Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden


Log-Analyse und Auswertung: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.05.2016, 22:42   #15
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden


Hallo Matthias,

hier das Ergebnis der Untersuchung von SystemLook:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 23:30 on 27/05/2016 by user
Administrator - Elevation successful

========== regfind ==========

Searching for "nicesearches"
No data found.

Searching for "Elex-tech"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"

Searching for "iSafe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]

Searching for "YAC"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\4F33FB1578E100649B629029A307DFB1]
"capsules.inf"="vUpAVX!!!!!!!!!MKKSkThemesTypicalFiles>YaCS-X8nF9@iZshLxJpa[^16]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\2.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\4.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
@="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}]
@="IGrooveWebNotificationEntryActionData"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}]
@="IGrooveTransportSecurityAccountDiagnosticsEntryEnum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}]
@="IGrooveTransportSecurityAccountDiagnosticsEntry"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory\CurVer]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7A66456F4FEBDF43B3908A64A8BB31B]
"00002109440070400000000000F01FEC"="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1031\WindowsForms\Clipboard\CopyAClassInstanceToTheClipboard.snippet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Features]
"ThemesTypicalFiles"="bxw0=a+]F9mnkkP2Hm6$]MEU0l_RU@lnYR^6&3Ljc4[z+7M&ZAG+&hLw)33'&+kfoK]aH?%U!`PLGSF^{8o3@W9Oi@$ql,oq+EIgBW20SUnI,?oX,EeU2.h((Iws_6.mI=f.[hpJWu}.YaCS-X8nF9@iZshLxJpaHs01q3&g49DaROul[Q5^xh1~t9O*)?=X@H^fSzUTfLP)[R}~]=`*HC-s%t^r6RS$V.Ce&@JaZ^@+r&s@opc-xSfWu84%R=c)en=Q.^MBg*Ujq@dA3^P1'3IvvF[Q`*npm9P5'*9GtuIN]npHtm}T@A~^zPaK{(Ty?G{KwcoYv?eX&O^m'$`V4+dVX?lv&9HIrsgtrew[WesOi[4Ui9z$-?GSSLRa}71lgD~78@yEl@^=2s+lZD%mxVxx'=P@42z~arqWOjZ^h[tNn?aVDY.MC?84!K%7keYDM98F25q@h!Kl=i7-p.(_m8?3'RF?-KDtAaFWtOi[ZAQ3x@@G%I-FSpqPp}&S+=Uo(Mjl!bLzcI0!b-C'z?=8J{ySPY6k$yoeA0Akq@gh00',kc-mydMd%fu1*ATPGxK1_9%XKe)cVIzUt=Z=N.bf]DF?iIq$wIPU7@B+$5Vt-I$*wpW2sgBCp@xCdG6j(`sFTHEMESFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1735F6DB1CAD0F03D9EDAC6C97E1823C\Features]
"F_compilers_core_amd64"="`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm(~u-_m8U!AL*w{j!wgZZ-mu'YIdC'AnZb-nwxX'gK?QEZcsQX9?=Z!pPD],5lM4p.ricy@JuL~@&9rDLpn@yjcvcW9{`5Gu3.3))c6N1LYaC!9DW`G*oh(@NNetFx_Full_amd64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0030-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQALQBTAE8ARgBUAFcAQQBSAEUAIABMAEkAWgBFAE4AWgBCAEUAUwBUAEkATQBNAFUATgBHAEUATgANAAoAMgAwADAANwAgAE0ASQBDAFIATwBTAE8ARgBUACAATwBGAEYASQBDAEUAIABTAFkAUwBUAEUATQAtAEQARQBTAEsAVABPAFAALQBBAE4AVwBFAE4ARABVAE4ARwBTAFMATwBGAFQAVwBBAFIARQANAAoATgBhAGMAaABmAG8AbABnAGUAbgBkACAAZgBpAG4AZABlAG4AIABTAGkAZQAgAGQAcgBlAGkAIABzAGUAcABhAHIAYQB0AGUAIABUAGUAaQBsAGUAIABtAGkAdAAgAEwAaQB6AGUAbgB6AGIAZQBkAGkAbgBnAHUAbgBnAGUAbgAuACAATgB1AHIAIABlAGkAbgAgAFQAZQBpAGwAIABnAGkAbAB0ACAAZgD8AHIAIABTAGkAZQAuACAAVQBtACAAegB1ACAAYgBlAHMAdABpAG0AbQBlAG4ALAAgAHcAZQBsAGMAaABlACAATABpAHoAZQBuAHoAYgBlAGQAaQBuAGcAdQBuAGcAZQBuACAAZgD8AHIAIABTAGkAZQAgAGcAZQBsAHQAZQBuACwAIAD8AGIAZQByAHAAcgD8AGYAZQBuACAAUwBpAGUAIABkAGkAZQAgAEwAaQB6AGUAbgB6AGIAZQB6AGUAaQBjAGgAbgB1AG4AZwAsACAAZABpAGUAIABlAG4AdAB3AGUAZABlAHIAIABhAHUAZgAgAEkAaAByAGUAbQAgAFAAcgBvAGQAdQBjAHQAIABLAGUAeQAsACAAaQBuACAAZABlAHIAIABOAOQAaABlACAAZABlAHMA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0006302D-0000-0000-C000-000000000046}]
@="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}]
@="IGrooveWebNotificationEntryActionData"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}]
@="IGrooveTransportSecurityAccountDiagnosticsEntryEnum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}]
@="IGrooveTransportSecurityAccountDiagnosticsEntry"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA]
"Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv]
"DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA]
"Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv]
"DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO

Searching for "Guntony"
[HKEY_CURRENT_USER\Software\Guntony]
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"path"="C:\Program Files (x86)\Guntony\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy"="C:\Users\Public\Documents\Guntony\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy_log"="C:\Users\Public\Documents\Guntony\log\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy_dump"="C:\Users\Public\Documents\Guntony\log\dump\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Guntony]
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""

-= EOF =-
Was sagt der Profi: Ist mein Computer jetzt sauber? Das wäre ganz, ganz toll!

 

Themen zu Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden
antivirus, askbar, avira, computer, dnsapi.dll, downloader, einstellungen, elex-tech, excel, failed, flash player, helper, home, homepage, install.exe, kaspersky, mozilla, programm, prozesse, registry, scan, services.exe, software, svchost.exe, system, teredo, trojaner, trojaner virus, viren, virus


« Trojaner "searchprotect" und "tmp00000be1" entfernen | Windows 10: Internetseiten öffnen sich von selbst! »


Ähnliche Themen: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden


  1. Trojaner/Rootkit TR/Agent.37888.248 in C:\WINDOWS\system32\drivers\a127b2c0fb888938.sys
    Log-Analyse und Auswertung - 05.07.2014 (15)
  2. Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (4)
  3. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  4. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  5. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  6. Problem mit Trojaner Sirefef und Small und Rootkit.0Access
    Log-Analyse und Auswertung - 29.06.2012 (22)
  7. Sirefef.xx trojaner gefunden
    Log-Analyse und Auswertung - 26.06.2012 (19)
  8. failed to safe all the components for the file \\system32\985479 (rootkit virus)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  9. TR/Sirefef.BV.2 system32 verschiedene dateien mit virus
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (6)
  10. TR/Sirefef.BP.1 + TR/Rootkit.Gen2 - Antivir meldet Virus
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (13)
  11. TR/Sirefef.BP.1 in C:\Windows\system32 Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (7)
  12. TR/sirefef.BP.1 mit Avira gefunden in der Datei C:\Windows\System32\rpcnet.dll
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (1)
  13. Rootkit hebelt Kernel-Schutz und Treibersignierung von 64-Bit-Windows aus
    Nachrichten - 16.11.2010 (0)
  14. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  15. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  16. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  17. Trojaner Rootkit unter c:/windows/system32/drivers/jkxpflaj.sys
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Hallo Matthias, hier das Ergebnis der Untersuchung von SystemLook: Code: Alles auswählen Aufklappen ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 23:30 on 27/05/2016 by user Administrator - Elevation successful - Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden...
Archiv
Du betrachtest: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131