| |
| |||||||
Log-Analyse und Auswertung: Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUALWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.07.2012, 16:48
| #31 |
 |  Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Hallo Arne R-Firewall = Windows7 FirewallControl? habe die Windows7 FirewallControl nur drauf da die mir zeigt welche Programme auf Netz zugreifen und ich evtl. Speeren kann. Oder soll ich das anders machen? Windows-Firewall läuft sonst auch. |
|
26.07.2012, 22:12
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Nein, R-Firewall ist etwas anderes! => R-Firewall, Download bei heise
__________________Man sollte das wirklich nicht mit diesen Dingen übertreiben, man kann sich ungeahnte Probleme und neue Sicherheitslöcher einhanndeln! Belass es bei der normalen Windows-Firewall und gut!
__________________ |
|
28.07.2012, 07:56
| #33 |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL o.K.
__________________ |
|
28.07.2012, 22:20
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.07.2012, 09:37
| #35 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL 1.Teil erledigt Zitat:
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:34:04 on 29.07.2012 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe [Common] -----( %SystemRoot%\Tasks )----- "Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe "avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe "Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe "Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL "scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl "wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ColorManagement" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\ColorMgmt.cpl "Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl "QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "A4Tech PS/2 Port Mouse Driver" (Amps2prt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys "AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys "ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys (File not found) "DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys "Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\dokan.sys "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "HDPrfDrv" (HDPrfDrv) - "Matthias Withopf" - C:\WINDOWS\system32\HDPrfDrv-1.sys "ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys (File signed by Microsoft | File found, but it contains no detailed information) "mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\system32\mbmiodrvr.sys "MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys "NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys (File signed by Microsoft | File found, but it contains no detailed information) "NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PortTalk" (PortTalk) - "Beyond Logic hxxp://www.beyondlogic.org" - C:\WINDOWS\system32\Drivers\PtbTalk.sys "PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RT2500 USB Wireless LAN Driver" (RT2500USB) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\rt2500usb.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys "StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys "StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys "TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys "TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys "TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys "VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys (File not found) "Windows7FirewallControl" (Windows7FirewallControl) - ? - C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys (File found, but it contains no detailed information) "WinRing0 driver" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\WINDOWS\system32\Drivers\ptbring0.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {BDAA6E01-669F-4783-8831-1648CEB8A16C} "Phoenix Backup Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll DefragglerShellExtension "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll {EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203 {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750 {166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll {2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll {7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\Buyertools Reminder\IEButtonBuyertoolsInterface.dll (File found, but it contains no detailed information) {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" - ? - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll (File found, but it contains no detailed information) {2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? - (File not found | COM-object registry key not found) [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll "url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe (Shortcut exists | File exists) "Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe" "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun "SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" "Start WingMan Profiler" - "Logitech Inc." - C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL "Canon BJ Language Monitor S820" - "CANON INC." - C:\WINDOWS\system32\CNMLM3k.DLL "FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll (File not found) "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe "Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Poweroff" (Poweroff) - "Jorgen Bosman" - C:\WINDOWS\system32\poweroff.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe "Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe "Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe "ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\ThreatFire\TFService.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe "Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] |
|
29.07.2012, 14:23
| #36 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Gmer 1:teil Zitat:
|
|
29.07.2012, 14:26
| #37 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER 2:Teil Zitat:
|
|
29.07.2012, 14:27
| #38 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Gmer 3:teil Zitat:
|
|
29.07.2012, 14:29
| #39 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Gmer 4.teil Zitat:
|
|
29.07.2012, 14:35
| #40 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER 5.Teil Zitat:
|
|
29.07.2012, 14:37
| #41 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER Teil 6 Zitat:
|
|
29.07.2012, 14:39
| #42 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER Teil 7 Zitat:
|
|
29.07.2012, 14:40
| #43 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER Teil 8 Zitat:
|
|
29.07.2012, 14:41
| #44 | |
| | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL GMER Teil9 Zitat:
|
|
29.07.2012, 19:07
| #45 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL Über neun Postings ein Log zu verteilen ist nicht mehr wirklich sinnvoll  Wenn die Logs so groß, dann zippen und hier anhängen, aber wirklich nur dann wenn die Logs so eine Größe haben! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL |
| adobe, adobe flashplayer, attention, einstellungen, equal, folge, friert, help, irql_not_less_or_equal, kgygaavl.sys, löschen, malwarebytes, microsoft, minidump, problem, programm, regedit, rootkit, rootkit scanner, scan, software, spybot, symantec, system32, systemstart, win xp, win32, windows, winlogon, youtube |
Linear-Darstellung
