| |
| |||||||
Log-Analyse und Auswertung: Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.-Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.12.2010, 17:19
| #46 |
| Gast |  Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- also ich soll meine windows firewall deaktivieren?? |
|
08.12.2010, 20:13
| #47 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- ja mach mal vorübergehend
__________________
__________________ |
|
08.12.2010, 23:46
| #48 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- ok.. hier..
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-12-07.06 - renshen 08.12.2010 23:38:39.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3255.1979 [GMT 1:00]
ausgeführt von:: c:\users\renshen\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\renshen\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
FILE ::
"c:\users\Nhan\AppData\Roaming\20193.bat"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Nhan\AppData\Roaming\20193.bat
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-08 bis 2010-12-08 ))))))))))))))))))))))))))))))
.
2010-12-08 22:43 . 2010-12-08 22:43 -------- d-----w- c:\users\Nhan\AppData\Local\temp
2010-12-08 22:43 . 2010-12-08 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-08 22:43 . 2010-12-08 22:43 -------- d-----w- c:\users\Cao\AppData\Local\temp
2010-12-07 19:02 . 2010-12-07 19:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-12-07 18:59 . 2010-12-07 18:59 -------- d-----w- c:\windows\system32\BestPractices
2010-12-07 18:59 . 2010-12-07 18:59 -------- d-----w- C:\inetpub
2010-12-04 09:07 . 2010-12-04 09:08 -------- d-----w- c:\users\renshen
2010-12-02 15:04 . 2010-12-02 15:04 -------- d-----w- c:\program files\CCleaner
2010-11-28 19:48 . 2010-11-28 19:48 -------- d-----r- c:\users\Nhan\AppData\Roaming\Brother
2010-11-22 20:43 . 2010-11-22 20:43 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 14:06 . 2010-08-27 16:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 14:06 . 2010-08-27 16:24 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-23 20:10 . 2010-10-23 20:10 388096 ----a-r- c:\users\Nhan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-02-02 19:18 . 2010-02-02 19:18 10182144 ----a-w- c:\program files\openofficeorg32.msi
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-01-12 678432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 166936]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-14 14817896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2010-04-06 2069840]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-08-19 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-29 281768]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
c:\users\Nhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\users\renshen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-3 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2010-03-03 120144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-12-04 29208]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-03-12 55888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-29 135336]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2010-09-22 355720]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2009-12-04 318488]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-03-03 297808]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-12-16 991776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - oxwdeebg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire
BullGuard_LowPriv REG_MULTI_SZ BsBrowser
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539451478-733840103-1462338374-1000Core.job
- c:\users\Nhan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-22 17:08]
2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539451478-733840103-1462338374-1000UA.job
- c:\users\Nhan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-22 17:08]
2010-12-08 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-10-24 11:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\windows\system32\BGLsp.dll
FF - ProfilePath - c:\users\renshen\AppData\Roaming\Mozilla\Firefox\Profiles\qmb644nl.default\
FF - component: c:\program files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\components\BGFFComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: BullGuard Antiphishing Toolbar: antiphishing@bullguard - c:\program files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\oxwdeebg]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-08 23:44:47
ComboFix-quarantined-files.txt 2010-12-08 22:44
ComboFix2.txt 2010-12-07 19:47
Vor Suchlauf: 13 Verzeichnis(se), 314.907.357.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 314.847.870.976 Bytes frei
- - End Of File - - 3204E88EF315AF04C44B8AD987E3F359
achja ich hab keine neustart anfrage erhalten ne!! |
|
09.12.2010, 10:09
| #49 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.12.2010, 21:19
| #50 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- ok muss ich iwas ausschalten oder die programme und die firewall einfach an lassen? |
|
10.12.2010, 10:41
| #51 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- Folge einfach den Anleitungen
__________________ --> Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- |
|
11.12.2010, 11:50
| #52 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- hab jez am ende des GMER scans die warnung erhalten dass iwelche rootkits gefunden wurden die mein system blablabla.. konnte aber nur auf ok und nicht auf ja ode nein klicken hier ist jez das log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-11 11:48:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: f4tty8qp.exe; Driver: C:\Users\renshen\AppData\Local\Temp\pwkyikob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83048579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8306CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\oxwdeebg.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text peauth.sys AD950C9D 28 Bytes CALL 214868C3
.text peauth.sys AD950CC1 28 Bytes CALL 214868E7
---- User code sections - GMER 1.0.15 ----
? C:\Windows\System32\svchost.exe[4624] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
? C:\Windows\System32\svchost.exe[4820] image checksum mismatch; time/date stamp mismatch;
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [9170D0C2] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9170D0C2] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9170D0C2] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2536] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [758F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2536] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [758F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [758F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2536] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [758F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2536] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [758F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 017AC7E9
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 11E3E800
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 8A0F0000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] 00004019
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] F766E828
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 8AB7AFC7
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] 8056FF46
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 39F5A5FC
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 66D830CC
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] 737FC2F7
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 60FFC683
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] E2BA0F66
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] EC839C07
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 90870FD8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 04000040
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 17B8E91C
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 04890000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 7C896024
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 0EE91C24
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] 6600000C
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 2FF1A30F
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 000338E8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExA] CDE9B800
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 600000A7
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 00102BE8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] B28C0F00
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 52000017
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 60005DDC
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 24648D9C
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 03DEE928
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 4CE80000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 9C00000E
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 88242488
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 44892404
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 081CE824
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegCloseKey] 9D302474
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegOpenKeyExW] 08247C88
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 3424648D
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 0003B3E9
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] 40AFE800
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 60600000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegQueryValueExW] 0000F2E8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 38148B00
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 000A74E9
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] ED839C00
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 40A4E902
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] BC0F0000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] F0C02FC4
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegDisablePredefinedCacheEx] 00458B06
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 044D8A8B
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 11B2E8F9
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObjectEx] 6BE80000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 9C000002
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 0012A6E9
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 90C2F700
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 00156CE8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 0F4BE900
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 9C980001
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] C3B60F66
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E904458B
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 0000089F
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 24448F9C
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] F3E99C28
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] E9000000
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventWrite] 00000999
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventEnabled] BDC3E9CB
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventRegister] 648D0001
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 8E0F2424
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 8DC42404
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] E9302464
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 000002E8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 68C33166
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 143C84A8
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] FF02ED83
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 66042474
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] C6004589
IAT C:\Windows\System32\svchost.exe[4624] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 66772404
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 51EC8B55
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 1845DB51
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] F855DD56
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] E8084DDC
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 000004D2
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] FF184589
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] 40515C15
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] F845DD00
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 8B104DDC
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] 1865DAF0
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 0004B9E8
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 8BC88B00
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] F74199C6
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] C28B5EF9
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] C9184503
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 40515C15
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 244C8B00
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 748D9908
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] FEF70109
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] 2BC28B5E
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 244403C1
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 15FFC308
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExA] [0040515C] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 04244C8B
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] F9F74199
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFC3C28B
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 40515C15
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 646A9900
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 33F9F759
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 24543BC0
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] C09C0F04
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] EC8B55C3
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 0204EC81
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 68560000
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 515415FF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegCloseKey] 00FFB8F0
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegOpenKeyExW] 8D500000
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] FFFEFC8D
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] C93351FF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] 558D5151
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 8D5052FC
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegQueryValueExW] FFFDFC85
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] FF5150FF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 40504415
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 56216A00
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] FFFC75FF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 40515815
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 0CC48300
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegDisablePredefinedCacheEx] C01BD8F7
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] EC8B55C3
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 458B5151
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObjectEx] 33565308
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 57C88BF6
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 33FC7589
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 01518DFF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 802974CA
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 7420063C
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [75FF850A] C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 45FF470C
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 8506EBFC
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 330274FF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 46C88BFF
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8A01518D
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] DB844119
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] CA2BF975
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventWrite] D772F13B
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventEnabled] 5FFC458B
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventRegister] C3C95B5E
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 83EC8B55
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FF0A7500
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 45C7F845
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 000001FC
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 0C4D8B00
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] F84D3941
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 016A3275
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 15FF5750
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [00405150] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[4820] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] EB0CC483
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 88BCAA98
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\nsiproxy \Device\Nsi afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] oxwdeebg <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg@orjezo -766984395
Reg HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\oxwdeebg@orjezo -766984395
Reg HKLM\SYSTEM\ControlSet002\services\oxwdeebg@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\oxwdeebg@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\oxwdeebg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\oxwdeebg@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----
|
|
11.12.2010, 14:42
| #54 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- Klick bitte auf Skip
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2010, 16:40
| #55 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- ok OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:39:58 on 11.12.2010 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1539451478-733840103-1462338374-1000Core.job" - "Google Inc." - C:\Users\Nhan\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1539451478-733840103-1462338374-1000UA.job" - "Google Inc." - C:\Users\Nhan\AppData\Local\Google\Update\GoogleUpdate.exe "RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "afwcore" (afwcore) - "Agnitum Ltd." - C:\Windows\System32\DRIVERS\afwcore.sys "Agnitum Firewall Driver" (AFW) - "Agnitum Ltd." - C:\Windows\System32\DRIVERS\afw.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BdSpy" (BdSpy) - "BullGuard Ltd." - C:\Windows\System32\DRIVERS\BdSpy.sys "catchme" (catchme) - ? - C:\Users\renshen\AppData\Local\Temp\catchme.sys (File not found) "esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (File not found) "oxwdeebg" (oxwdeebg) - ? - C:\Windows\system32\drivers\oxwdeebg.sys (Hidden registry entry, rootkit activity | File not found) "Profos" (Profos) - "BitDefender S.R.L." - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys "Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} "VoilaXctl Class" - "Belarc, Inc." - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {9458E603-FF43-4134-9036-04B4C71791E3} "BackupCopyHook Class" - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll {1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Online-Laufwerk" - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\NAMEEXT.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\Nv3DAppShExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} "BullGuard" - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) "ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {FC872B94-35E3-4B94-B028-184A2A1C7CCE} "BGAntiphishingBHO Class" - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\renshen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BullGuard" - "BullGuard Ltd." - "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot "ClamWin" - "alch" - "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BgRaSvc" (BgRaSvc) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe "BullGuard antiphishing service" (BsBrowser) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll "BullGuard e-mail monitoring service" (BsMailProxy) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll "BullGuard firewall service" (BsFire) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll "BullGuard main service" (BsMain) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll "BullGuard on-access service" (BsFileScan) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll "BullGuard scanning service" (BsScanner) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe "BullGuard update service" (BsUpdate) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "BGLsp" - "BullGuard Ltd." - C:\Windows\system32\BGLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
12.12.2010, 17:16
| #56 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.-Zitat:
Poste danach neue Logs von GMER und OSAM, denk auch an das Log von mbrcheck.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2010, 21:20
| #57 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- komisch nachdem ich alles nach anweisung gemacht habe ist osam nachm neustart nicht wieder automatisch gestartet hab daher auch keinen report den ich hier reinposten kann.. es ist naemlich auch ein fenster erschienen das glaub ihc nicht erscheinen sollte als ich ich auf apply geklickt habe hier: die meldung die ich meine sah so aehnlich aus wie diese aufm bild die mir erschienen ist als ich osam nach dem neustarten selbst gestartet hab  und das "oxwdeebg" dingsda ist immer noch bei den entries zufinden aber ohne haekchen |
|
13.12.2010, 09:05
| #58 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\services\oxwdeebg
HKLM\SYSTEM\ControlSet002\services\oxwdeebg
Files to delete:
C:\Windows\system32\drivers\oxwdeebg.sys
Drivers to delete:
oxwdeebg
oxwdeebg.sys
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2011, 15:45
| #59 |
| Gast | Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- hab windows neu draufgepackt hoffe dat die probleme behoben worden sind!! und es niemehr welche gibt |
|
| Themen zu Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.- |
| 7-zip, autorun, avgntflt.sys, avira, bho, converter, corp./icp, druck, ebay, enigma, error, excel, excel.exe, fehler, firefox, flash player, fontcache, helper, home, home premium, iastor.sys, install.exe, launch, location, logfile, microsoft office word, microsoft security, microsoft security essentials, mozilla, mp3, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, plug-in, realtek, registry, rundll, safer networking, saver, scan, security, security update, senden, server, shell32.dll, software, super, usb, usb 2.0, webcheck, windows, wireless lan |
