| |
| |||||||
Log-Analyse und Auswertung: gomeo tips hier befolgt...folgenedes Protokoll..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.12.2010, 14:37
| #31 |
 |  gomeo tips hier befolgt...folgenedes Protokoll.. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 137): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806CE000 \WINDOWS\system32\hal.dll 0xBADA8000 \WINDOWS\system32\KDCOM.DLL 0xBACB8000 \WINDOWS\system32\BOOTVID.dll 0xBA778000 ACPI.sys 0xBADAA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xBA767000 pci.sys 0xBA8A8000 isapnp.sys 0xBA8B8000 ohci1394.sys 0xBA8C8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xBACBC000 compbatt.sys 0xBACC0000 \WINDOWS\System32\DRIVERS\BATTC.SYS 0xBAE70000 pciide.sys 0xBAB28000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xBA749000 pcmcia.sys 0xBA8D8000 MountMgr.sys 0xBA72A000 ftdisk.sys 0xBACC4000 ACPIEC.sys 0xBAE71000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 0xBAB30000 PartMgr.sys 0xBA8E8000 VolSnap.sys 0xBA712000 atapi.sys 0xBA8F8000 disk.sys 0xBA908000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xBA6F3000 fltmgr.sys 0xBA6E1000 sr.sys 0xBA918000 PxHelp20.sys 0xBA6CA000 KSecDD.sys 0xBA63D000 Ntfs.sys 0xBA610000 NDIS.sys 0xBA5F5000 Mup.sys 0xBAB38000 BTHidMgr.sys 0xBA938000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xBA968000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xBAD88000 \SystemRoot\System32\DRIVERS\CmBatt.sys 0xB9A59000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB9A45000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9A20000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xBAC00000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xB99FD000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xBAC08000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xBAC10000 \SystemRoot\System32\DRIVERS\SonyNC.sys 0xBA978000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xBAC18000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xBAC20000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xBA988000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA998000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xBA9A8000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB99DA000 \SystemRoot\System32\DRIVERS\ks.sys 0xBAC28000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xBA9B8000 \SystemRoot\System32\Drivers\VcommMgr.sys 0xBAD90000 \SystemRoot\system32\DRIVERS\vbtenum.sys 0xBA9C8000 \SystemRoot\system32\DRIVERS\jswscimd.sys 0xBAC30000 \SystemRoot\system32\DRIVERS\blueletaudio.sys 0xB99B8000 \SystemRoot\system32\DRIVERS\portcls.sys 0xBA9D8000 \SystemRoot\system32\DRIVERS\drmk.sys 0xBAF64000 \SystemRoot\System32\DRIVERS\audstub.sys 0xBADD6000 \SystemRoot\System32\Drivers\RootMdm.sys 0xBAC38000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA9E8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBAD94000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB99A1000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xBA9F8000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xBAA08000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xBAC40000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB98F0000 \SystemRoot\System32\DRIVERS\psched.sys 0xBAA18000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xBAC48000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xBAC50000 \SystemRoot\System32\DRIVERS\raspti.sys 0xBA5C0000 \SystemRoot\system32\DRIVERS\btnetdrv.sys 0xBAC58000 \SystemRoot\system32\DRIVERS\VComm.sys 0xBA5BC000 \SystemRoot\system32\DRIVERS\serenum.sys 0xBAA28000 \SystemRoot\System32\DRIVERS\termdd.sys 0xBADDA000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB98BC000 \SystemRoot\System32\DRIVERS\update.sys 0xBA5B8000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xBAA38000 \SystemRoot\system32\DRIVERS\wsimd.sys 0xBAA48000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB65E4000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xBAA58000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xBADE0000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xBAA68000 \??\C:\WINDOWS\system32\drivers\SSHDRV57.sys 0xBADE2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBAEAF000 \SystemRoot\System32\Drivers\Null.SYS 0xBADE4000 \SystemRoot\System32\Drivers\Beep.SYS 0xBAC78000 \SystemRoot\System32\drivers\vga.sys 0xBADE6000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBADE8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBAC80000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBAC88000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBAD64000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB6589000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB6531000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB6509000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB64E7000 \SystemRoot\System32\drivers\afd.sys 0xBAA78000 \SystemRoot\System32\DRIVERS\netbios.sys 0xBAC90000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB64C5000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 0xBAC98000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 0xB6499000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xB642A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xBAA98000 \SystemRoot\System32\Drivers\Fips.SYS 0xB6409000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xBAAA8000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xBAAB8000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xB8A98000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xBAAD8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0xBACA0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS 0xB62F9000 \SystemRoot\system32\DRIVERS\WN111v2.sys 0xB62DD000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xB8A94000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xBADEC000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xB8A90000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xBA948000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB62C5000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBADFE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBAB90000 \SystemRoot\System32\watchdog.sys 0xB65B4000 \SystemRoot\System32\drivers\Dxapi.sys 0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys 0xBAF39000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF9D3000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB5D90000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xBABE0000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xB5D2A000 \SystemRoot\System32\DRIVERS\nwlnkipx.sys 0xB5E9C000 \SystemRoot\System32\DRIVERS\nwlnknb.sys 0xB5B45000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xB5A40000 \SystemRoot\system32\drivers\wdmaud.sys 0xB5C0A000 \SystemRoot\system32\drivers\sysaudio.sys 0xB5916000 \SystemRoot\System32\Drivers\SENTINEL.SYS 0xB594B000 \SystemRoot\System32\DRIVERS\nwlnkspx.sys 0xB57AB000 \SystemRoot\System32\DRIVERS\srv.sys 0xB5332000 \SystemRoot\System32\Drivers\HTTP.sys 0xBADD4000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xBABA8000 \??\C:\DOKUME~1\Sandra\LOKALE~1\Temp\catchme.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 33): 0 System Idle Process 4 System 1288 C:\WINDOWS\system32\smss.exe 1416 csrss.exe 1448 C:\WINDOWS\system32\winlogon.exe 1492 C:\WINDOWS\system32\services.exe 1504 C:\WINDOWS\system32\lsass.exe 1660 C:\WINDOWS\system32\svchost.exe 1720 svchost.exe 1760 C:\WINDOWS\system32\svchost.exe 1848 svchost.exe 2028 svchost.exe 160 C:\WINDOWS\system32\spoolsv.exe 196 C:\WINDOWS\system32\acs.exe 224 C:\Programme\Avira\AntiVir Desktop\sched.exe 1248 C:\Programme\Avira\AntiVir Desktop\avguard.exe 1264 C:\Programme\Bonjour\mDNSResponder.exe 388 C:\Programme\Java\jre6\bin\jqs.exe 420 C:\Programme\Kodak\Printer\Center\KodakSvc.exe 584 C:\WINDOWS\system32\nvsvc32.exe 692 C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe 912 C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe 1052 C:\WINDOWS\system32\svchost.exe 1156 wdfmgr.exe 2712 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2852 alg.exe 3536 wmiprvse.exe 808 C:\WINDOWS\system32\svchost.exe 3064 C:\WINDOWS\explorer.exe 3940 C:\Programme\Mozilla Firefox\firefox.exe 2508 C:\Programme\Mozilla Firefox\plugin-container.exe 1076 C:\DOKUME~1\Sandra\LOKALE~1\temp\Rar$EX00.687\osam.exe 1468 C:\Dokumente und Einstellungen\Sandra\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`63719c00 (NTFS) PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
09.12.2010, 14:43
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | gomeo tips hier befolgt...folgenedes Protokoll.. Das ist nicht GMER!!
__________________
__________________ |
|
09.12.2010, 18:20
| #33 |
| | gomeo tips hier befolgt...folgenedes Protokoll.. gmer lässt sich nicht kopieren
__________________ |
|
09.12.2010, 19:45
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gomeo tips hier befolgt...folgenedes Protokoll.. Was lässt sich nicht kopieren? Du sollst nicht GMER kopieren, sondern nach Anleitung ausführen und das Log hier posten. Wenn was nicht klappt bitte so beschreiben, dass man nicht rumraten muss was du da meinen könntest!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.12.2010, 09:17
| #35 |
| | gomeo tips hier befolgt...folgenedes Protokoll.. kann das log nicht posten |
|
10.12.2010, 09:24
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gomeo tips hier befolgt...folgenedes Protokoll.. ja und woran genau scheitert das? Lass dir bitte nich alles aus der Nase ziehen, DU willst die Hilfe also musst du mit Infos kommen!
__________________ --> gomeo tips hier befolgt...folgenedes Protokoll.. |
|
11.12.2010, 08:15
| #37 |
| | gomeo tips hier befolgt...folgenedes Protokoll.. sorry, aber ich weis nicht woran es lag. aber jetzt hab ich es GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-11 08:13:26
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: do7xdrcj.exe; Driver: C:\DOKUME~1\Sandra\LOKALE~1\Temp\fxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT BAFDF74E ZwCreateKey
SSDT BAFDF744 ZwCreateThread
SSDT BAFDF753 ZwDeleteKey
SSDT BAFDF75D ZwDeleteValueKey
SSDT BAFDF762 ZwLoadKey
SSDT BAFDF730 ZwOpenProcess
SSDT BAFDF735 ZwOpenThread
SSDT BAFDF76C ZwReplaceKey
SSDT BAFDF767 ZwRestoreKey
SSDT BAFDF758 ZwSetValueKey
SSDT BAFDF73F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9252360, 0x32D25D, 0xE8000020]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0012c8002712
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0012c8002712 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft-Datentr?gerkontingent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer-Zonenzuordnung
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer-Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Softwareinstallation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@Hilfeassistent 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
---- EOF - GMER 1.0.15 ----
|
|
11.12.2010, 14:27
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | gomeo tips hier befolgt...folgenedes Protokoll.. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu gomeo tips hier befolgt...folgenedes Protokoll.. |
| 0x00000001, build, command, device, edition, file, fix, found, gomeo, home, mas, master, microsoft, protokoll, sector, service, service pack 2, tipps, unknow, unknown, version, volume, windows, windows xp, xp home |
Linear-Darstellung
