| |
| |||||||
Log-Analyse und Auswertung: Auffälligkeiten b Firefox, kein Zugriff auf passwordgeschützte Worddatei etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
15.06.2010, 15:06
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Auffälligkeiten b Firefox, kein Zugriff auf passwordgeschützte Worddatei etc. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.06.2010, 17:42
| #2 |
 | Auffälligkeiten b Firefox, kein Zugriff auf passwordgeschützte Worddatei etc. Hier nun die Logs mit GMER:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-15 18:35:25
Windows 5.1.2600 Service Pack 3
Running: GMER - Rootkit Scanner.exe; Driver: C:\DOKUME~1\MP\LOKALE~1\Temp\kwlorfow.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF750C87E]
SSDT F7A6DBAC ZwCreateThread
SSDT F7A6DB98 ZwOpenProcess
SSDT F7A6DB9D ZwOpenThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF750CC10]
SSDT F7A6DBA7 ZwTerminateProcess
SSDT F7A6DBA2 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6DC6360, 0x20469D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\MP\Desktop\GMER - Rootkit Scanner.exe[596] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B60000
.text C:\Dokumente und Einstellungen\MP\Desktop\GMER - Rootkit Scanner.exe[596] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B80000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00A00000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A20000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 5 Bytes JMP 00DF0000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] ADVAPI32.dll!CryptImportKey 77DBA1F1 5 Bytes JMP 00DB0000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] ADVAPI32.dll!CryptGenKey 77DE1849 5 Bytes JMP 00DD0000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00D50000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] ws2_32.dll!send 71A14C27 5 Bytes JMP 00D70000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!CommitUrlCacheEntryA 408C0F78 5 Bytes JMP 00CD0000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 00C50000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!HttpAddRequestHeadersA 408CCF46 5 Bytes JMP 00D10000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00C70000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 00CB0000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!HttpAddRequestHeadersW 408CFE49 5 Bytes JMP 00D30000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 00C90000
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1148] wininet.dll!CommitUrlCacheEntryW 408E3085 5 Bytes JMP 00CF0000
.text C:\WINDOWS\Explorer.EXE[1724] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00D00000
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 02E70000
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[3140] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00A40000
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe[3140] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A60000
.text D:\Programme\Browser MOUSE\mouse32a.exe[3148] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00C20000
.text D:\Programme\Browser MOUSE\mouse32a.exe[3148] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00C40000
.text D:\Programme\Avira\AntiVir Workstation\avgnt.exe[3156] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01140000
.text D:\Programme\Avira\AntiVir Workstation\avgnt.exe[3156] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01160000
.text D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3172] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00A20000
.text D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3172] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A40000
.text C:\Programme\QuickTime\qttask.exe[3304] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 003F0000
.text C:\Programme\QuickTime\qttask.exe[3304] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B00000
.text D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3376] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00D40000
.text D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3376] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00D60000
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
15.06.2010, 17:53
| #3 |
| | Auffälligkeiten b Firefox, kein Zugriff auf passwordgeschützte Worddatei etc. Und hier nun der Logfile von OSAM. Ich hoffe, du kannst daraus nun eine Lösung für meine Probleme finden... nochmals ganz, ganz lieben DANK für die Mühe, die ich dir mache...
__________________Ich kann jetzt den Virenscanner und die Firewall wieder aktivieren, richtig? LG Pauline OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:50:02 on 15.06.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "1-Click Maintenance.job" - "TuneUp Software GmbH" - D:\Programme\TuneUp Utilities 2008\OneClick.exe "1-Klick-Wartung.job" - ? - D:\Programme\TuneUp Utilities 2008\OneClickStarter.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information) "CMDVDPak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\CMDVDPak.cpl "ImageDrive.cpl" - "Nero AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl "AntiVir PersonalEdition Classic Konfiguration" - ? - D:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir Professional " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS "catchme" (catchme) - ? - C:\DOKUME~1\MP\LOKALE~1\Temp\catchme.sys (File not found) "cdudf_xp" (cdudf_xp) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\cdudf_xp.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys "DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys (File not found) "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\WINDOWS\System32\Drivers\dsltestSp5.sys (File not found) "dvd_2K" (dvd_2K) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\dvd_2K.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "GearAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "imagedrv" (imagedrv) - "Ahead Software AG" - C:\WINDOWS\System32\Drivers\imagedrv.sys "imagesrv" (imagesrv) - "Ahead Software AG" - C:\WINDOWS\System32\DRIVERS\imagesrv.sys "kwlorfow" (kwlorfow) - ? - C:\DOKUME~1\MP\LOKALE~1\Temp\kwlorfow.sys (Hidden registry entry, rootkit activity | File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS "mmc_2K" (mmc_2K) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\mmc_2K.sys "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - D:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS "PCANDIS5" (PCANDIS5) - ? - C:\PROGRA~1\T-Online\DSL-MA~1\PCANDIS5.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPDevice" (ppsio2) - ? - C:\WINDOWS\system32\drivers\ppsio2.sys "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "pwd_2k" (pwd_2k) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\pwd_2k.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RxFilter" (RxFilter) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\RxFilter.sys "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - d:\Programme\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - D:\Programme\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {92A94EB1-16E9-44D8-A98A-9C3CCE9B25E8} "FILEminimizer Shell Extension" - ? - d:\Programme\FILEminimizer Suite\FILEMShell.dll (File found, but it contains no detailed information) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Computer, Inc." - D:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Sonic Solutions" - D:\Programme\Roxio\WinOnCD 8\Drag to Disc\Shellex.dll {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} "RXDCExtShlExt extension" - ? - D:\Programme\Roxio\WinOnCD 8\Virtual Drive\DC_ShellExt.dll (File found, but it contains no detailed information) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\PROGRA~1\TUNEUP~3\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Programme\kikin\ie_kikin.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - D:\Programme\Adobe Contribute CS3\contributeieplugin.dll <binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - D:\Programme\Adobe Contribute CS3\contributeieplugin.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {E601996F-E400-41CA-804B-CD6373A7EEE2} "kikin Plugin" - "kikin" - C:\Programme\kikin\ie_kikin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\MP\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Getdo" - ? - rundll32.exe "C:\Dokumente und Einstellungen\MP\Anwendungsdaten\Adobe\Update\flacor.dat"" (File found, but it contains no detailed information) "TomTomHOME.exe" - "TomTom" - "d:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Workstation\avgnt.exe" /min "FinePrint Dispatcher v5" - "FinePrint Software, LLC" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe "FLMOFFICE4DMOUSE" - ? - D:\Programme\Browser MOUSE\mouse32a.exe "QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL "FPR5:" - "FinePrint Software, LLC" - C:\WINDOWS\system32\fpmon5.dll "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AAV UpdateService" (AAV UpdateService) - ? - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Professional Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\avguard.exe "Avira AntiVir Professional MailGuard" (AntiVirMailService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\avmailc.exe "Avira AntiVir Professional MailGuard Hilfsdienst" (AVEService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\avesvc.exe "Avira AntiVir Professional Planer" (AntiVirScheduler) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\sched.exe "Avira AntiVir Professional WebGuard" (antivirwebservice) - "Avira GmbH" - D:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPodService" (iPodService) - "Apple Computer, Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe "LiveShare P2P Server" (RoxLiveShare) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe "Roxio Hard Drive Watcher" (RoxWatch) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe "RoxMediaDB" (RoxMediaDB) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe "RoxUpnpRenderer" (RoxUPnPRenderer) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe "RoxUpnpServer" (RoxUpnpServer) - "Sonic Solutions" - D:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - d:\Programme\TomTom HOME 2\TomTomHOMEService.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - ? - WgaLogon.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\WINDOWS\system32\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu Auffälligkeiten b Firefox, kein Zugriff auf passwordgeschützte Worddatei etc. |
| ad-aware, antivir, ausgesperrt, avira, bho, bitte um hilfe, blinkt, bonjour, computer, downloader, ebay, excel, firefox, flacor.dat, free download, hijack, hilfe!!, hkus\s-1-5-18, home, internet, internet explorer, langsam, maus, nicht öffnen, object, plug-in, pop-up-blocker, rundll, sehr langsam, software, starten, system, tab öffnen, windows, windows xp, word benutzer besitzt keine zugriffsrecht, zugriffsrecht |
Hybrid-Darstellung
