| |
| |||||||
Log-Analyse und Auswertung: Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.05.2011, 19:21
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2011, 19:38
| #17 |
 | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Das Tool von Kaspersky wird nicht ausgeführt. Ich starte als Admin, dann soll ich das PW eingeben und dann passiert nichts mehr. Was kann ich tun? Soll ich den PC neu starten? Windows 7 kündigt ein Update an. Ist das entscheidend?
__________________ |
|
12.05.2011, 19:41
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Führ nochmal CF aus aber so:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
12.05.2011, 20:04
| #19 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? erledigt: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-11.04 - Bjoern 12.05.2011 20:55:01.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3037.1857 [GMT 2:00]
ausgeführt von:: c:\users\Redakteur\Desktop\CoFi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-12 bis 2011-05-12 ))))))))))))))))))))))))))))))
.
.
2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\users\Helihausen\AppData\Local\temp
2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-12 18:59 . 2011-05-12 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 19:07 . 2011-05-11 19:07 -------- d-----w- c:\users\Redakteur\AppData\Roaming\Avira
2011-05-11 16:32 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 16:12 . 2011-05-11 16:12 709456 ----a-w- c:\windows\isRS-000.tmp
2011-05-11 15:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D1BB2F-7E24-4E8A-9279-2D5E12A8E8ED}\mpengine.dll
2011-05-10 02:59 . 2011-05-12 18:59 -------- d-----w- c:\users\Bjoern\AppData\Local\temp
2011-05-10 02:35 . 2011-05-10 02:35 -------- d-----w- c:\program files\CCleaner
2011-05-10 02:32 . 2011-05-10 02:32 -------- d-----w- c:\program files\CleanUp!
2011-05-10 02:15 . 2011-05-10 02:15 -------- d-----w- c:\users\Helihausen\AppData\Roaming\Malwarebytes
2011-05-10 02:13 . 2011-05-10 02:13 -------- d-----w- c:\users\Redakteur\AppData\Roaming\Malwarebytes
2011-05-09 20:40 . 2011-05-09 20:40 -------- d-----w- c:\users\Bjoern\AppData\Roaming\Malwarebytes
2011-05-09 20:39 . 2011-05-09 20:39 -------- d-----w- c:\programdata\Malwarebytes
2011-05-09 20:39 . 2011-05-11 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 20:24 . 2011-05-09 20:24 -------- d-----w- c:\users\Redakteur\AppData\Roaming\Apple Computer
2011-05-09 20:02 . 2011-05-09 20:02 -------- d-----w- c:\users\Helihausen\testordner
2011-05-08 12:56 . 2011-05-08 12:56 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-08 12:29 . 2011-05-08 12:30 -------- d-----w- c:\windows\AxInstSV
2011-05-06 19:44 . 2011-05-06 19:44 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:44 . 2011-05-06 19:44 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:44 . 2011-05-06 19:44 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:44 . 2011-05-06 19:44 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:44 . 2011-05-06 19:44 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:44 . 2011-05-06 19:44 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:44 . 2011-05-06 19:44 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 19:44 . 2011-05-06 19:44 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-01 05:35 . 2011-05-01 05:35 -------- d-----w- c:\users\Helihausen\AppData\Roaming\Avira
2011-04-27 17:43 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:43 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:43 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:43 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:43 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:43 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:43 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:43 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:43 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:43 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:42 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 17:42 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 17:28 . 2010-10-06 17:01 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 20:35 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 20:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 20:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-06 19:44 . 2011-05-06 19:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-18 15:01 . 2010-10-18 15:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-16 13797992]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-24 495728]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-08-19 192000]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-07-07 343552]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2009-08-05 413696]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\HomeCinema\YouCam\YouCamTray.exe" [2009-07-23 162912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-18 30192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2011-03-01 678920]
R3 DCamUSBSTK02H;STK02H Camera;c:\windows\system32\DRIVERS\STK02HW2.sys [2007-03-21 101520]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-18 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [2010-03-10 605568]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 603240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\wtgservice.exe [2010-10-31 329168]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-06 42496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-12 67688]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-08-06 313856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:35]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:35]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003Core.job
- c:\users\Helihausen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 07:06]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003UA.job
- c:\users\Helihausen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 07:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\lj14nljk.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-12 21:01:52
ComboFix-quarantined-files.txt 2011-05-12 19:01
ComboFix2.txt 2011-05-10 02:59
.
Vor Suchlauf: 11 Verzeichnis(se), 342.112.960.512 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 341.380.853.760 Bytes frei
.
- - End Of File - - 3F91D680600F468841FFCF862E27350A
|
|
13.05.2011, 06:42
| #20 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Hey Jungens, heute morgen habe ich geschaut, ob auf mein Post eine Antwort kam. Beim Rechnerstart hat Windows 7 versucht, ein Update durchzuführen. Dies ist gescheitert. Ist bestimmt auch auf die Infizierung zurück zu führen. Wie gehts nun weiter? Was ist denn aus dem Combofix rauszulesen? |
|
13.05.2011, 17:12
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? |
|
13.05.2011, 22:08
| #22 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-13 22:46:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003
Running: gkh9om3r.exe; Driver: C:\Users\Bjoern\AppData\Local\Temp\ugriipow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83850589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83875092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3256] WININET.dll!HttpAddRequestHeadersA 762A9ABA 5 Bytes JMP 005418D5
.text C:\Windows\Explorer.EXE[3256] WININET.dll!HttpAddRequestHeadersW 762B0848 5 Bytes JMP 00541A9D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1912] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75875E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 87C351ED
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000013f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:284] 87C39E7A
Thread System [4:288] 87C3C008
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ????????? ????????????????????????"?????p???????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????????*6to4mp?????? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0188?????????????? ????????????N?????????????????{FCE56CD5-5754-47EB-B556-12812C2256DC}??????????????????????????? ?????????????????????????????????????kad????????)?????????? ?????????????????????1????????????&????????????????????????????????????????????????9??D0??????????????????ev??? ?????????????????????1????????????&????????????????????c??? ?????????????????????1????????????????????????????? ?????????????????????1????????z????????????????????????????8??2F????z??????1??87??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?5???????????c???e??tunnel?968??? .??????A?????-8C??Microsoft-6zu4-Adapter?6_{??????????????????????????????????????????ic??? ?????????????????????1??????????????????????????????????????????????????????1C-A7C1-A901??? ?????????????????????1????????.???????????????????? p
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ????0E??*6to4mp?A???????????????Microsoft-6zu4-Adapter???????????????-??E4??? Z?????????????????Microsoft-6zu4-Adapter???????k?l?l?m?t?u?m?|?|?|?|???n??System Reserved?Ne???u?u?u?u?u?u?u??????????2D??????70???????????8??BF????N???????????D???????N???????????D?????????6????????C??????S ??????4D???????2????????????????????N???????????D???????N???????????D? ??? ?????????????????????????????????????????m???????????????z??????1??43??@volsnap.inf,%storage\volumesnapshot.devicedesc%;Standard-Volumeschattenkopie???????????????????????????????????? ????????????????????????????????????????????sD3-??6.1.7600.16385??"{??? ???????????????????????????????????????f??? ?????????????????????1??L????????? ??????69?????????????????0-47??? ?????????????????????1????????????&????????????????????c??? ?????????????????????1????????????????????? ?????????????????????1????????z???????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?5????????????????????.?????????????????????????? ?????????????????????1????????????&??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ????????????cb??????4D???????????B???????|???5???????2???????????????????????????????????????????????????????????????????????????????????????0??}??????????????????s?????????????????e???????????6??s???????????????????????????????????????????????????6-???????????B???????????????????????????9???e??? ??7???????????x?????6?????????????16??Microsoft-6zu4-Adapter #55?6?2???????????3???????????????????????????????????????????????4???h??nettun.inf?53???????? ?????????????????????1?????????????????????????????0??????}"??? ?????????????????????1?????????????????????????????????????????????????????????8??B0???????????"??3-??@nettun.inf,%msft%;Microsoft?e???????????_??????????*6to4mp?A-??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????-??8C???????????9??????? ?????????????????????,????????????'???????????????????????? p?????????????????? "?????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????*6to4mp?????? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????????????????????????????????????p????????k???????e??????????????????? ???????s?????s?????s?????????????? ????????????????????????e??? ???????s???????????s???????????????????????????s???????????r??CSMI=None;????????????????5??????u?u?u???s??????????????? ???????s???????????s?????????????????????????????s???s????? ???????o?????s????????????????V???????????system32\DRIVERS\AgileVpn.sys???Video Save???????????????U???????????s??WAN Miniport (IKEv2)??????^??t?????????n?????????????????????????????s???????\??????????????????@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100???????????p???????????????????s??????s???? ???????s?????s???????????????????? ?????? ???????s????? ???????s??????????????????????????????????????????????? ???????s???????? ??s????????r?p??? ?????????????H??s?????????????????????????4?????????? ???????????????????H??s???????????/?????????????4?????????? ???????????????????0??s???????????????????????????????????????????9p??s????????????????????????????????/????????????????\???(??????P????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????6-21-2006????????????0?????????e????oem29.inf:Realtek.NTx86.6.1:RTL8192su.ndi:1086.27.708.2010:usb\vid_0bda&pid_8172?l??Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter?lle??????????????????netvwifibus.inf?????\??\USB#VID_0C45&PID_6310#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}t?7??USB 2.0 Camera???????????????????????????????????????????????????????????????????i???????i???????i??Microsoft???? ???????????????????????????????????????f??????????????????????????????????????????????\\?\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{9B39C062-67DE-4F66-B3E4-631758B5B88C}?AC????????????X??????????t????????????????????z??????????????????????????????????????v???m???????????l??s???????????????????#????????}???????????2??????ic??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????ma??{17CCA71B-ECD7-11D0-B908-00A0C9223196}???????????????0???????t??????????????????volsnap.inf????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???????????????????????????????{?????????u??? ???????o?????u?????p??????????`????????r???u???????????????????&??Virtual WiFi Filter Driver?A92??Net?" ???????????????u???z???u????:????????g????11???????????u???????????-??tA??????????????????????Virtueller WiFi-Bustreiber?ers\vwifibus.sys,-257????system32\DRIVERS\vwifimp.sys??????X??????v???t????????????????????????6??u???S?????etB??????.s???u???????u??? ???????|???????????u????????,?D??? ???????????? D??u??????????????%SystemRoot%\System32\termsrv.dll????????????????????????????u?u????? ???????|???????? ??u??????????(??????????e?????????u??????e???CloseTSObject????????????????????t??3728??????(??u???????t??CollectTSObjectData????????????????????????????u???u?????????u??????????OpenTSObject?????????u???????y??perfts.dll??????????????????t??????????????????e?????????u?????????e????tslabels.ini????? ??????????????????? ??????????????r????????????????????????? ??u?????????t?????u????????????????p??????u?u?u?u?u?u?u?u?u?u?u?u?u??? ???????o?????u?? ??u????????$????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???????????????????g????????16???????????????????????????c???f???????????????????????u??????????????????????????????????????????6??????????????g???????????????????????o???????????????????????o????????????????????????????192.168.137.1???????????????????????p????????p???????5??????????????t??????????????g????????????? ???i???????????e???????????#???#???????????????????????????s?j?s?t?t?t?t??@%systemroot%\system32\srvsvc.dll,-102???????????t????D??t????????????????T??u????????h??????????????????????????????????????????????????_????????????????????????b????????????e?????????y??????????????n???????????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t???????????????????????????????????????t???????????6??%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation????????? ?????????????J??t???-??????????@%SystemRoot%\ehome\ehr
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????????????\\?\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}?{????$??????F???????3????????????????????z?????????ce??tunnel??????\\?\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{49261078-1006-489F-B846-6D73062FC432}?????\\?\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{17B94FBC-5751-4AA4-92E6-BDD69F39CEF8}?tB??\\?\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{B42BF4A9-6AEA-431D-B8AF-C28F94F97550}?in??\\?\Root#*6TO4MP#0021#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A17F9CD0-E82D-45A6-A3F4-D08DBECDF4A1}?????\\?\Root#*6TO4MP#0022#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{2D1C22C8-0A8F-4563-9A21-B98B98D6374C}?SB??\\?\Root#*6TO4MP#0023#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5EE76FB8-FBCF-4509-AC65-998A7DBE07B5}?A7??\\?\Root#*6TO4MP#0024#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5F3857CA-03B1-46DC-995E-243E89E97AE0}?hi??\\?\Root#*6TO4MP#0025#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0D3A1162-D85F-4895-90F7-0A3A633C4D65}?????\\?\Root#*6TO4MP#0026#{ad498944-762f-11
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????B???????????????????+?s????????????? ???????o?????s?????s????????$???????????????????T??s?????????e????@%systemroot%\system32\IPBusEnum.dll,-102????????s????????h?????%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted?????T??s?????????n????@%systemroot%\system32\IPBusEnum.dll,-103???? ???s??????????????????????????????????????????????t????????s?????????????? ????????????????s???????????e??RpcSs?fdPHost????????????????s????????????????,??s???????????????????????????????????????s??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeLoadDriverPrivilege?????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????s????????,?H??? ???????????? H??s??????????????%SystemRoot%\system32\ipbusenum.dll?????????????????????????????? ???????s???????????s?????????????????????????????????p???????????????????? ??????????????(??????P?????????????????????????? ????????????????????????"?????p???????-4????X??????4??????????????? ?????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????? ????????????????????????.???????????????????s?????? ?????????????????????-??????"??????????????????????A????????y08E??? ?????????????????????-?????????????????????????n??? ?????????????????????-????????N???????????? ????????????????????????????????I x8???????????B??s-??? l??????c?????t?-???????????????????????9??????{9??????????????????????????? ???????????????????????????????????????f????????????????55B9????N??????-?????DA0??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5AF??? ???????1?????????????,????????$?f?<???????????????????????????????-8??? ?????????????????????,????????z?????#B09????$??????5???????A??Root\*6TO4MP\0100?????z??????7??????{D??\\?\Root#*6TO4MP#0100#{cac88484-7515-4c03-82e6-71a87abac361}?-??? ???????1?????????????,??N?????$?f?<???????????????????????????????3-??? ?????????????????????,????????????'????????????????????}????$??????9???????A??Root\*6TO4MP\0100????????????????D??????-4??\\?\Root#*6TO4MP#0100#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A61AFA56-124D-4488-850F-251B05536611}?2}?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????tunnel??????int?????? ????????????????????????????$?N?B?????????????????????? ???????|???????????l?:??????????W?&???????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EC8BB5FB-50CE-47D5-B1FD-BCC9E99B5DF5}] DATAGRAM 177?2??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72B0DCBF-E369-4C0D-B534-652611AF0BB2}] SEQPACKET 176???? ???y???0??????t\??????????????????????11??????????????????????????????????????????? ???????}???????????k????????"?????????????2F????N??????d????????????N?????????????????????????????? ???????}???????????k????????"??????????????????????????-????????m?????????????????????????? ???????}???????????k????????"?????????????? ??????????????????????????????? ???????}???????????k????????"???v?????????ce???????????N????????m?????????????????? ?????????????????????1????????????&????????????????????E??? ?????????????????????1?????????????????????????????B??8C??nettun.inf???s???????????????"???t??? ??????????????????????????????"??? ???????????? ??????????????????tunnel??????? "?????????????????ndi
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}?T_T??? ???????????????????????????? ?????????9}??{4d36e967-e325-11ce-bfc1-08002be10318}\0009?-C???????????}???h??disk.inf?T??????? ?????????????????????1????????????&????????????????????p??? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????????????T??ip???????????????F??9B??disk.inf?C??? ???????e?????Net??disk_install?C??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????e??et???????????B??92??disk_install?4??? ???????2??????te??.NT?et??? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????.NT?????????????????????????Microsoft???? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????Microsoft???????????????????????????????? ??????????????????6-21-2006??????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????????5}??????????{4d36e972-e325-11ce-bfc1-08002be10318}\0038?? ??{5EE76FB8-FBCF-4509-AC65-998A7DBE07B5}???????????????????????s???????????????????????????????????????O??????????? ?????????????????????1?????????????????????????????0??07??????????????????????????? ????????????????????????????????????????????s?????? ???????????????????????????????????????f??? ?????????????????????1??L????????? ???????????? ?????????????????????1????????????&???????????????????????????????? ?????????????????????1????????????????????????????? ???????????????????k?1????????????????????? ???????????????????u?1????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????ic??{77F7F122-20B0-4117-A2FB-059D1FC88256}?????????????????????????e???????????????????????????e??????????????????????????I?????? ?????????????????????1????????????????????????????Microsoft???? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ?????l???????????B??????66????N??????????????????????????1??43????N??????6?????D-1???????????T??????????????????????????????????????el???????????i??_{??_{?????????????????????????s?????????????????????????????????_????????????z??????6??6F???????????N??_{???????????F??-B????8?????????????16??????????????????????NN??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????8??BF??????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????????????A??18??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????"??{3??????????????E5??? ?????????????????????1??????????????????????????????????????????????????????(?isatap.fri??? ?????????????????????1????????????????????????????? ???????}???????????n????????"?????????????????? x??????5???????H??disk_install?C????z??????{??????15????????????N??????-????D948??? ???????0??????9F??? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????6??1F??????????? ???????/???????????????????????? ???????????2?????????????? ???????Z?????????????1??????????@?&???????????????????????????????????????usb\class_08&subclass_06&prot_50????USBSTOR_BULK????? ???????@???????????????????? ?????????????????#???????????????????? ????????????????????????????????????N??????s?????DAT??????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{51DD9AF4-EBDA-4675-B0CC-3C33B6066CFF}] SEQPACKET 141???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????? ???????????????????????????????????????f??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????1?????????????,????????$?a?<???????????????????????????????????? ?????????????????????,????????z?????#???????.????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ??????????<???????????h??????? ????????????e?????????????????e???????????????e??*6to4mp??e????????????$??????7???????E??Typ?????????????????4?????X?????????????????????*6to4mp???????????????6????????????????????????????????????????????????pip????,??????6???????}???????????s???p??????????????? ???????n????? 74????X??????1???????????t??cdrom.inf_x86_neutral_db87d184bc84f910??????Root\*6TO4MP\0105?????????????????????????????????????m??????????????????????????????????????????????B??? ???????o???????? ???????????$???H??????????????????B??????????????????????????????????????????????????? ????????????????????????????:????????g?????????????????????????????-???e??? ???????v????????????N??????????????????????????????????????i??????????????? J?????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72A22F7A-F22D-4A73-8E86-40D3230B7649}] DATAGRAM 212????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C57A70F0-5FF6-4E60-AEC4-033695019186}] SEQPACKET 211?????????????$??????t??????????????????? ?????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????????????? ???????3????????????N??????i????D?????????????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|????? ????????????????????????????&?????????????? ?????????????????????,??????????????2EF8??? ?????????????????????,??????????????32FC??? ?????????????????????,??????????????433D??? ?????????????????????,??????????????5280???????????}????????????????[\De????N??????T?????D{B??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?AGR??????#???? ?????????????????????,????????????????ev???????????????A?????? 2??? ??????????????????????????????????????????????Protocol Failures over net.tcp?Protocol Failures over net.pipe?Dispatch Failures over net.tcp?Dispatch Failures over net.pipe?Connections Dispatched over net.tcp?Connections Dispatched over net.pipe?Connections Accepted over net.tcp?Connections Accept
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????? ???j?6???j???j????????????{4d36e972-e325-11ce-bfc1-08002be10318}??{0??tunnel?9AB??????T ??6.1.7600.16385??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?EF9??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter???????N????????????D??????N??????3????D-B0??? ???????9?????B30??30??????{3???????????????????????????????e?e?g?h?h?h?l?l?l???l???????????????????????????????f?????s?f??? ??G????b??????xc??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????*6to4mp??"??*6to4mp??????????????????????5??9-??????????????????16??????16??tunnel??????????????????????????????????\Device\{07E93C2A-5908-45D1-8295-6E932D7EC916}??ac??????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB961ECA-35C7-4010-ACD2-E0F2F9CBC19D}] SEQPACKET 163??????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????s????????????????????l??????? ??????46??Microsoft???????????????????????????????????????????????24??{4d36e972-e325-11ce-bfc1-08002be10318}\0155??&????:?p????-?gA0??*6to4mp??o??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?7A8??? ??????????????? ???????????????j???????????T??????{B???????j??? p????????????FCF????8??????D??????0-??? ????????????????????N?????????????????????int?????STK02H Camera??????????????????????????????????????????w?????????g??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?1A??Microsoft-6zu4-Adapter #144??2????N???????????????????8?????????????????? ???????7?????F-E??? ???????2?????A-4??tunnel??????????-4??*6to4mp?????????FA??????????*6to4mp??????? ?????????????@machine.inf,%*pnp0c02.devicedesc%;Hauptplatinenressourcen?????????????????????s??????N??????R????D25D??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%6t
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????p???????????????????????Net???????<???????????h??????? ??????k??????????????????????text??????????????????????????????????????????*??????p????d_50??????????int???????????????P????????????n?????????????????'??el????X??????????????????n???????????B???e??nettun.inf??????PCI-Bus-Treiber???????????????(??????????u??????????????????????n|??????????????????????????????????????????????????????????*6to4mp??????????????.??s???text?l???????????????????l?p?p?p?p?p?p?q?????????????.????????????????????????????????????????X??????????t???????????????????????????????0??????????????*6to4mp?????? ??????????????????????????????????????????08???????????????????????????????B??????A1??????????????????????????? ???????????????????????????????????????f????????????????442D????N??????B?????D}"??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??"{??? ???????1?????????????,????????$?F?<???????????????????????????????22??? ?????????????????????,????????z?????#120??????#???? ?????????????????????1????????z?????????????z?????????? ??nettun.inf:
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ????????Net?????????????*6to4mp?????????????????????????????7?????N???????????D?????*6to4mp??????????????B????????)?????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Standard-Volumeschattenkopie???e???????????????????????????????????????????????????????????????????????????????Net???????????????????????????????????????X??????????t??????????????????????LocalSystem?????????????????????????? ???????@????????????????????$?N?_???????????????????????????????N?????????????????????? P?????????????????{B3951ABB-815B-4566-96B2-214A289E160D}??%i????*??????a????d%;M??TCPIP6TUNNEL?Tcpip6?????\Device\{B3951ABB-815B-4566-96B2-214A289E160D}???R??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter???????8?????????????16??tunnel??????*6to4mp?tt???????????????????????????????????????????????????????????????e??????? ???????U?????????????,????????$?:?<???????????????????????????????74???????????????e??????Volume?ED6??fritz.box???????????????????????s????? ??????{??37??????????????????????????????????????????d?????&??????l?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ???0?5??{4d36e96a-e325-11ce-bfc1-08002be10318}\0000?? ??? ?????????????5?????!????0?????N???$????????????????????????5?5????????? ???????4?????4???????1??L????????? ??????0?0?????4???4???0????????? ???????0?????5???????1????????????&??????????????????????????-???-???6??????????0??@???????????6?6?6???5?5?????6?6?????5?5?5??????????????????????s???? ???????l??????e2?????0?V??????nvcod165.dll,NVCoInstaller???????????; ??????????-?????????????)?????????????????????s??????????????????? ???????0???????????0??????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?riv?????5???????????????0?????????0??? ???????0?????0???????1??????????????????????????????????????,??0??????????? ???????0???????????#?1?????????????????????????0???????0??Microsoft????????0???????????s??????????? ???0??????????????6-21-2006??????0???????0?????0??? ???????0?????0???????1????????????????????? ???????0???????????#?1?????????????????????????????a??LS???????0???0???0??? ???0??? ???????.??6.1.7600.16385??????? ???????0?????0???????1???????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ???0?V???5?6?0????"??0?????????????????e?????\?`??????`?????????????*6to4mp?-4???????????8??????F2??Processor???11??????????????????????11???????????????????e???????????????-???????-???e?e?@??????0????????????f????*??0???????????????????????????0???????????????????????????????????????????e???????????????????????????????6???????????.???????.???.??mouclass????MEDIA???oem8.inf?????????????????????????5???????0???.???????.??4&2cd2afe8&0?7????>??8???.?g?.???8?9?4???e?eA?????P?????????????? ???????.?????v??????????$?????????5???????????????????????????_???????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7A9288A-8746-41F3-948C-B0B068C12091}] SEQPACKET 1????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????<??5?????????2???
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ???0?V??????nvcod165.dll,NVCoInstaller???????????; ??????????-?????????????)?????????????????????s??????????????????? ???????0???????????0??????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?riv?????5???????????????0?????????0??? ???????0?????0???????1??????????????????????????????????????,??0??????????? ???????0???????????#?1?????????????????????????0???????0??Microsoft????????0???????????s??????????? ???0??????????????6-21-2006??????0???????0?????0??? ???????0?????0???????1????????????????????? ???????0???????????#?1?????????????????????????????a??LS???????0???0???0??? ???0??? ???????.??6.1.7600.16385??????? ???????0?????0???????1????????????????????? ???????0???????????%?1???????????????????????0?????????????S??SC???????0???0???e??6.1.7600.16385?5D-???????0???5??s0??USB?53???.?.?.?.?.?.?.?.?.?4?0?0?0????>??0???r?g?0??@usbport.inf,%intel.mfg%;Intel???0????,??0??????????????pci\ven_8086&dev_293a????0?0?0?0?0?0?0?0?0?0?$??? ???????0?????0???????1????????????????????? ?0???0???$???0???0???0???0???0???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n?n???????????n?????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1??????????????????????????????R??n????????h?????????????????????e??????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????@%SystemRoot%\system32\clfs.sys,-100???????????????????n????? ???????n?????n???????1????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????g?1???????????????????????????????????????????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????@%SystemRoot%\system32\clfs.sys,-101???????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????????<???????????????AdapterNameClass?s?????n????? ???????f????????????????.??????? ????B????? ???????n??????????????????????????????????????????? ???????n?????n?????m????"?????????????????????????????????t??????????????????????????????????,%m???????????????p????"??n??????p????????w???????????????????????n???????m?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???q?????????????d?????????V2A??????????????e5???????l??Cryptography???????????????np????????????????????????s??????p???????????????????????????????????????????????g????????/????????????????????????????????????P??n????????h?????\SystemRoot\system32\DRIVERS\isapnp.sys???????$??n??????p???Boot Bus Extender?????R??n???????????d??machine.inf_x86_neutral_65848c2d7375a720?????l?n?n?n?n?n?n??? ??????????????g?????8??n????????h??????????????o???o??????????????\SystemRoot\system32\DRIVERS\agp440.sys????????o????Intel AHCI Controller????o???????n???0??e2?????o???????s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????n???$|??d????????????????????????????<??????0?g?????????????????????????@???????e??System?????????b????srvnet???????????????p?????s1F??tunnel??-B?????b?????b?b?b????X??f???s???l???????????????????????????????b?????????e????%SystemRoot%\System32\WDI\LogFiles\WdiContextLog.etl????ssmdrv?t????? ?????????????b??????????????????T?????????? ???????b?????b???????,???????????? ???????????? ???????b?????b???????,?? ????????? ???????????? ???????b???????????b?;????????@????????c??Dot3svc?????? @??b??????????e???Ethernet Authentication Service??????b?b????? ???????b???????????b?,????????^?????????????^??b??????????CreateSession,Logon,Logoff,StartShell,EndShell??????? *??b??????????e???Group Policy Service?????b?b?b???????b?????????e????gpsvc???SENS?????b??? ???????b???????????b?0?????????????????????b?b?b???b???????????????????b???A??????Logon,Logoff?????????b?????????e????ProfSvc??????????b???????????A??? ???????b???????????b?0????????????????????? 4??b??????????e???System Event Notification????????b??????????Shu
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???np????????????????????????s??????p???????????????????????????????????????????????g????????/????????????????????????????????????P??n????????h?????\SystemRoot\system32\DRIVERS\isapnp.sys???????$??n??????p???Boot Bus Extender?????R??n???????????d??machine.inf_x86_neutral_65848c2d7375a720?????l?n?n?n?n?n?n??? ??????????????g?????8??n????????h??????????????o???o??????????????\SystemRoot\system32\DRIVERS\agp440.sys????????o????Intel AHCI Controller????o???????n???0??e2?????o???????s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2???????????????????v????\??o?????????n????????????g???????????????????????t????????o??????p???????????????????system32\DRIVERS\lltdio.sys?????@%systemroot%\system32\drivers\luafv.sys,-100???FSFilter Virtualization?????tunnel???A???? ??e???\??pi??ip??Extended base?????&??o?????????e????????????????t???\SystemRoot\system32\drivers\luafv.sys????????????????????????????????????????????????????????????????????????????P??o????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??/???????o??????p???SCS
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????p?????????????????????????????<????????g????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#???????????????? ????????????????????????????????????????????sCC0??? ??????????????????????????????????????????? ?????????????????????1??L????????? ??????u?u????????????????s\Sy??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?}#????N??????e????D\ae??????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????F??3E??????????????????? ?????????????????????1???????????????????????????????????\????? ?????????????????????1????????????????????? ??????????????x???Microsoft???????????? ???????? ????????????1????????????&????????????????????_??? ?????????????????????1???????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???k?p????N??k???.?????????????????????????s???????????????????????????? ??????????s????LegacyDriver???????o?u???k??Net??l???k???????????????k??????????? ???j???1?????1?1???k?????????????????s??????????????????????????????????????????8??p????????h?????LegacyDriver?e??system32\DRIVERS\bowser.sys???????X??????????????????????????????????????????????????????????????k?k?k??????????? ???h???.???????????j?k?k?k?k?k?k???j?k?k?k?k?k?k??ROOT\vdrvroot??9BC????8??k????????h??????????k???_??ee???????????k???l?l?k???t?t?????????k???????????????????????????????????k??????s????????????????????C???????????k???l?l?1??? ???????t???????????????????????????k??????????????????????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}\0005??????????k??????s???text????Microsoft????`?b?i?k?k?k?k????N??k????????D??????g?j?k?k?????k???l?l??????????????????????????<??l?????g?????????????3???????e?g?k?k?k???k???????????t??? ???????????????????t???l?l?1??{00000000-0000-0000-0000-000000000000}???????????k???????????????k??????s??????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???l?n???u???????????l??????????????@machine.inf,%gendev_mfg%;(Standardsystemger?te)?s)?????@volsnap.inf,%msft%;Microsoft??????????????????s???????????????????????q?????l???????????????????????i??????????Microsoft????????????????????l????:??l???m?g?m???????????????????????????????????????????n??????????????????????@netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP)?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ??????????????x???WAN Miniport (IP)????????????5???????????????????????????????/??????? ??????????????x????????????5???????????????v??????????????????????????????? ???????k?????l?????k????????????6? ?????????????X??????s???????l??? ???????l???????????k??????????P????????????????????s?????sl,??Microsoft??????l?&??{00000000-0000-0000-0000-000000000000}?apt????X??????i???\???????????5???????v??????????gencdrom????????????????t????l??????????????????machine.inf:GENDEV_SYS.NTx86:MSSMBIOS_DRV:6.1.7600.16385:root\mssmbios???????????h???5??????? ???????k?????l?????k????????????9? ???????Dt??? z????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ???p?????????l???1???????????????n??or???????????????1???l?l????t??????l????? ???????l?????l???????1????????????????????????????t???? ???????l???????????g?1??????????????????????X??m????????????P??p?????????n???????????l????? ???????l?????l???????1???????????????????????l???l???l????????? ???????l???????????h?1??????????????????????N??????.????D??????????l???u???????2?????l????? ???????l?????l???????1????????????&??????????????????????????l???l????? ???????l?????l???????1????????????????????? ???????l???????????i?1??????????????????????X??m??????????.NTx86???3???????????????p?????????l????? ???????l?????l???????1?????????????????????l?l????t???? ???????l???????????i?1?????????????????????????l????????????????X??????o???e???????l???????1???????????E?????sE#?????l????? ???????l?????l???????1?????????????????????????????3???????e??? ???????l???????????i?1????????R?????????????????????????????X??????5?g?5???????????????????n?????????????m?????????p?????l????? ???????l?????l???????1????????????????????? ???????l?
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???l?n????N??k????????D?? ????X??l???0???0????????????????????N??l????????Dt?????????????????????R?????????????t??????????X??l???????e??????????????????? ???????,???????u???????p???????????????????????d????????????????N??l?????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????g?g?g?g?g?h?l?l?l?l?l?????????????????????????????????????????????n?u???k?k?k???l??? ???????k?????l?????k????????????)????????S????? .??k??????????????? ???????l??????????????????????N????????????????j???s???????????k??????????????????????????? ??????????????x????l?l?l?????????????????????l?&??@%SystemRoot%\system32\tcpipcfg.dll,-50004?a27????r??m???4?g?4??????a3???l?l???????????????????????k?&??? ???????k?????l?????k????????????*??????????V??? ??????????????????? ???????l???????????k??????????N???????????? ???????l???????????k??????????N??????????????l?&??? X???????????????????N??m???-????D11c???????4???????l??????????STORAGE\Volume?????????????~????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????ms_agilevpnmini
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ???p?????????????~???????????p???,???????????????D??system32\DRIVERS\ndisuio.sys???????p????????????????????????????????Net??????????????s??s??????????????.0???5???.NT??????????????????????p??LocalSystem???????6??p?????????e????i8042prt?}??????????????????????????????????????????????????????t???????????.NT?Vo??? ???????o???????????p????????$???N???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t????? ??U??????p?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?O??????k??@%SystemRoot%\syste
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ???k?????????????????????t???????????????????????????????{???????????????????????????????{????????????????????????P???????????h?????????????????t????????{???????z???y???????????t???i???t???????z???????z???????z???????z??? ???????t???????????t????????(??????????????????????????????'???????????'??? ???????t???????????t????????F????? ???????????? ??????????????g????#?????????????????????????c????3700??????????????????????????c????????????????????????????????t???t?????!??<?????????????????????c????????????????????????????c?????? ??Z??????p??????????????????????????????????????????????????s?????????????'???????'???"??????????????????????????????????<????????????????????????????????????????????t???!????????????????????????c??????????????????????????????????t??????????????????<????'???????????????'???"??????????????????????????????? ???????????????????????????????????'???????????????'???!??<?????????????????????c?????5110?,????????????????????????c?????? ???????'??????????????????????????????????<????'?????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???n??????b??n?????????n?????????????????????4??t5???????????????????????????n??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100?????????????????????????????u??????????????????????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001??????Z??????5????h00}????~????????????e?i???????????????????????????????????{??????????????????????t???usb.inf?????????????@%SystemRoot%\system32\drivers\fltmgr.sys,-10000?????????????5?g1c??System32\DRIVERS\fvevol.sys?????IP Network Address Translator????????n???-??25????<??p????????h??????????????????????????u??????{3??????{3???????*???????p??????p?????8??n????????h??????????????u???????+??????????????????????????????????????????????usbccgp?????????????????????t???????????????t????n?n?n?n?n?n?n???????????????????????????????v???v????????????????????????????????????????R??n????????h?????\SystemRoot\system32\DRIVERS\elxstor.sys?0???????n??????p???SCSI Miniport?????R??n???????????d??elxstor.inf_x86_neutral_4263942b9dfe9077?????n?n?n?n?n?n??????????????????????$??n?????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2???????????????????v????\??o?????????n????????????g???????????????????????t????????o??????p???????????????????system32\DRIVERS\lltdio.sys?????@%systemroot%\system32\drivers\luafv.sys,-100???FSFilter Virtualization?????tunnel???A???? ??e???\??pi??ip??Extended base?????&??o?????????e????????????????t???\SystemRoot\system32\drivers\luafv.sys????????????????????????????????????????????????????????????????????????????P??o????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??/???????o??????p???SCSI Miniport?????P??o???????????d??lsi_fc.inf_x86_neutral_a7088f3644ca646a??????o?o?o?o?o?o????????????????t?????????????????????????????????????????R??o????????h????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???s?t??system32\DRIVERS\netbios.sys?????s?s?s?s?s?s?s??????????????t?????????????????????m??????t????????)?r????????t???s?????s?????????t??????????tunnel???????????????????????????B???????u???t??? ???????o???????????s??????????^?????????????^??s?????????e????@%SystemRoot%\system32\drivers\irenum.sys,-100????????????????????????????8??s????????h?????system32\drivers\irenum.sys??????????????+???+????????????????????^??s?????????n????@%SystemRoot%\system32\drivers\irenum.sys,-101???????s?s?s?s?s?s????? ???????o???????????n??????????R????????????????s???????:??? D??s???????????????????????n????????m??????????u??system32\drivers\rdpencdd.sys????????s?????????e?????????????????????????????????????????????t??? D????????????????????????????????????l?????????p???????????????????t???t??? ???????o?????s?????s??????????R???????????@%systemroot%\system32\wkssvc.dll,-1001?????System32\DRIVERS\RDPCDD.sys?????@%systemroot%\system32\drivers\RDPENCDD.sys,-101??????b??t?????????n???????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???V?{????<????????g?????g?i?l???????????l?l?l???????????6??.1???i?k?i??{72631e54-78a4-11d0-bcf7-00aa00b7b32a}\0001????????????????????s???????????????????s?????h?i?k???????????????????????????????????????????;???????i??{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????8???????_?i?i?i?i?i?i??? F??i???0?????#{e???7?i?i?i?????j???????d???????e???????????????i???k?k???????????????????????????????????s?-????X??l???&???&???????????????i???y??sv??? ??i???????????????????~?}?????i??????????????? ???m????????????????N??n?????????e?????????????????????8??????-C???????j??????s????????????????s?s?o???????????????????F??????A5???????i??????s???{4d36e97d-e325-11ce-bfc1-08002be10318}\0008?????@compositebus.inf,%msft%;Microsoft??????????????????t??????????????????????????s?????W?h?j?i????????STORAGE\Volume???c??LegacyDriver??????????????????????N??i????????D?????????????? ?????? M??STORAGE\Volume???????????????~???????????????Z???????????????????y??s?????N??l?????????D?????????e???????e??? ???m??? ???????4????N??j?????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???W????? l??????????????????????????????q????????~??l???3????????<??????|?g????????????????????????????????????????????drmkaud??????????l???3??????????????????????????????machine.inf:GENDEV_SYS.NTx86:SWENUM:6.1.7600.16385:root\swenum?:GE???????????????????l?l?????????l??????????PnP-Softwareger?te-Enumerator????l?l?l???????????????e???????????3??????root\swenum??????l?l????Microsoft???? ???????l???????????l????????????????????????s???????<??????????D??????? ???????l???????????????????????????????f???????l??????? ???????l?????l???????1??L????????? ??????????????l???l???l????????? ???????l?????l???????1????????????&???????????????????????? ???????l?????l???????1????????????????????? ???????l???????????k?1?????????????????????????????????????????l???3???????l?l???????l????? ???????l?????l???????1???????????????????????l???l????? ???????l???????????k?1?????????????????????l?l?l?l?l?l?l?l?l??root\rdp_kbd?????l?????l????? ???????l?????l???????1????????????&??????????????????????????l???l????? ???????l?????l???????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???p?{???w?w?w???????p???????p??????????????????????t???? ???????????????????? ??p??????????system32\DRIVERS\mrxsmb10.sys????????????????????B???????????????????? ??`??????p????????????????}??? ??????????????r????????????????????????? ??j?????????t??????????????????????????T???????????h??????r?r?p??? ???????p???????????p??????????????????????????????4?? ?????????? ????\???????????????????? ??????????????????????????? ??????? ????????p?????o???o???p????????? ???????o???????????m??????????T?4??????????????????????????p??\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk-Filtertreiber????????p??????p???Pnp Filter???????p?p?p?p?p?p?p???????u???????????????????p??? ???????o??????????????????????P?6??????????????q??????????????????????????????@%systemroot%\system32\wkssvc.dll,-1004??????????q???????u????6??p????????h??????????p??????op???????????????????????????B??????????????t???????????i8042prt???????p?????p??system32\DRIVERS\msisadrv.sys???disk.inf????????????????????????????????????????t??
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
|
|
13.05.2011, 23:16
| #25 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Entpacken mit Winrar ging nur auf einem anderen PC. ERhielt hier Fehlermeldungen. Osam jetzt ausgeführt. Führe jetzt dann den nächsten Scan aus. Jetzt aber erst mal das OSAM-Ergebnis: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:13:12 on 14.05.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003Core.job" - "Google Inc." - C:\Users\Helihausen\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003UA.job" - "Google Inc." - C:\Users\Helihausen\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Bjoern\AppData\Local\Temp\catchme.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "STK02H Camera" (DCamUSBSTK02H) - "Syntek Ltd." - C:\Windows\System32\DRIVERS\STK02HW2.sys "ugriipow" (ugriipow) - ? - C:\Users\Bjoern\AppData\Local\Temp\ugriipow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - ? - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll (File not found) {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - ? - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll (File not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - ? - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (File not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab Garmin Communicator Plug-In "Garmin Communicator Plug-In" - ? - (File not found | COM-object registry key not found) / https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" "UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" "YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\YouCamTray.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Realtek11nSU" (Realtek11nSU) - "Realtek" - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\wtgservice.exe (File found, but it contains no detailed information) "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
13.05.2011, 23:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Vorranging 7zip nutzen, ist auch lizenzkostenfrei da OpenSource. Obwohl WinRAR i.A. ein sehr gutes Packprogramm ist. Du hast OSAM jetzt aber auf dem Problem-PC ausgeführt oder? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 23:25
| #27 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? MBR bin ich nicht bist zur Texttdatei gekommen. MBR Status ist Unkown MBR coden Found non-standard or infected MBR. Enter Y and hit Enter for more options, or N to exit: |
|
13.05.2011, 23:26
| #28 | |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
|
|
13.05.2011, 23:50
| #29 | |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
|
|
14.05.2011, 00:05
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Du solltest das Log von mbrcheck auch komplett posten. Natürlich N to exit.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? |
| anti-malware, automatisch, befall, dateien, desktop, detected, diverse, explorer, festplatte, infected, leer, link, link geklickt, log, maleware, malwarebytes, musik, neu, nicht mehr, ordner, problem, programme, rechner, scan, sicherheit, system |
Linear-Darstellung
