| |
| |||||||
Log-Analyse und Auswertung: Facebook TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
26.10.2011, 10:33
| #1 |
| |  Facebook Trojaner Hier die gewünschten Texte: OTL: Nach dem klicken auf Fix kam eine Fehlermeldung"bitte FloppydiskE einlegen" oder sowas in der Art. Hat dann aber dennoch einen Neustart gemacht. All processes killed ========== OTL ========== No active process named Updater.exe was found! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ogeserazur not found. File E:\autorun.inf not found. File G:\autorun.inf not found. File H:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found. File F:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found. File E:\DM_Setup_3.0.0.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found. File G:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\autorun.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Paolo ->Temp folder emptied: 86261 bytes ->Java cache emptied: 1417359 bytes ->FireFox cache emptied: 95944532 bytes ->Flash cache emptied: 4177 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 311296 bytes %systemroot%\System32 .tmp files removed: 1610800 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 482617 bytes RecycleBin emptied: 137778 bytes Total Files Cleaned = 95,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 10262011_103004 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-26 11:27:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD252HJ rev.1AC01118
Running: wfhsddgy.exe; Driver: C:\Users\Paolo\AppData\Local\Temp\fwloapod.sys
---- System - GMER 1.0.15 ----
SSDT A20A9D4C ZwCreateThread
SSDT A20A9D38 ZwOpenProcess
SSDT A20A9D3D ZwOpenThread
SSDT A20A9D47 ZwTerminateProcess
INT 0x52 ? 8538EBF8
INT 0x62 ? 8538EBF8
INT 0x63 ? 8538EBF8
INT 0x84 ? 86DC7BF8
INT 0xB3 ? 8538EBF8
INT 0xB4 ? 86DC7BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 828AC9A4 4 Bytes [4C, 9D, 0A, A2]
.text ntkrnlpa.exe!KeSetEvent + 3F1 828ACB74 4 Bytes [38, 9D, 0A, A2]
.text ntkrnlpa.exe!KeSetEvent + 40D 828ACB90 4 Bytes [3D, 9D, 0A, A2]
.text ntkrnlpa.exe!KeSetEvent + 621 828ACDA4 4 Bytes [47, 9D, 0A, A2]
? System32\Drivers\spnw.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8AFBF41B 5 Bytes JMP 86DC71D8
.text csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q 92B06000 80 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 51 92B06051 176 Bytes [75, 0A, 39, 50, 58, 0F, 94, ...]
.text csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 102 92B06102 36 Bytes [74, 13, 56, 68, C0, E4, B3, ...]
.text csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 127 92B06127 76 Bytes [EC, 8B, 45, 18, 33, D2, 3B, ...]
.text csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 174 92B06174 520 Bytes [0C, B4, 92, 83, C4, 28, 5E, ...]
.text csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + E 92B0637D 3 Bytes [BC, E0, B3]
.text csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 12 92B06381 771 Bytes [8B, 4D, 08, 8A, 09, 80, F9, ...]
.text csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 316 92B06685 10 Bytes [00, 00, 84, C0, 74, 37, A1, ...]
.text csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 321 92B06690 370 Bytes [3D, 00, 00, B4, 92, 74, 18, ...]
.text csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 162 92B06803 24 Bytes [C0, 74, 13, 8B, 40, 10, 8B, ...]
.text csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 17B 92B0681C 347 Bytes [E0, B3, 92, 8B, 45, E4, 66, ...]
.text csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 2D7 92B06978 175 Bytes [89, 48, 20, 8B, 0D, B0, 0F, ...]
.text csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2 92B06A28 122 Bytes CALL D83870B7
.text csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 7D 92B06AA3 626 Bytes [74, 37, 8B, 7D, D0, 83, 7F, ...]
.text csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2F0 92B06D16 204 Bytes [70, 14, FF, 70, 10, E8, 59, ...]
.text csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + B4 92B06DE3 158 Bytes [00, 00, C1, E8, 06, A8, 01, ...]
.text csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 153 92B06E82 361 Bytes CALL 92B0FA93 \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 2BD 92B06FEC 107 Bytes [F8, 59, F3, A5, C6, 40, 03, ...]
.text csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 16 92B07058 412 Bytes [45, F4, 8B, 0B, 8B, 49, 60, ...]
.text csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 1B3 92B071F5 316 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 2F0 92B07332 160 Bytes [18, FF, 75, F8, 68, C0, E4, ...]
.text csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 391 92B073D3 72 Bytes [0F, 94, C1, FE, C9, 80, E1, ...]
.text csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 3DA 92B0741C 169 Bytes [A1, 00, 00, B4, 92, 80, 7D, ...]
.text ...
.text csc.sys!ebkn_qiwqpskf_h_se__tw___x + 45 92B091CF 116 Bytes CALL 92B4D27C \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text csc.sys!ebkn_qiwqpskf_h_se__tw___x + BA 92B09244 40 Bytes [F6, 45, FB, 01, 0F, 84, 93, ...]
.text csc.sys!ebkn_qiwqpskf_h_se__tw___x + E3 92B0926D 128 Bytes [00, B4, 92, 3D, 00, 00, B4, ...]
.text csc.sys!ebkn_qiwqpskf_h_se__tw___x + 164 92B092EE 166 Bytes [FF, FF, FF, 50, 53, 57, E8, ...]
.text csc.sys!ebkn_qiwqpskf_h_se__tw___x + 20B 92B09395 54 Bytes [04, FF, FF, FD, FF, A1, 00, ...]
.text ...
? C:\Windows\system32\drivers\csc.sys suspicious PE modification
? C:\Users\Paolo\AppData\Local\Temp\ALSysIO.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory 77434B84 5 Bytes JMP 00DD000A
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory 774354C4 5 Bytes JMP 00DE000A
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!KiUserExceptionDispatcher 77435BF8 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!WindowFromPoint 761C884F 5 Bytes JMP 013F000A
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!GetForegroundWindow 761D32C4 5 Bytes JMP 0140000A
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!GetCursorPos 761E0B88 5 Bytes JMP 0136000A
.text C:\Windows\system32\svchost.exe[1220] ole32.dll!CoCreateInstance 772D9F3E 5 Bytes JMP 0135000A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85D251F8
Device \FileSystem\fastfat \FatCdrom 88C781F8
Device \Driver\netbt \Device\NetBT_Tcpip_{8B312908-BB77-43FD-9B45-3F2A7F0B5E48} 884CB500
Device \Driver\volmgr \Device\VolMgrControl 85D221F8
Device \Driver\usbohci \Device\USBPDO-0 86FBB1F8
Device \Driver\usbehci \Device\USBPDO-1 86FBA1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D221F8
Device \Driver\volmgr \Device\HarddiskVolume2 85D221F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5E178F13-0F73-4992-91F4-9220851955A4} 884CB500
Device \Driver\cdrom \Device\CdRom0 86FDB500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85D241F8
Device \Driver\atapi \Device\Ide\IdePort0 85D241F8
Device \Driver\atapi \Device\Ide\IdePort1 85D241F8
Device \Driver\atapi \Device\Ide\IdePort2 85D241F8
Device \Driver\atapi \Device\Ide\IdePort3 85D241F8
Device \Driver\atapi \Device\Ide\IdePort4 85D241F8
Device \Driver\atapi \Device\Ide\IdePort5 85D241F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 85D241F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 85D241F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 85D241F8
Device \Driver\volmgr \Device\HarddiskVolume3 85D221F8
Device \Driver\cdrom \Device\CdRom1 86FDB500
Device \Driver\USBSTOR \Device\00000066 86FBE1F8
Device \Driver\volmgr \Device\HarddiskVolume4 85D221F8
Device \Driver\cdrom \Device\CdRom2 86FDB500
Device \Driver\USBSTOR \Device\00000067 86FBE1F8
Device \Driver\volmgr \Device\HarddiskVolume5 85D221F8
Device \Driver\USBSTOR \Device\00000068 86FBE1F8
Device \Driver\volmgr \Device\HarddiskVolume6 85D221F8
Device \Driver\USBSTOR \Device\00000069 86FBE1F8
Device \Driver\volmgr \Device\HarddiskVolume7 85D221F8
Device \Driver\netbt \Device\NetBt_Wins_Export 884CB500
Device \Driver\volmgr \Device\HarddiskVolume8 85D221F8
Device \Driver\Smb \Device\NetbiosSmb 884BC1F8
Device \Driver\iScsiPrt \Device\RaidPort0 870B2500
Device \Driver\USBSTOR \Device\0000006a 86FBE1F8
Device \Driver\usbohci \Device\USBFDO-0 86FBB1F8
Device \Driver\usbehci \Device\USBFDO-1 86FBA1F8
Device \Driver\USBSTOR \Device\0000006e 86FBE1F8
Device \Driver\USBSTOR \Device\0000006f 86FBE1F8
Device \FileSystem\fastfat \Fat 88C781F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 88C7C1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xBC 0x4C 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x89 0x28 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x59 0xF8 0xC7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xBC 0x4C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x89 0x28 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x59 0xF8 0xC7 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB61418$\1653587957 0 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307 0 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\@ 2048 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\bckfg.tmp 793 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\cfg.ini 176 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\keywords 0 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\kwrd.dll 208896 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\L 0 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\L\vhtmwbun 351744 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U 0 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\00000002.@ 209920 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB61418$\3131135307\U\80000032.@ 73216 bytes
---- EOF - GMER 1.0.15 ----
Unaufgefordete Werbung kommt leider immer noch,auch schaltet sich manchmal die Windows Firewall aus und wenn ich versuche sie wieder zu aktivieren kommt die Fehlermeldung"Windows konnte Firewall nicht aktivieren". Grüße Paolo! Geändert von paolo6 (26.10.2011 um 10:52 Uhr) |
|
Hybrid-Darstellung
