Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''

Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''


Log-Analyse und Auswertung: Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.10.2012, 15:04   #1
giusi92
 
Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection'' - Standard

Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''


Hallo!
anbei die neuesten Log Dateien =) Zu dem aswMBR Scan...anfangs hat es gescannt, irgendwann hat sich stundenlang ncihts mehr getan und der scan button war auch ausgeblendet. Dann hab ich es nochmal neu gestartet und es ist wieder das selbe passiert... Ich habe jetzt trotzdem mal die Log Datei gepostet bis zu dem Punkt, zu dem es gekommen ist...


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-14 11:18:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: 8rlp0jd6.exe; Driver: C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7B40AE4                                                                                                                          ZwClose
SSDT            F7B40A9E                                                                                                                          ZwCreateKey
SSDT            F7B40AEE                                                                                                                          ZwCreateSection
SSDT            F7B40AC6                                                                                                                          ZwCreateSymbolicLinkObject
SSDT            F7B40A94                                                                                                                          ZwCreateThread
SSDT            F7B40AA3                                                                                                                          ZwDeleteKey
SSDT            F7B40AAD                                                                                                                          ZwDeleteValueKey
SSDT            F7B40ADF                                                                                                                          ZwDuplicateObject
SSDT            F7B40ACB                                                                                                                          ZwLoadDriver
SSDT            F7B40AB2                                                                                                                          ZwLoadKey
SSDT            F7B40A80                                                                                                                          ZwOpenProcess
SSDT            F7B40AC1                                                                                                                          ZwOpenSection
SSDT            F7B40A85                                                                                                                          ZwOpenThread
SSDT            F7B40B07                                                                                                                          ZwQueryValueKey
SSDT            F7B40ABC                                                                                                                          ZwReplaceKey
SSDT            F7B40AF8                                                                                                                          ZwRequestWaitReplyPort
SSDT            F7B40AB7                                                                                                                          ZwRestoreKey
SSDT            F7B40AF3                                                                                                                          ZwSetContextThread
SSDT            F7B40AFD                                                                                                                          ZwSetSecurityObject
SSDT            F7B40AD0                                                                                                                          ZwSetSystemInformation
SSDT            F7B40AA8                                                                                                                          ZwSetValueKey
SSDT            F7B40B02                                                                                                                          ZwSystemDebugControl
SSDT            F7B40A8F                                                                                                                          ZwTerminateProcess
SSDT            F7B40A8A                                                                                                                          ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\senfilt.sys                                                                                           entry point in "init" section [0xF69AFF80]
?               C:\WINDOWS\TEMP\mc21.tmp                                                                                                          Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\litsgt.sys                                                                                            section is writeable [0xF6DC3300, 0x1F510, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FreeLibrary + 15                                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateFileW                                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!LoadLibraryExW                                                            7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!FreeLibrary + 15                                                          7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!CreateFileW                                                               7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!WriteFile                                                                 7C810E27 7 Bytes  JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text           C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!LoadLibraryExW                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!CreateFileW                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!LoadLibraryExW                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!CreateFileW                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!LoadLibraryExW                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!FreeLibrary + 15                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!CreateFileW                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!LoadLibraryExW        7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!FreeLibrary + 15      7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!CreateFileW           7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW                                                              7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!FreeLibrary + 15                                                            7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW                                                                 7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!LoadLibraryExW                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!FreeLibrary + 15                                       7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!CreateFileW                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!LoadLibraryExW                                                     7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!FreeLibrary + 15                                                   7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!CreateFileW                                                        7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!LoadLibraryExW                                                                7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!FreeLibrary + 15                                                              7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!CreateFileW                                                                   7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!LoadLibraryExW                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!FreeLibrary + 15                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!CreateFileW                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!LoadLibraryExW                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!FreeLibrary + 15                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!CreateFileW                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!LoadLibraryExW                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!FreeLibrary + 15                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!CreateFileW                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!LoadLibraryExW                                                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!FreeLibrary + 15                                                                       7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!CreateFileW                                                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!LoadLibraryExW                                                           7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!FreeLibrary + 15                                                         7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!CreateFileW                                                              7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15                                                                   7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!CreateFileW                                                                        7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!LoadLibraryExW                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!CreateFileW                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!FreeLibrary + 15                                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!LoadLibraryExW                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!FreeLibrary + 15                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!CreateFileW                                       7C810800 6 Bytes  JMP 5F040F5A 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                         fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device          \FileSystem\Fastfat \Fat                                                                                                          B8889D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46                                              0x90 0x7D 0x42 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680                                              0x0C 0xCE 0x9E 0x2D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532                                              0xFF 0x18 0x9C 0x63 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46                                          0x90 0x7D 0x42 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680                                          0x0C 0xCE 0x9E 0x2D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532                                          0xFF 0x18 0x9C 0x63 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@                                                C:\WINDOWS\system32\compatui.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\ProgID@                                                        CompatUI.Util.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\TypeLib@                                                       {233A5627-7755-4B36-AA00-656B8846F501}
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\VersionIndependentProgID@                                      CompatUI.Util
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@                                                C:\WINDOWS\system32\xenroll.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\ProgID@                                                        CEnroll.CEnroll.2
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\VersionIndependentProgID@                                      CEnroll.CEnroll
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@                                                C:\WINDOWS\system32\msvidctl.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@                                                        MSVidCtl.MSVidAnalogTunerDevice.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\TypeLib@                                                       {B0EDF154-910A-11D2-B632-00C04F79498E}
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@                                      MSVidCtl.MSVidAnalogTunerDevice

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Dateien\ICQ\217058948\ReceivedFiles\428014520 ..\ichiiiii.jpg           310948 bytes

---- EOF - GMER 1.0.15 ----GMER 1.0.15.15641 - hxxp://www.gmer.net
--- --- ---
Rootkit scan 2012-10-14 11:18:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: 8rlp0jd6.exe; Driver: C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT F7B40AE4 ZwClose
SSDT F7B40A9E ZwCreateKey
SSDT F7B40AEE ZwCreateSection
SSDT F7B40AC6 ZwCreateSymbolicLinkObject
SSDT F7B40A94 ZwCreateThread
SSDT F7B40AA3 ZwDeleteKey
SSDT F7B40AAD ZwDeleteValueKey
SSDT F7B40ADF ZwDuplicateObject
SSDT F7B40ACB ZwLoadDriver
SSDT F7B40AB2 ZwLoadKey
SSDT F7B40A80 ZwOpenProcess
SSDT F7B40AC1 ZwOpenSection
SSDT F7B40A85 ZwOpenThread
SSDT F7B40B07 ZwQueryValueKey
SSDT F7B40ABC ZwReplaceKey
SSDT F7B40AF8 ZwRequestWaitReplyPort
SSDT F7B40AB7 ZwRestoreKey
SSDT F7B40AF3 ZwSetContextThread
SSDT F7B40AFD ZwSetSecurityObject
SSDT F7B40AD0 ZwSetSystemInformation
SSDT F7B40AA8 ZwSetValueKey
SSDT F7B40B02 ZwSystemDebugControl
SSDT F7B40A8F ZwTerminateProcess
SSDT F7B40A8A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF69AFF80]
? C:\WINDOWS\TEMP\mc21.tmp Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\litsgt.sys section is writeable [0xF6DC3300, 0x1F510, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat B8889D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46 0x90 0x7D 0x42 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680 0x0C 0xCE 0x9E 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532 0xFF 0x18 0x9C 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46 0x90 0x7D 0x42 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680 0x0C 0xCE 0x9E 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532 0xFF 0x18 0x9C 0x63 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ C:\WINDOWS\system32\compatui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\ProgID@ CompatUI.Util.1
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\TypeLib@ {233A5627-7755-4B36-AA00-656B8846F501}
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\VersionIndependentProgID@ CompatUI.Util
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ C:\WINDOWS\system32\xenroll.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\ProgID@ CEnroll.CEnroll.2
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\VersionIndependentProgID@ CEnroll.CEnroll
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@ MSVidCtl.MSVidAnalogTunerDevice.1
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\TypeLib@ {B0EDF154-910A-11D2-B632-00C04F79498E}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@ MSVidCtl.MSVidAnalogTunerDevice

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Dateien\ICQ\217058948\ReceivedFiles\428014520 ..\ichiiiii.jpg 310948 bytes

---- EOF - GMER 1.0.15 ----[/code]

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:56:22 on 14.10.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore1cd9236ee3000a8.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Windows Defender\MpCmdRun.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Premium " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"axtdqpog" (axtdqpog) - ? - C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Vittorio\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"JVC Communication PIX-MCV Driver" (PIXMCV) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcvc.sys
"JVC PIX-MCV Audio Capture" (PIXMCVA) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcva.sys
"JVC PIX-MCV Video Capture" (PIXMCVV) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcvv.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\WINDOWS\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys  (File not found)
"litsgt" (litsgt) - ? - C:\WINDOWS\System32\DRIVERS\litsgt.sys  (File found, but it contains no detailed information)
"mchInjDrv" (mchInjDrv) - ? - C:\WINDOWS\TEMP\mc21.tmp  (File not found)
"OMCI WDM Device Driver" (omci) - "Dell Computer Corporation" - C:\WINDOWS\System32\DRIVERS\omci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tansgt" (tansgt) - ? - C:\WINDOWS\System32\DRIVERS\tansgt.sys  (File found, but it contains no detailed information)
"upperdev" (upperdev) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - /C:/DOKUME~1/Vittorio/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg  (File not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "Microsoft AntiMalware ShellExecuteHook" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MpShHook.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpowerAMP Music Converter" - ? -   (File not found | COM-object registry key not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{A51A8D7A-BEDB-4cac-8B19-59C7EB9FB91D} "SRFImageExt" - ? - C:\Programme\Sony\Sony Image Data Suite\Image Data Converter SR ver. 2\SRFImageExt.dll
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\sdshelex.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
<binary data> "{119DBEDA-9C41-4F97-94B4-B6BCD01133CF}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BD393C14-72AD-4790-A095-76522973D6B8} "CBreakshotControl Class" - "pixelStorm Inc." - C:\WINDOWS\Downloaded Program Files\Banksht2.dll / hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
{00B71CFB-6864-4346-A978-C0A14556272C} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} "GoPetsWeb Control" - "GoPets LTD" - C:\WINDOWS\DOWNLO~1\GOPETS~1.OCX / https://secure.gopetslive.com/dev/GoPetsWeb.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1221319819
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1
{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
{EDFCB7CB-942C-4822-AF14-F0B687409848} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://fdata.over-blog.com/99/00/00/03/js/javauploader/ImageUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
{14B87622-7E19-4EA8-93B3-97215F77A6BC} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{97E71027-0BA2-44F2-97DB-F84D808ED0B6} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\minesweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\SYSTEM32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
{474F00F5-3853-492C-AC3A-476512BBC336} "UploadListView Class" - ? - C:\WINDOWS\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.com/s/v/24.16/uploader2.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} "Windows Live Photo Upload Control" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll / hxxp://giusisspace.spaces.live.com/PhotoUpload/MsnPUpld.cab
{E6187999-9FEC-46A1-A20F-F4CA977D5643} "ZoneChess Object" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\chess.ocx / hxxp://messenger.zone.msn.com/binary/Chess.cab55200.cab
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" - ? -   (File not found | COM-object registry key not found) / hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Vittorio\Startmenü\Programme\Autostart\DESKTOP.INI
"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"Picture Motion Browser Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXF3PMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9984e2df4c2fa)" (gupdate1c9984e2df4c2fa) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"ServiceLayer" (ServiceLayer) - ? - "C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe"  (File not found)
"Splashtop Software Updater Service" (SSUService) - ? - C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe  (File not found)
"Splashtop® Remote Service" (SplashtopRemoteService) - ? - "C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe"  (File not found)
"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru




Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 14:20:51
-----------------------------
14:20:51.359    OS Version: Windows 5.1.2600 Service Pack 3
14:20:51.359    Number of processors: 2 586 0x401
14:20:51.359    ComputerName: GIUSI  UserName: 
14:20:52.687    Initialize success
14:21:05.796    AVAST engine defs: 12101400
14:21:11.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
14:21:11.656    Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152587MB BusType: 3
14:21:11.718    Disk 0 MBR read successfully
14:21:11.734    Disk 0 MBR scan
14:21:11.890    Disk 0 unknown MBR code
14:21:11.921    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       62 MB offset 63
14:21:12.093    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       149699 MB offset 128520
14:21:12.171    Disk 0 Partition 3 00     DB  CP/M / CTOS MSWIN4.1     2816 MB offset 306729045
14:21:12.281    Disk 0 scanning sectors +312496380
14:21:12.562    Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:37.515    Service scanning
14:23:03.468    Modules scanning
14:23:52.875    Disk 0 trace - called modules:
14:23:52.906    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
14:23:52.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fcaab8]
14:23:52.937    3 CLASSPNP.SYS[f7645fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f9d468]
14:23:54.046    AVAST engine scan C:\WINDOWS
14:25:54.218    AVAST engine scan C:\WINDOWS\system32
14:36:41.765    AVAST engine scan C:\WINDOWS\system32\drivers
14:38:19.812    AVAST engine scan C:\Dokumente und Einstellungen\aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 14:20:51
-----------------------------
14:20:51.359    OS Version: Windows 5.1.2600 Service Pack 3
14:20:51.359    Number of processors: 2 586 0x401
14:20:51.359    ComputerName: GIUSI  UserName: 
14:20:52.687    Initialize success
14:21:05.796    AVAST engine defs: 12101400
14:21:11.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
14:21:11.656    Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152587MB BusType: 3
14:21:11.718    Disk 0 MBR read successfully
14:21:11.734    Disk 0 MBR scan
14:21:11.890    Disk 0 unknown MBR code
14:21:11.921    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       62 MB offset 63
14:21:12.093    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       149699 MB offset 128520
14:21:12.171    Disk 0 Partition 3 00     DB  CP/M / CTOS MSWIN4.1     2816 MB offset 306729045
14:21:12.281    Disk 0 scanning sectors +312496380
14:21:12.562    Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:37.515    Service scanning
14:23:03.468    Modules scanning
14:23:52.875    Disk 0 trace - called modules:
14:23:52.906    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
14:23:52.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fcaab8]
14:23:52.937    3 CLASSPNP.SYS[f7645fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f9d468]
14:23:54.046    AVAST engine scan C:\WINDOWS
14:25:54.218    AVAST engine scan C:\WINDOWS\system32
14:36:41.765    AVAST engine scan C:\WINDOWS\system32\drivers
14:38:19.812    AVAST engine scan C:\Dokumente und Einstellungen\Vittorio
15:22:46.359    AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:55:54.390    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Vittorio\Desktop\MBR.dat"
15:55:54.390    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Vittorio\Desktop\aswMBR2.txt"
Geändert von giusi92 (14.10.2012 um 15:20 Uhr)

Antwort

Themen zu Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''
antivir, askbar, aufrufe, avira, bho, black, converter, dell computer, entfernen, error, firefox, flash player, fontcache, home, homepage, infizierte dateien, logfile, malware, mp3, nodrives, object, plug-in, progressive, progressive protection, prozess, registry, rogue.systemprogressiveprotection, safer networking, scan, security, server, software, svchost, system, system progressive protection, unerwarteter fehler, virus, vista, windows, windows internet


« Ransom-D gefunden und weißer Bildschirm | MyStart by IncrediBar.com »


Ähnliche Themen: Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''


  1. System Progressive Protection...
    Log-Analyse und Auswertung - 04.02.2013 (18)
  2. System Progressive Protection
    Log-Analyse und Auswertung - 23.01.2013 (16)
  3. Probleme mit Netzw., Wiederherst, Firewall nach Malware System Progressive Protection = BDS zero access gen
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (9)
  4. System progressive protection
    Log-Analyse und Auswertung - 08.12.2012 (2)
  5. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  6. System Progressive Protection Logfiles nach entfehrnung
    Log-Analyse und Auswertung - 24.11.2012 (3)
  7. System Progressive Protection
    Log-Analyse und Auswertung - 19.11.2012 (1)
  8. System Progressive Protection (Malware) - Entfernung
    Log-Analyse und Auswertung - 08.11.2012 (19)
  9. system progressive protection
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (28)
  10. System Progressive Protection - Entfernung
    Log-Analyse und Auswertung - 28.10.2012 (15)
  11. Vollständige Bereinigung nach dem Trojaner vom System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (11)
  12. System Progressive Protection :(
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  13. System Progressive Protection 3.7.10
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  14. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (24)
  15. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (1)
  16. System progressive protection
    Log-Analyse und Auswertung - 21.09.2012 (3)
  17. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection'' - Hallo! anbei die neuesten Log Dateien =) Zu dem aswMBR Scan...anfangs hat es gescannt, irgendwann hat sich stundenlang ncihts mehr getan und der scan button war auch ausgeblendet. Dann hab - Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''...
Archiv
Du betrachtest: Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection'' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132