EF4ADCD7BDE9E56BC8A34B3304B6AC66DA12849CA5F17B665089DA11CEADCDDACB608E922A533041C9348FE627D0B07347EB8CEA09DC10FAC2BB53E5D449CB7788458004F9687A17CA3C044F63796F191427ECBB4130B5E77C248D4A32C75ABFC147E6B63B9EFD60958370328471C65BD4A5A2B7F29892637E5C5A678D5B003705598871AED2C814E4F4B19B08DD6AC193E9BE4D7C211C253F23A229BE1A1A675614C043C944BBABE8A0365A21C75FD7CD1F6729EBBC1F6A2859DDC1D200D9DEAD2F7EFE36960F27453B0482371902ADF390D342063FBAF397061C2709EA43"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\mgabg.exe
c:\windows\system32\oodag.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-10 16:09:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-10 14:09
.
Vor Suchlauf: 4.773.208.064 Bytes frei
Nach Suchlauf: 4.700.282.880 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /tutag=tbslml noguiboot /NoExecute=OptIn
.
- - End Of File - - 1572664D0FBC33A8E150A08CAEA12243
|
|
10.10.2011, 15:27
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Ukash (anderer Rechner mit Windows XP) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2011, 16:18
| #27 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-10 17:08:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.06
Running: 75kfvn7s.exe; Driver: C:\DOKUME~1\Teproma\LOKALE~1\Temp\pgtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT F7B73AFC ZwClose
SSDT F7B73AB6 ZwCreateKey
SSDT F7B73B06 ZwCreateSection
SSDT F7B73AAC ZwCreateThread
SSDT F7B73ABB ZwDeleteKey
SSDT F7B73AC5 ZwDeleteValueKey
SSDT F7B73AF7 ZwDuplicateObject
SSDT F7B73AE3 ZwLoadDriver
SSDT F7B73ACA ZwLoadKey
SSDT F7B73A98 ZwOpenProcess
SSDT F7B73A9D ZwOpenThread
SSDT F7B73AD4 ZwReplaceKey
SSDT F7B73ACF ZwRestoreKey
SSDT F7B73B0B ZwSetContextThread
SSDT F7B73AE8 ZwSetSystemInformation
SSDT F7B73AC0 ZwSetValueKey
SSDT F7B73AA7 ZwTerminateProcess
SSDT F7B73AA2 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F84 80504810 4 Bytes CALL 9947FF4F
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
? C:\ComboFix\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION D2E2FEF5D2CECBC408F48B6BF0046900340491F6D88434DB1D586508F003EA8DBAB4436ADA0E88B02D6FF646EF18336646601A72D5463F571E1ED810171AC3F63588D5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC79338EDD5E5BE2F6E6671C2573CA2A9BA7815F959C6BE3D59201749EA389B23D00F410F3EFE2ED0E80C31E796992F2B3AF135E639596776D391F57E294FB9B8636A815E4DE8E569A5E6F3D61601A29EE00B76BBBD33D2D54CB6A61AB81CD68A4F5BE0DC1BD49F9C020F153723C578EAE9493B2B439DF2A3D55E036316AA54337F52D2E834583A7314ADCCC039425B5D661F1792657DE675BD5258B6D7D0F29E7618E4765E5918024D4E42AB0353E07D1CBC014AEF982326A3EFE2F1D2379EB5E59263664412CFB562FE202DB9CC63E892F91ECAD9BF22BA7F8587EC37339B24CF155F0C5AD6FE50737D37EA701C2E9705798834A6E4145D4DDC06D27BB04F562B225FD8FB6DC5C794458DAFCC69B6F7B87B2E7EC555E4BB5BDEB83507E75045718C07C8D1AD6D17520B568078B1E06A2F55CC2C169A059175BAEDA0FF08DFD6791781ACDCA278C4685D50EB69DFCB9614B38CC3AF7C1E0446C05A4F4FCB05B4E03401D25EDFAA8BCA643C3BF81CCE9BAA68AD48D80E1A
---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-10 17:12:13 ----------------------------- 17:12:13.421 OS Version: Windows 5.1.2600 Service Pack 3 17:12:13.421 Number of processors: 2 586 0x170A 17:12:13.421 ComputerName: WILLI UserName: 17:12:13.593 Initialize success 17:12:50.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 17:12:50.812 Disk 0 Vendor: ST380011A 3.06 Size: 76318MB BusType: 3 17:12:52.828 Disk 0 MBR read successfully 17:12:52.828 Disk 0 MBR scan 17:12:52.828 Disk 0 unknown MBR code 17:12:52.828 Disk 0 scanning sectors +156296385 17:12:52.937 Disk 0 scanning C:\WINDOWS\system32\drivers 17:13:17.000 Service scanning 17:13:17.796 Modules scanning 17:13:57.625 Disk 0 trace - called modules: 17:13:57.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 17:13:57.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f87ab8] 17:13:57.656 3 CLASSPNP.SYS[f7537fd7] -> nt!IofCallDriver -> \Device\0000007c[0x85f44f18] 17:13:57.656 5 ACPI.sys[f73cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f7e940] 17:13:57.656 Scan finished successfully 17:14:56.859 Disk 0 MBR has been saved successfully to "G:\polizei virus\neue logs\MBR.dat" 17:14:56.890 The log file has been saved successfully to "G:\polizei virus\neue logs\aswMBR.txt" OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:12:09 on 10.10.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "1-Klick-Wartung.job" - "TuneUp Software GmbH" - D:\Systemprogramme\TuneUp Utilities 2007\SystemOptimizer.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "rhcpl.cpl" - "KsL Software" - C:\WINDOWS\system32\rhcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira Premium Security Suite - Konfiguration" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "avfwot" (avfwot) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avfwot.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM FRITZ!web PPP over ISDN" (NETFRITZ) - ? - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS "AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys "HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lrgwx" (lrgwx) - ? - C:\WINDOWS\System32\drivers\ardabc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\DOKUME~1\Teproma\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "mgabg" (mgabg) - ? - C:\WINDOWS\system32\drivers\mgabg.sys "NIOC Service" (NIOC) - "D-Link Corporation" - C:\WINDOWS\System32\NIOC.SYS "OOTextMode" (OOTextMode) - "O&O Software GmbH" - C:\WINDOWS\System32\drivers\oobctm.sys (Hidden registry entry, rootkit activity) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pgtdqpod" (pgtdqpod) - ? - C:\DOKUME~1\Teproma\LOKALE~1\Temp\pgtdqpod.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "UtilNT" (UtilNT) - ? - C:\WINDOWS\system32\drivers\UtilNT.sys (File not found) "VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Systemprogramme\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Systemprogramme\Acronis\TrueImageHome\tishell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\extmgr.dll {FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office10\msohev.dll {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {00000000-5736-4205-0100-75ff97ac5007} "Steganos InternetSpurenVernichter 7" - ? - d:\systemprogramme\steganos internet trace destructor 7\itd7se.dll (File found, but it contains no detailed information) {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? - (File not found | COM-object registry key not found) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\Systemprogramme\TuneUp Utilities 2007\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\Systemprogramme\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL InCDUdfPerm extension "{B3D9AEDE-B2C3-406d-A254-6BE07767B08B}" - ? - (File not found | COM-object registry key not found) InCDShellExt extension "{CAE3251E-9B15-4810-B268-852AD9792A59}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7pro Preferences" - "IE7pro.com" - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7pro BHO" - "IE7pro.com" - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "FRITZ!fax.lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFax32.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Teproma\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDFPrint" - "Geek Software GmbH" - E:\Nils\pdf24\pdf24.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Firewall" (AntiVirFirewallService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Matrox Centering Service" (Matrox Centering Service) - "Matrox Graphics Inc." - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe "Matrox.Pdesk.ServicesHost" (Matrox.Pdesk.ServicesHost) - "Matrox Graphics Inc" - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - ? - C:\WINDOWS\system32\drivers\TUWinStylerThemeSvc.sys (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WZCBDL Service" (WZCBDLService) - "D-Link" - C:\Programme\WZCBDL Service\WZCBDLS.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll {E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
10.10.2011, 16:19
| #28 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) hab bekannten nun erzählt wie super ihr einem weiterhelft werde mich denke ich mal des öffteren nun wegen solchen viren sprich bka virus usw melden kleine spende wird folgen an euch =) |
|
10.10.2011, 16:21
| #29 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) achja bevor ichs vergesse, kann ich combofix nun deinstalieren ?  |
|
10.10.2011, 16:29
| #30 |
| | Bundespolizei-Ukash (anderer Rechner mit Windows XP) so bin dann mal weck , schaue morgen wieder hier rein schönen abend wünsche ich dir noch  und danke für eure Hilfe  |
|
| Themen zu Bundespolizei-Ukash (anderer Rechner mit Windows XP) |
| 0x00000001, c:\windows\system32\rundll32.exe, dhcp-client, fontcache, mahmud.exe, plug-in, preferences, scan ausgeführt, sched.exe, shell32.dll, super, tcp/ip, windows internet |
Linear-Darstellung
