Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Virus - Ukash 100€ (https://www.trojaner-board.de/104912-bka-virus-ukash-100-a.html)

Tussiontour 16.11.2011 23:13
Combofix Logfile:
Code:
ComboFix 11-11-15.06 - Lisa 16.11.2011  16:29:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3069.1636 [GMT 1:00]
ausgeführt von:: c:\users\Lisa\Documents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: McAfee VirusScan *Disabled/Outdated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Roaming
c:\users\Lisa\AppData\Roaming\AcroIEHelpe.txt
c:\users\Lisa\AppData\Roaming\srvblck2.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-16 bis 2011-11-16  ))))))))))))))))))))))))))))))
.
.
2011-11-16 15:48 . 2011-11-16 22:03        --------        d-----w-        c:\users\Lisa\AppData\Local\temp
2011-11-16 15:48 . 2011-11-16 15:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-15 23:03 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AF85F42-F669-412F-B0F9-17C5A8533B63}\mpengine.dll
2011-11-09 21:58 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:58 . 2011-09-20 21:02        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:58 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-11-09 18:39 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2541E9C-4FA8-439A-B1C4-A2A6BC3CD386}\mpengine.dll
2011-11-08 13:23 . 2011-11-08 13:23        --------        d-----w-        c:\program files\ESET
2011-11-04 16:33 . 2011-11-14 22:11        --------        d-----w-        c:\users\Lisa\AppData\Roaming\toolplugin
2011-10-22 15:47 . 2011-10-22 15:47        --------        d-----w-        c:\program files\iPod
2011-10-22 15:29 . 2011-10-22 15:29        --------        d-----w-        c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 22:50 . 2009-09-17 19:45        226280        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2011-11-04 16:33 . 2011-06-29 10:59        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 12:36 . 2011-10-15 12:38        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BBA24EB-CD6C-44D8-ADD9-8DA2BAF3306F}\gapaengine.dll
2011-10-07 03:48 . 2011-10-15 12:37        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-06 13:30 . 2011-10-15 12:45        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05        83816        ----a-w-        c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05        73064        ----a-w-        c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05        178536        ----a-w-        c:\windows\system32\dnssdX.dll
2011-08-25 16:15 . 2011-10-15 12:36        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-15 12:36        238080        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-15 12:36        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-15 12:36        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-08-30 15:13 . 2011-05-10 12:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2011-07-28 1851224]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-05-07 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-5-7 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
Radio.fx.LNK - c:\program files\Tobit Radio.fx\Client\rfx-client.exe [2010-4-24 6665048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-05-07 01:26        3024384        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKslbdf87dc9;MpKslbdf87dc9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AF85F42-F669-412F-B0F9-17C5A8533B63}\MpKslbdf87dc9.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98ecebc4803b3;Google Update Service (gupdate1c98ecebc4803b3);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-03-13 80912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-05-07 43184]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/04/14 23:40];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 15:43 87536]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-07 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-08-02 3630936]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-02-15 595248]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-02-15 40752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55        7680        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 11:43]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:04]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:04]
.
2011-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-22 11:32]
.
2011-11-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-22 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1212080657
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\dntk5kcx.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-77067914.sys
AddRemove-toolplugin - c:\users\Lisa\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-16 23:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4172)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-16  23:09:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-16 22:09
.
Vor Suchlauf: 17 Verzeichnis(se), 14.835.601.408 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 14.024.179.712 Bytes frei
.
- - End Of File - - BB5EBBD497395CA7F328E5CD76B372E7
--- --- ---

cosinus 17.11.2011 09:16
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Tussiontour 18.11.2011 23:07
Ich hab jetzt erstmal nur den GMER log, weil OSAM bekomm ich nicht umgewandelt und bei aswMBR.exe startet mein laptop immer wieder neu.

GMER Logfile:
Code:
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-18 07:36:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: kh99uish.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\fwdyakow.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwCreateFile [0x90B489BE]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwCreateProcess [0x90B48958]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwCreateProcessEx [0x90B4896C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwNotifyChangeKey [0x90B489E8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwOpenProcess [0x90B48930]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwOpenThread [0x90B48944]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwProtectVirtualMemory [0x90B489D2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwReplaceKey [0x90B48A10]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwRestoreKey [0x90B489FC]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwSetContextThread [0x90B489AA]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwSetInformationProcess [0x90B48996]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwTerminateProcess [0x90B4891C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            ZwCreateUserProcess [0x90B48982]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)            NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwNotifyChangeKey                                                                          82DDE609 5 Bytes  JMP 90B489EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateUserProcess                                                                        82DE8C11 5 Bytes  JMP 90B48986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                          82E10143 5 Bytes  JMP 90B48920 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetInformationProcess                                                                    82E338C8 5 Bytes  JMP 90B4899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                      82E392DD 7 Bytes  JMP 90B489D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenThread                                                                                82E3B4FA 5 Bytes  JMP 90B48948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenProcess                                                                              82E3FFA8 5 Bytes  JMP 90B48934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                                82E6133B 5 Bytes  JMP 90B489C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRestoreKey                                                                                82E71DB2 5 Bytes  JMP 90B48A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwReplaceKey                                                                                82E72FB6 5 Bytes  JMP 90B48A14 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                            82EB0D7F 5 Bytes  JMP 90B4895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                          82EB0DCA 7 Bytes  JMP 90B48970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetContextThread                                                                          82EB1883 5 Bytes  JMP 90B489AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                section is writeable [0x8EC08340, 0x3D50E7, 0xE8000020]
.text          C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                    section is writeable [0xACC09000, 0x2892, 0xE8000020]
.vmp2          C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                    entry point in ".vmp2" section [0xACC2C050]

---- User code sections - GMER 1.0.15 ----

.text          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2924] kernel32.dll!LoadLibraryW                          75629400 5 Bytes  JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2924] kernel32.dll!LoadLibraryA                          7562957C 5 Bytes  JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text          C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[3636] kernel32.dll!SetUnhandledExceptionFilter    7562A8C5 5 Bytes  JMP 006415D0 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [739C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                    [73A1A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                [739CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]          [739BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                    [739C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [739BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]      [739F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]        [739CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                [739BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [739BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                  [739B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]          [73A4CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]              [739EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                [739BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                          [739B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [739B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]            [739C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]              [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]  [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]            [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT            C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]              [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                  mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                  Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@0012ee9d188a                0x4E 0x6C 0x6A 0xE1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@0012ee98e70e                0x99 0x7F 0x14 0x45 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@001e45a429b9                0x4B 0x81 0x36 0x19 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@00219e8ab766                0xF3 0x2B 0x1B 0xA2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@00234573fc64                0xAB 0xC7 0xC9 0x78 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@0019637c5ea6                0x25 0x4E 0x14 0x1F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@001fe439a043                0xF6 0x43 0xF8 0xC9 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec5c55@0024ef708389                0x50 0x32 0xB7 0x90 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55 (not active ControlSet)         
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@0012ee9d188a                    0x4E 0x6C 0x6A 0xE1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@0012ee98e70e                    0x99 0x7F 0x14 0x45 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@001e45a429b9                    0x4B 0x81 0x36 0x19 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@00219e8ab766                    0xF3 0x2B 0x1B 0xA2 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@00234573fc64                    0xAB 0xC7 0xC9 0x78 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@0019637c5ea6                    0x25 0x4E 0x14 0x1F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@001fe439a043                    0xF6 0x43 0xF8 0xC9 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec5c55@0024ef708389                    0x50 0x32 0xB7 0x90 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 20.11.2011 12:15
Zitat:
weil OSAM bekomm ich nicht umgewandelt
Was willst du da umwandeln?

Tussiontour 20.11.2011 23:17
Ich kann es nicht entpacken.

cosinus 21.11.2011 10:52
Dazu hab ich extra einen Hinweis in die Anleitung gepackt!!

Zitat:
Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Tussiontour 24.11.2011 16:25
Ja, das hab ich gelesen und hab es auch versucht damit zu entpacken aber wenn es dann entpackt ist, kann ich es nicht öffnen.

cosinus 24.11.2011 17:08
Dann ist es aber verwirrend zu schreiben "ich kann es nicht umwandeln"
Wenn du es nicht ausführen kannst ist das eine andere Geschichte.l Achte darauf, dass der Virenscanner vor dem Ausführen deaktiviert ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:42 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129