| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei trojaner - infiziert 23/4/2012Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.04.2012, 22:08
| #1 |
| |  Bundespolizei trojaner - infiziert 23/4/2012 Hallo, erstmals mochte ich sagen, dass ich nur wenig Deutsch schpreche. Falls etwas nicht klar ist, bitte entshuldige mich und ich versuche nochmals, eine erklärung zugeben. Wenn wir in english sprechen können wird es schneller gehen, wenn nichts kein Problem. Ich habe meine laptop mit der bundespolizei trojaner infiziert an 23/4/2012 um 23:00hs (ungefähr). Ich habe McAffee seit 1 Jahre und diese ist das erstemal, dass ich ein Problem habe. Ich habe es vesucht der trojaner mit PC-tools, Malwarebytes, und Spybot löschen. Kein Erfolg. Der trojaner speicht die datei (ip und pic.bmp) im verzeichnis --> C:\Users\fede\AppData\Roaming\gizza\ Hier die DDS.txt und attach.zip Geändert von fede (26.04.2012 um 22:17 Uhr) |
|
27.04.2012, 14:19
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei trojaner - infiziert 23/4/2012Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
28.04.2012, 19:20
| #3 |
| | Bundespolizei trojaner - infiziert 23/4/2012 hier der log von Spybot.
__________________Code:
ATTFilter --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-04-24 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi
2012-04-18 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-11-29 Includes\DialerC.sbi
2012-01-31 Includes\HeavyDuty.sbi
2012-03-20 Includes\Hijackers.sbi
2012-04-17 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2012-03-13 Includes\Keyloggers.sbi
2012-03-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2012-04-17 Includes\Malware.sbi
2012-04-17 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2012-04-18 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2011-02-24 Includes\Security.sbi
2011-12-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2012-01-17 Includes\Spyware.sbi
2012-02-28 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi
2012-04-11 Includes\TrojansC-02.sbi
2012-04-10 Includes\TrojansC-03.sbi
2012-04-16 Includes\TrojansC-04.sbi
2012-03-27 Includes\TrojansC-05.sbi
2012-04-17 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, AdobeCS5ServiceManager
command: "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
file: C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
size: 406992
MD5: D5B783DACE1BBDD382A63C894BAB8E1E
Located: HK_LM:Run, Dell Webcam Central
command: "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
file: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
size: 409744
MD5: 80B62FF105908EC9E4B072AFB1CFC824
Located: HK_LM:Run, DellSupportCenter
command: "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 00D1FB0073B4A8BD2989EA8FF4CC792B
Located: HK_LM:Run, Desktop Disc Tool
command: "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
file: C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
size: 498160
MD5: 0647EF247A5D0402E74FE89F5F6A8A11
Located: HK_LM:Run, mcui_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 1675160
MD5: 9AF163512B609BF2FE1C88D2D8A8F964
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, SwitchBoard
command: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
file: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
size: 517096
MD5: F577910A133A592234EBAAD3F3AFA258
Located: HK_LM:Run, VirtualCloneDrive
command: "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
file: C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
size: 85160
MD5: F40E80C04475731C6ED5D19C48E45E3C
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, AdobeBridge
where: S-1-5-21-2481082198-1912530206-3329108987-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Akamai NetSession Interface
where: S-1-5-21-2481082198-1912530206-3329108987-1000...
command: "C:\Users\fede\AppData\Local\Akamai\netsession_win.exe"
file: C:\Users\fede\AppData\Local\Akamai\netsession_win.exe
size: 3331872
MD5: 7AE2120F494195664FDFF401F2693EC9
Located: HK_CU:Run, Google Update
where: S-1-5-21-2481082198-1912530206-3329108987-1000...
command: "C:\Users\fede\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\fede\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2481082198-1912530206-3329108987-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: Inicio (usuario), Dell Dock.lnk
where: C:\Users\fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Dell\DellDock\DellDock.exe
file: C:\Program Files (x86)\Dell\DellDock\DellDock.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Inicio (usuario), Dropbox.lnk
where: C:\Users\fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\fede\AppData\Roaming\Dropbox\bin\Dropbox.exe
file: C:\Users\fede\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 24246216
MD5: 9ED3CFE54CD2E797DC9A04397C001E89
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 19:07:26
Date (last access): 22/06/2010 5:12:52
Date (last write): 27/02/2009 19:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 24/04/2012 23:07:28
Date (last access): 24/04/2012 23:07:28
Date (last write): 24/04/2012 23:07:28
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files (x86)\Common Files\McAfee\SystemCore\
Long name: ScriptSn.20120101202337.dll
Short name: SCRIPT~2.DLL
Date (created): 01/01/2012 21:23:38
Date (last access): 01/01/2012 21:23:38
Date (last write): 06/12/2011 18:22:40
Filesize: 79744
Attributes: archive
MD5: 95408ABE169FA532CDDDF93B14F382F0
CRC32: E2412E81
Version: 14.4.0.380
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 24/04/2012 23:07:26
Date (last access): 24/04/2012 23:07:26
Date (last write): 24/04/2012 23:07:26
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 24/04/2012 23:07:26
Date (last access): 24/04/2012 23:07:26
Date (last write): 24/04/2012 23:07:26
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 24/04/2012 23:07:26
Date (last access): 24/04/2012 23:07:26
Date (last write): 24/04/2012 23:07:26
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 24/04/2012 23:07:26
Date (last access): 24/04/2012 23:07:26
Date (last write): 24/04/2012 23:07:26
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
--- Process list ---
PID: 0 ( 0) [System]
PID: 412 (2044) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 324 ( 4) smss.exe
PID: 484 ( 476) csrss.exe
PID: 512 ( 476) wininit.exe
size: 96256
PID: 536 ( 524) csrss.exe
PID: 572 ( 524) winlogon.exe
PID: 608 ( 512) services.exe
PID: 616 ( 512) lsass.exe
PID: 628 ( 512) lsm.exe
PID: 720 ( 608) svchost.exe
size: 20992
PID: 796 ( 608) svchost.exe
size: 20992
PID: 872 ( 608) svchost.exe
size: 20992
PID: 908 ( 608) svchost.exe
size: 20992
PID: 960 ( 608) svchost.exe
size: 20992
PID: 256 ( 608) svchost.exe
size: 20992
PID: 452 ( 608) svchost.exe
size: 20992
PID: 440 ( 608) svchost.exe
size: 20992
PID: 1232 ( 608) mfevtps.exe
PID: 1312 ( 608) mfefire.exe
PID: 1360 ( 608) McSvHost.exe
PID: 1444 ( 608) svchost.exe
size: 20992
PID: 2044 (2036) C:\WINDOWS\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 948 (2044) C:\WINDOWS\System32\ctfmon.exe
size: 8704
MD5: 4A3CDCEF8ED41B221F3DBEF5792FB52D
PID: 1408 (2044) C:\Program Files\mcafee.com\agent\mcagent.exe
size: 1675160
MD5: 9AF163512B609BF2FE1C88D2D8A8F964
PID: 2320 ( 608) mcods.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 28/04/2012 20:10:50
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://www1.la.dell.com/content/default.aspx?c=ar&l=es&s=gen
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://www1.la.dell.com/content/default.aspx?c=ar&l=es&s=gen
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/?LinkId=69157
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: Proveedor de servicios RSVP TCPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: Proveedor de servicios RSVP TCP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: Proveedor de servicios RSVP UDPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: Proveedor de servicios RSVP UDP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Namespace Provider 0: Espacio de nombres para el reconocimiento de ubicación de red heredado (NLAv1)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: Proveedor de correcciones de compatibilidad (shim) de nomenclaturas de correo electrónico
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: Proveedor de espacio de nombres para la nube PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: Proveedor de espacio de nombres para el nombre PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: Espacio de nombres de Bluetooth
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace
Namespace Provider 7: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Danke! |
|
29.04.2012, 22:53
| #4 |
| | Bundespolizei trojaner - infiziert 23/4/2012 Hallo, ich denke mein trojan ist schon weg! Mcaffe hat am donnerstag eine Artemis trojaner gefunden. Leider, ich konnte nicht ein log datei von mcaffe finden. Eigentlicht seit denn, habe ich nicht mehr das problem. Also, vielen vielen dank für deine Hilfe, aber ich denke sie müssen nicht mehr zeit mit mein Problem spenden. Grüss, Fede.- |
|
| Themen zu Bundespolizei trojaner - infiziert 23/4/2012 |
| bundespolizei trojaner, english, gizza, malwarebytes, mcaffee |
Linear-Darstellung
