| |
| |||||||
Log-Analyse und Auswertung: GMER Auswertung meines Systems?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.11.2011, 01:52
| #1 |
 |  GMER Auswertung meines Systems? Hallo Leute, ich hatte einige Viren auf dem Rechner, keine Ahnung woher. Surfe nur auf bekannten Seiten. Konnte jetz alle mit Malwarebytes entfernen. Es waren Passwort Trojaner in der Registry. Dann noch dll Dateien im Appdata Ordner und auch eine .exe Datei. Jetz habe ich mich hier eingelesen und mein System mit GMER checken lassen. Kann mit der Logfile jedoch nichts anfangen. Könnt ihr mir da helfen? Oder soll ich doch lieber formatieren da ich auch Onlinebanking betreibe? Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-29 01:50:30
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1
Running: l4owi2kc.exe; Driver: C:\Users\Selcuk\AppData\Local\Temp\pfdiqpog.sys
---- System - GMER 1.0.15 ----
SSDT 93258FC6 ZwCreateSection
SSDT 93258FD0 ZwRequestWaitReplyPort
SSDT 93258FCB ZwSetContextThread
SSDT 93258FD5 ZwSetSecurityObject
SSDT 93258FDA ZwSystemDebugControl
SSDT 93258F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 830359C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830554E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8305C85C 2 Bytes [C6, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 14C2 8305C85F 1 Byte [93]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8305CBB8 4 Bytes [D0, 8F, 25, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8305CBFC 4 Bytes [CB, 8F, 25, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8305CC78 4 Bytes [D5, 8F, 25, 93]
.text ...
? System32\drivers\mkgeue.sys Das System kann den angegebenen Pfad nicht finden. !
.text kernel32.dll!CreateProcessW 76C2204D 6 Bytes [FF, 25, 1E, 00, A8, 71] {JMP [0x71a8001e]}
.text kernel32.dll!CreateProcessA 76C22082 6 Bytes [FF, 25, 1E, 00, AE, 71] {JMP [0x71ae001e]}
.text KernelBase.dll!FreeLibrary + B3 75EB8B4D 4 Bytes [0A, 00, 3F, 00]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[312] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[312] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\lsm.exe[572] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\lsm.exe[572] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\winlogon.exe[596] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\winlogon.exe[596] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[620] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[620] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\svchost.exe[872] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\svchost.exe[872] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[996] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[996] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\spoolsv.exe[1384] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\spoolsv.exe[1384] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1504] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1504] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1524] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1524] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\taskhost.exe[1552] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Windows\system32\taskhost.exe[1552] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\Dwm.exe[1600] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71990F5A
.text C:\Windows\system32\Dwm.exe[1600] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\taskeng.exe[1612] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\taskeng.exe[1612] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\Explorer.EXE[1640] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Windows\Explorer.EXE[1640] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1932] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1932] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1948] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1948] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1964] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1964] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1976] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1976] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2232] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2232] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\igfxext.exe[2340] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\igfxext.exe[2340] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\igfxsrvc.exe[2376] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\igfxsrvc.exe[2376] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\conhost.exe[2596] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\conhost.exe[2596] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\svchost.exe[2856] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\svchost.exe[2856] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2980] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2980] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\rundll32.exe[3028] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\rundll32.exe[3028] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3116] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3116] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3164] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3164] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3220] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3220] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3312] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3312] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\igfxtray.exe[3336] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\igfxtray.exe[3336] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\hkcmd.exe[3344] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\hkcmd.exe[3344] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\igfxpers.exe[3380] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\igfxpers.exe[3380] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\svchost.exe[3556] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\System32\svchost.exe[3556] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3604] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3604] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3792] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3792] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 719B0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\DllHost.exe[4008] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\DllHost.exe[4008] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[4080] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A50F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[4080] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\wuauclt.exe[4264] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\wuauclt.exe[4264] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\PROGRA~1\samsung\SAMSUN~1\SUPNOT~1.EXE[4808] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A90F5A
.text C:\PROGRA~1\samsung\SAMSUN~1\SUPNOT~1.EXE[4808] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[4900] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[4900] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\taskhost.exe[5180] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskhost.exe[5180] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A40F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AE0F5A
.text C:\Users\Selcuk\Downloads\l4owi2kc.exe[12068] kernel32.dll!CreateProcessW 76C2204D 6 Bytes JMP 71A90F5A
.text C:\Users\Selcuk\Downloads\l4owi2kc.exe[12068] kernel32.dll!CreateProcessA 76C22082 6 Bytes JMP 71AF0F5A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[3028] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3028] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3028] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3028] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[5456] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Geändert von Doggy81 (29.11.2011 um 01:58 Uhr) |
|
29.11.2011, 13:08
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMER Auswertung meines Systems?Zitat:
__________________ |
|
29.11.2011, 13:39
| #3 |
| | GMER Auswertung meines Systems? Hi,
__________________also ich hab das nur wie in der Anleitung beschrieben per copy in die Zwischenablage kopiert und hier eingefügt. Aber das war mir zu heikel, innerhalb von 2 Stunden hab ich jetz den PC Formatiert und Win7 neu installiert. Ist mir sicherer. Ich habe jedoch lediglich Partition C: formatiert... D: habe ich so belassen. Darauf befanden sich allerdings nur Bilder etc. also keine ausführbaren Dateien. Nach der Installation habe ich nun ohne Internet Connection Spybot installiert und alles immunisiert. Danach Antivir und jetz noch Malwarebytes. Ich hoffe das reicht als Schutz?? Allerdings habe ich die Liveprotection von Spybot deaktiviert, daß nervt ja extrem. Gruß |
|
| Themen zu GMER Auswertung meines Systems? |
| .dll, adobe, auswertung, bonjour, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, checken, dllhost.exe, ebanking, explorer.exe, formatieren, harddisk, locker, logfile, lsass.exe, malwarebytes, mbamservice.exe, microsoft, passwort, realtek, rundll, scan, services.exe, svchost.exe, system, taskhost.exe, temp, trojaner, viren, winlogon.exe, wmp, wuauclt.exe |
Linear-Darstellung
