Google ist Langsam und leitet um auf dubiose seiten

Xellar · 19.05.2010, 09:07

Huhu,

hier der log von Deinem ComboFix Script

Zitat:

ComboFix 10-05-17.03 - Dogan 19.05.2010 9:46.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1024.424 [GMT 2:00]
ausgeführt von:: c:\users\Dogan\Desktop\confi.exe.exe
Benutzte Befehlsschalter :: c:\users\Dogan\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aaae.sys

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AAAE
-------\Service_aaae

((((((((((((((((((((((( Dateien erstellt von 2010-04-19 bis 2010-05-19 ))))))))))))))))))))))))))))))
.

2010-05-19 07:55 . 2010-05-19 07:55 -------- d-----w- C:\Device
2010-05-19 07:55 . 2010-05-19 07:58 -------- d-----w- c:\users\Dogan\AppData\Local\temp
2010-05-19 07:55 . 2010-05-19 07:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-18 20:04 . 2010-05-18 20:04 -------- d-----w- C:\_OTL
2010-05-18 11:44 . 2010-05-18 11:44 -------- d-----w- c:\program files\DiskInternals
2010-05-17 15:17 . 2010-05-17 15:24 -------- d-----w- c:\users\Dogan\AppData\Roaming\TeamViewer
2010-05-17 15:15 . 2010-05-17 15:18 -------- d-----w- c:\users\Dogan\temp
2010-05-17 13:00 . 2010-05-17 13:00 -------- d-----w- c:\users\Dogan\FileZillaPortable
2010-05-17 09:47 . 2010-05-17 09:47 -------- d-----w- c:\program files\Trend Micro
2010-05-15 16:00 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-05-15 15:40 . 2010-01-16 08:57 -------- d-----w- c:\users\Dogan\JungleFlasher 1.65
2010-05-15 15:36 . 2010-05-15 15:36 -------- d-----w- c:\program files\Lavalys
2010-05-14 13:19 . 2010-05-14 13:19 -------- d-----w- c:\users\Dogan\AppData\Roaming\Need for Speed World
2010-05-14 12:54 . 2010-05-14 12:54 -------- d-----w- c:\users\Dogan\AppData\Local\Electronic_Arts_Inc
2010-05-13 18:33 . 2010-05-13 18:33 -------- d-----w- c:\program files\Common Files\Steam
2010-05-13 18:33 . 2010-05-15 11:28 -------- d-----w- c:\program files\Steam
2010-05-13 09:13 . 2010-05-13 09:13 -------- d-----w- c:\users\Dogan\AppData\Local\MAGIX
2010-05-12 20:33 . 2010-05-12 20:33 -------- d-----w- c:\users\Dogan\AppData\Roaming\MAGIX
2010-05-12 20:28 . 2010-05-13 09:15 -------- d-----w- c:\program files\MAGIX
2010-05-12 20:28 . 2007-04-27 07:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-05-12 20:28 . 2010-05-13 09:14 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-05-12 20:21 . 2010-05-12 20:21 -------- d-----w- c:\users\Dogan\.gimp-2.6
2010-05-11 15:37 . 2010-05-11 15:37 -------- d-----w- c:\users\Dogan\AppData\Roaming\Malwarebytes
2010-05-11 15:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 15:37 . 2010-05-11 15:37 -------- d-----w- c:\programdata\Malwarebytes
2010-05-11 15:37 . 2010-05-11 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 15:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 12:59 . 2010-05-08 12:59 -------- d-----w- c:\users\Dogan\AppData\Local\GameTuts
2010-05-08 12:59 . 2010-05-08 12:59 -------- d-----w- c:\users\Dogan\AppData\Roaming\GameTuts
2010-05-08 10:51 . 2010-05-08 10:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-08 10:50 . 2010-05-08 10:50 -------- d-----w- c:\program files\Microsoft
2010-05-08 10:49 . 2010-05-08 10:53 -------- d-----w- c:\program files\Windows Live
2010-05-08 10:49 . 2010-05-08 10:49 -------- d-----w- c:\windows\PCHEALTH
2010-05-07 14:05 . 2010-05-07 14:05 -------- d-----w- c:\program files\TMShootBox
2010-04-29 14:55 . 2010-05-03 20:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-27 14:26 . 2010-05-04 14:03 -------- d-----w- c:\users\Dogan\AppData\Roaming\CoSoSys
2010-04-27 14:17 . 2010-04-27 14:17 -------- d-----w- c:\programdata\TrueCrypt
2010-04-27 13:51 . 2010-05-04 14:03 -------- d-----w- c:\program files\Acronis
2010-04-27 13:34 . 2010-05-04 14:03 -------- d-----w- C:\SWSetup
2010-04-27 13:25 . 2010-04-27 13:25 -------- d-----w- c:\programdata\createpart
2010-04-27 13:24 . 2010-04-27 13:24 -------- d-----w- c:\programdata\explauncher
2010-04-27 13:24 . 2010-04-27 13:24 -------- d-----w- c:\programdata\launcher
2010-04-27 13:23 . 2010-05-04 14:03 -------- d-----w- c:\program files\Paragon Software
2010-04-27 13:17 . 2010-02-23 09:51 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-04-27 13:17 . 2010-04-08 15:16 1711232 ----a-w- c:\windows\system32\BootMan.exe
2010-04-27 13:17 . 2010-02-23 09:51 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-04-27 13:17 . 2010-02-23 09:51 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-04-27 13:17 . 2010-02-23 09:51 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-04-27 13:16 . 2010-05-04 13:10 -------- d-----w- c:\program files\EASEUS
2010-04-22 17:37 . 2010-04-30 22:56 -------- d-----w- c:\users\Dogan\TM SERVER ORNDER
2010-04-22 17:07 . 2010-05-12 15:52 -------- d-----w- c:\users\Dogan\Neuer Ordner (3)
2010-04-20 20:02 . 2010-04-24 10:59 -------- d-----w- c:\users\Dogan\AppData\Local\Adobe
2010-04-20 15:55 . 2010-04-20 15:56 -------- d-----w- c:\users\Dogan\Neuer Ordner (2)
2010-04-20 13:00 . 2010-04-22 17:37 -------- d-----w- c:\users\Dogan\Neuer Ordner

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 07:42 . 2009-07-14 08:47 3587532 ----a-w- c:\windows\system32\perfh007.dat
2010-05-19 07:42 . 2009-07-14 08:47 1039540 ----a-w- c:\windows\system32\perfc007.dat
2010-05-18 16:10 . 2009-12-20 12:49 -------- d-----w- c:\users\Dogan\AppData\Roaming\Skype
2010-05-18 14:12 . 2009-11-01 15:44 -------- d-----w- c:\users\Dogan\AppData\Roaming\ICQ
2010-05-18 14:06 . 2009-12-20 12:58 -------- d-----w- c:\users\Dogan\AppData\Roaming\skypePM
2010-05-15 16:14 . 2010-03-31 12:30 -------- d-----w- c:\program files\Common Files\Nero
2010-05-15 16:14 . 2010-03-31 12:30 -------- d-----w- c:\programdata\Nero
2010-05-15 16:00 . 2009-11-01 15:39 -------- d-----w- c:\program files\CDBurnerXP
2010-05-15 08:33 . 2010-04-13 19:47 214808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-15 08:18 . 2010-04-13 19:47 139920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-13 09:16 . 2010-02-08 19:00 -------- d-----w- c:\program files\Sony Ericsson
2010-05-13 09:16 . 2010-04-15 16:15 -------- d-----w- c:\program files\Unlocker
2010-05-13 09:15 . 2010-05-12 20:31 -------- d-----w- c:\programdata\MAGIX
2010-05-07 20:16 . 2009-11-10 19:46 1 ----a-w- c:\users\Dogan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 08:36 . 2009-11-01 15:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 13:11 . 2010-04-17 08:02 -------- d-----w- c:\users\Dogan\AppData\Roaming\vlc
2010-05-04 13:11 . 2010-02-02 17:34 -------- d-----w- c:\users\Dogan\AppData\Roaming\dvdcss
2010-05-04 13:11 . 2009-11-01 15:41 -------- d-----w- c:\program files\XMedia Recode
2010-04-24 11:01 . 2010-04-18 10:18 -------- d-----w- c:\program files\AVS4YOU
2010-04-24 11:01 . 2010-04-18 10:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-22 17:05 . 2010-02-28 18:36 -------- d-----w- c:\program files\ServerMania
2010-04-21 17:21 . 2009-12-20 10:47 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-04-21 17:20 . 2009-11-08 12:37 -------- d-----w- c:\program files\Songr
2010-04-19 17:59 . 2009-11-10 16:08 -------- d-----w- c:\users\Dogan\AppData\Roaming\VSO
2010-04-18 10:48 . 2010-04-18 10:48 -------- d-----w- c:\programdata\AVS4YOU
2010-04-18 10:19 . 2009-11-01 15:28 65744 ----a-w- c:\users\Dogan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-18 10:19 . 2010-04-18 10:19 -------- d-----w- c:\users\Dogan\AppData\Roaming\AVS4YOU
2010-04-18 10:14 . 2010-01-11 17:25 -------- d-----w- c:\program files\ProgDVB
2010-04-13 19:46 . 2010-04-13 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-13 19:44 . 2010-04-13 19:44 -------- d-----w- c:\users\Dogan\AppData\Roaming\Need for Speed World Online
2010-04-13 19:02 . 2009-11-01 16:16 -------- d-----w- c:\program files\Electronic Arts
2010-04-12 17:15 . 2010-04-12 17:14 -------- d-----w- c:\program files\SweetIM
2010-04-11 16:50 . 2010-04-11 16:49 -------- d-----w- c:\program files\ICQ7.1
2010-04-11 16:49 . 2009-11-01 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 15:25 . 2010-04-08 12:45 -------- d-----w- c:\programdata\TrackMania
2010-04-08 12:45 . 2010-04-08 12:27 -------- d-----w- c:\program files\TmUnitedForever
2010-04-08 11:58 . 2009-11-01 16:00 -------- d-----w- c:\program files\TmNationsForever
2010-04-04 16:47 . 2009-11-23 18:32 -------- d-----w- c:\users\Dogan\AppData\Roaming\XnView
2010-04-04 16:25 . 2009-11-23 18:30 -------- d-----w- c:\program files\XnView
2010-04-01 00:14 . 2010-04-01 00:14 -------- d-----w- c:\program files\NaturalSoft
2010-04-01 00:09 . 2009-11-01 15:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-01 00:08 . 2010-04-01 00:08 -------- d-----w- c:\program files\Common Files\L&H
2010-03-31 13:23 . 2010-03-31 12:42 -------- d-----w- c:\users\Dogan\AppData\Roaming\Nero
2010-03-31 11:52 . 2010-03-31 11:52 -------- d-----w- c:\users\Dogan\AppData\Roaming\Canneverbe Limited
2010-03-26 20:27 . 2009-12-16 19:35 -------- d-----w- c:\program files\Google
2010-03-26 16:50 . 2010-03-07 12:53 -------- d-----w- c:\program files\RADVideo
2010-03-26 16:43 . 2010-03-25 21:33 -------- d-----w- c:\programdata\DivX
2010-03-26 16:42 . 2010-03-25 21:24 -------- d-----w- c:\program files\DivX
2010-03-26 16:42 . 2010-03-25 21:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-25 22:19 . 2010-03-25 21:35 -------- d-----w- c:\users\Dogan\AppData\Roaming\DivX
2010-03-25 21:33 . 2010-03-25 21:35 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-03-25 18:23 . 2010-01-11 15:42 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-03-25 17:43 . 2010-03-25 17:43 -------- d-----w- c:\users\Dogan\AppData\Roaming\Avira
2010-03-25 17:40 . 2010-03-25 17:25 -------- d-----w- c:\program files\Handbrake
2010-03-25 17:25 . 2010-03-25 17:25 -------- d-----w- c:\users\Dogan\AppData\Roaming\HandBrake
2010-03-21 19:44 . 2010-03-21 19:24 -------- d-----w- c:\programdata\Norton
2010-03-21 19:24 . 2010-03-21 19:24 -------- d-----w- c:\programdata\Symantec
2010-03-21 19:24 . 2010-03-21 19:24 -------- d-----w- c:\programdata\NortonInstaller
2010-03-18 14:35 . 2010-03-18 14:35 1585608 ----a-w- c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-03-01 08:05 . 2009-11-01 15:11 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-25 16:28 . 2010-02-25 16:28 9624 ----a-w- c:\users\Dogan\AppData\Roaming\Microsoft\IdentityCRL\production\WLIDClientConfig.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-03-17 106496]

c:\users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX100 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "c:\windows\TEMP\E_S2AEA.tmp" /EF "HKCU"
"Google Update"="c:\users\Dogan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2006-02-10 1391040]
R3 cpuz130;cpuz130;c:\users\Dogan\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-09-11 87296]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-02-08 13224]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Dogan\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-02-08 27632]

.
Inhalt des "geplante Tasks" Ordners

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 14:06]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 14:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://hemenarabul.net
mStart Page = hxxp://hemenarabul.net
mLocal Page = hxxp://www.searchturk.tk
mSearch Bar = hxxp://www.searchturk.tk
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {AAEA8A51-4771-4F59-8AFB-E5E228C02243} = 169.254.1.8
TCP: {E68185B5-D304-448C-9755-34D1071C40F6} = 195.50.140.248 195.50.140.246
FF - ProfilePath - c:\users\Dogan\AppData\Roaming\Mozilla\Firefox\Profiles\7hoqlp6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-19 10:03:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-19 08:03
ComboFix2.txt 2010-05-18 20:51

Vor Suchlauf: 18 Verzeichnis(se), 43.335.471.104 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 43.153.145.856 Bytes frei

- - End Of File - - EFB254D4047B4E832657DE332606A94E

cosinus · 19.05.2010, 12:11

Ok. Bitte weitermachen mit GMER und OSAM.

Xellar · 19.05.2010, 12:52

Log von Gmer

Zitat:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-19 13:50:40
Windows 6.1.7600
Running: ybzsihq8.exe; Driver: C:\Users\Dogan\AppData\Local\Temp\aglcapow.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83633AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83633104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8361BFB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83633958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83633F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8324C579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83270F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9374FC9D 28 Bytes [8F, D4, A1, 4B, 9D, 2F, B0, ...]
.text peauth.sys 9374FCC1 28 Bytes [8F, D4, A1, 4B, 9D, 2F, B0, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7421250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74212494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74208573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74204D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74208819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7420907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7420E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74204C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\000000fb halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ???'????????????????????????????^?????????????????p???????@??????'???e???-?-????????????????????????????Section001???????????'???2??????C3??NVIDIA?19.???|???????????????.??????????? ???????2?????'???????-???????????????????????'?????????????????????????'???l???h???'???????0??????s???oem24.inf???? ???'???:?????:?:??wuauserv?gpsvc?trustedinstaller?????nvd3dum?????????????????????????1-11-2010???9.???????????'????????????????????????B??'??????????????%systemroot%\system32\srcore.dll??????????????????????????D??'??????????????%systemroot %\system32\sxproxy.dll????'?'????? N??'??????????d???{9F8639E0-9EEF-4125-9B1C-86109BDD8289}???????????????????????????'?'?'??? ??????????????t?????F??'?????????????e????%systemroot%\system32\fxsevent.dll???????'?'?'?'?'????F??'??????????????%systemroot%\system32\fxsevent.dll?? ????? ??????????????t????????'?????????????e????C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll??????????'??????????????C:\Windows\Microsoft.NET\Framework\v3.0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ?????e??????????????8}????<???????????h???????????????????????????????????????????????????????n0BE??6to4mp.ndi?F-F??? ??????????????????????????????????????? .?????????????????????????? ??????????????n?????????????n}????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????M?M???M?M?M???????M?M?M?M???M???M?????M?M???????C?C**?????M?M??+%?????M?????C?? ??M?????C?C???C?M?M?M?M??? ???????? ????C???????M???????C?????C???M???C????????????? ???????????????????????????????????????0??? ?????????????????????????????? ????????????M??Netzwerkadresse??????????????????t???? ??????????e??? ???????????????????????????????????????C???????????o????clte???????????????????????????Y??????? ???????:?????????????*??"?????p?|?????-0??{4d36e972-e325-11ce-bfc1-08002be10318}??????? ???????-?????11c??*6to4mp??2??? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0138?23????????????????????????N?????????????????{06B77C4B-04CC-42F1-91EB-6C
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116778e12b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116778e12b@0021fb106939 0xCA 0xA9 0x7A 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????*6to4mp?? ??? ????????????????????????"?????????????????USB Sound Device ???????.???????????????????????????? ????????????????????? ??????????? ????????????????????? ???????????????????????????????????s???? ???????m???????? ????,??"?????n????????????????????????????????????????????????????????????????????}??@disk.inf,%disk_devdesc%;Laufwerk???????????????????????????????@ disk.inf,%genmanufacturer%;(Standardlaufwerke)?????{4d36e967-e325-11ce-bfc1-08002be10318}?:6.??{eec5ad98-8080-425f-922a-dabf3de3f69a}\0002?????Sony Eri?f,%microsoftmfg%;Microsoft???????N????????????D???????????????????? ?@?????????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0002?????{4101fddf-0263-5671-812a-035caaea93d7}??????????????????? ?????????????????????-??????????????????????s?????? ?????????????????????,?????????????????f??? ?????????????j???????1??L????????? ???????????? ?????????????????????1????????????&???????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ??????????:??????&???&???{?|?|?}????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|?????????y???<?????????n?<???????y???<???????????<??Net???????N??????n??????????tunnel?85???????????????????USB MFP??????????????????z??????????????????e????????z??????????????????e????????z???????????????????????????????y??????????????v2.10|Action=Allow|Active= TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|?????????z??????????????P???????????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Public|ICMP6=128:*|RA6 =LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|???????????z???????????????????????????o??a????y??????????????????????????Sti
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????r???????????{36fc9e60-c465-11cf-8056-444553540000}\0014?Tc???????????v???????????????????????????????m??????????????????????nS????`??????{???????????????n?gie???????l???????i????????????? ?????????????*6to4mp?????{85994E17-9961-444D-94F5-E1FCB40A6A9D}??02??TCPIP6TUNNEL?Tcpip6??8??\Device\{85994E17-9961-444D-94F5-E1FCB40A6A9D}??74????6?????????????????Microsoft-6zu4-Adapter #38???v??????????????????mouhid??????????????@nettun.inf,%msft%;Microsoft????{4d36e972-e325-11ce-bfc1-08002be10318}?D87??????????????????????????????? ???t???t???????t??86??????s????????????????????????????????????????????s???????????????????~??????????????????????? ???????[???????????j??????????P?????01F8??????????????????????????????????????????-0????P??????}??De??????????????????????????????????????????}???????0??[???[??6AA2????N???????????D??????????m???????????}???e???????n??? p??????S??????ne????????????????????????????r????????g????? ??????????????????????????????*isatap??????????????????????????????????????s???????i???????e?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????????? .??????9??????????????????????????? ???????k??????????????????????????????????????2????l???????e??? ??????|?????}????text????????????????????????????5????????e???????????????h??HardwareDefault?ne??????8???????????ap??? ???????7??????????? ?????????????7?7??Netzwerkadresse??V???????????????e????N??????1?????D48???????????????h??????0????????????t??nettun.inf????????L?????????????????pci\ ven_10b7&dev_9055&subsys_905510b7???? ?????????????????PCIEL9055TX.ndi?????? ???@??????????t????? ??@???????????????????@??????????????? ??????????????????????????????{004fbbb9-c9f2-11de-999c-000fea2a8775}?-8A????N????????????D????????? ???????????????????s????????"?????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9DDD4165-7BF3-479B-9649-3F59B430BD3D}] SEQPACKET 117???? ???????????????????s????????"??????????????????????????????????-??????????? P??????|??????????????? ?????????????????????,??????????????#A97??????????????????????????????????usb\composite????????????????????v??????nm??????????????????????? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????j??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|??????!???z????????????????????e??????"???z???????????????????????????????z???????????????????????????z???????????????????e??? ???n????????????????X??????????t??????????????????Microsoft????|?|?y???????y???<?????????n?????????y???;???????????;???????????y??????????????v2.10|Ac tion=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|?<???????????j??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew allAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|???????!???z????????????????????e??????"???z???????????????????????????????z??????????????????e????????z?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????-3??Net??????b???????;?????????????????????????????????????????????????<?<??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\pr ogram files\musicbrainz picard\picard.exe|Name=The next generation MusicBrainz tagger|Desc=The next generation MusicBrainz tagger|Defer=User|?er|?=??? ???????????????? ????,??"???&??????????????B????*??????=?????????nn|??Port_#0004.Hub_#0003?l???????????r??????fi??? ?????????????????????,?????????????????f??????????? l??????c?????z t??USB\VID_18B4&PID_1689&REV_1000?USB\VID_18B4&PID_1689????? ??????????????????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE??sic??usb.inf???????N??????e?????DTh?? {635d3535-1a14-11df-bc1f-91fa6054d4ac}?=Th??????????????????????????in??6-21-2006?????$??????M??????????ROOT\*6TO4MP\0006???{4d36e972-e325-11ce-bfc1-08002be10318}?FB0??????????? p???????????????????b?????????????? `??????-?????4D7??? 6??????d?????c3_??tunnel?S????????????text????????}"???????k????X?????? ???????????????N?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????????????????????????t?????$LAN-Verbindung* 92???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????4Microsoft-6zu4-Adapter #84??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????os???????????a??????in???????h??? p?????????????????Microsoft-6zu4-Adapter #142?8A??{4d36e972-e325-11ce-bfc1-08002be10318}\0146?? ??Microsoft-6zu4-Adapter #131?F-??10318}?2FE??????????????????16???????e??*6to4mp???????X??????????t??????????????*6to4mp?3C??????76??????D1??????? ?????????????????????*??"?????p?x???????????N??????5?????DAB??{4d36e972-e325-11ce-bfc1-08002be10318}?-44??????F6??????????????????Microsoft-6zu4-Adapter #130??2??????EE??????????????-E??????????????????????????????????????????????????????????????????*6to4mp?????text?????????\?????????????????s????6-21-2006???????16???????????????????\???????????-??????AC??*6to4mp??????????????????????????????????A???e??{4d36e972-e325-11ce-bfc1-08002be10318}??@%??{4d36e972-e325-11ce-bfc1-08002be10318}?}"???? p??????3??????13??13??????????????13??????????????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%msft%;Microsoft?????????????4?????sCF??? p??????1??????????????????????????????????????????????????????63??????16?????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????????????????????????B??????????*6to4mp?9D??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????1??A3???????????C??D-??*6to4mp?A2??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????6??-2???????????9??6C??????34??? ?????????????????????1????????????&????????????????????6??????????????? ?????????????????????1????????????????????? ?????????????????????1????????z????????????????????????????-??E4????z??????4??59??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?F??????5-???????????8???e??tunnel?016??? .??????A?????-C5??Microsoft-6zu4-Adapter?33D??????????????????????????????????????????44??? ?????????????????????1??????????????????????????????????????????????????????4F59-8AFB-E5??? ?????????????????????1????????.???????????Microsoft-6zu4-Adapter??????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter????????????????????????????????????????s????? ??????????????????????????????`????????e?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ?????????????????????? ??????????e??Typ??????$???????M??????????????????te???????????-??????????dr??????r??????????????????????????????d?????????????????????????????k???$???????h??????????????????02?????????????????????????????????????? ?????u?????????t?u????????????????????????????????N???????????D???????z?????????????r???????r????? ??????????e????$??????8???????9???????9??{71a27cdd-812a-11d0-bec7-08002be2092f}??????? D??????????????????????????????????????6??????\\?\USB#VID_04B8&PID_0841&MI_01#6&14172607&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}?E??USBSTOR\Disk?USBSTOR\RAW?????????????2??????5D??????????????????????? ???????0?????-4B????????????N??????d??????????tunnel???0??11???????????????????????????n??????????????????????????disk.inf????? ?????????????????????1?????????????????????????????}???????????????i???t??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????i???h??????????????????6.1.7600.16385??????????????? ?????????????????????1???????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ?????????????2$??????????????????????????e??? ???????|???????????j?:??????????u?&????????????????????????????????B???????????????????????????????e??????????????????????????l??????????????????????? ??????????????????????????????????????????????2?????????????????????????????????????????????????????????????????????????????????????????????????????MS AFD NetBIOS [\Device\NetBT_Tcpip6_{4A910B62-C701-4E6F-8482-9A6E7C4E9723}] DATAGRAM 94???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????ss??????????????????l?????????????????????????????????????????????????????????????????????2?????????????????????????????????????? ???????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3694521A-FDA8-41E1-9951-6CA1EAA19D76}] SEQPACKET 93???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????a7???????????n???????????????????????????????????????????????????????????????????????????????????????d????????m?????????s????????????{???????????? ??????????????l?????????????????????????????????????????????????????????????????????2????????????????????????????????????????????????????????????????? ????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B6B4FCBF-FFB5-4221-804F-DF9FB112088F}] DATAGRAM 104??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????l?????????????????????????????????????????????????????????????????????2?????????????????????????????????????? ???????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C7609DC6-73D6-43F8-8B95-D3303D0B8BBE}] SEQPACKET 105??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3043
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????????????????????????? ?????????????????????*??"?????p?v?????????? p?????????????????????????????????????Microsoft????v??????????????????????? ?????????????????????*??"?????p?s?????????? ?????????????????????*??"?????p?u??????????????????????????????????????6??????????????????????????????????????????tunnel??????????????Tcpip??????????? ????11???9??????????? ?????????????????????*??"?????p?n?????-8????N??????A?????DAA???????????????????????e??????????????????????????????????? ?????????????????????*??"?????p?m?????? ????X??????????t????????????????????R????????????e????????????????????F}???????????f?????T?????????????"??????????????????????????????????Volume?????? ??????????????????????????????:??????C?gDD????????????????????????????????????????R????????????n??????X??????????t???????????????????????B??????????Ty ??11??????????????????????????????4}??volsnap???????????????????????m?????De??Microsoft????????????????????????? ?????????????????????????????????????????????????????????????????????????@usb.inf,%g
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ?????????????|???????g??????????????????????? ?????????????????????,?????????????????f??????????????????????EC168????????????????????9?????????????z??h?????????????????AC??? ???????????????????8??????????`???????????? ?????????????????????1??L????????? ???????{4??? ?????????????????????1????????????????????????????????? ?????????????????????,?????????????????f????X??????????t???????g??@C:\Windows\system32\nvsvc.dll,-4401,Adjusts the refresh rate to save power and maintain visual quality.ne???????????9?????n?????????????????????o??@C:\Windows\system32\nvsvc.dll,-4403,Disabled???? ???????e???????e??? 4??????I??????sP??USBSTOR\Disk?USBSTOR\RAW??????N??????d?????D-0???????????}???e??????????? ?????????????????????1????????????????????????????? ?????????????????????-??????????????????????s)????? ?????????????????????,?????????????????f??? ?????????????????????1??L????????? ???????52??????????????????????? ?????????????????????1?????????????????????????????v??????? ?????????????????????1??????????????????????z????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ?????????????????????????????????B??????????????????F7??????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?i?g??????????????????????????????????????????ac??????????*6to4mp?????Auto Exposure???????5F??Microsoft?????X??????????t??Microsoft???int?????Microsoft???Typ?????????????????????????????????????????????11??8A??????Dev. 0 LUN 0?asicdevicename%;WPD-Dateisystem-Volumetreiber??????LAN-Verbindung* 84?N ???Face Tracking?????????????????????????????????z?????? ??????USBSTOR\Disk?USBSTOR\RAW?????????????$???????????????????????????????????????F????????m?te??????????????????? ????????????????????????;?????????? ???????/?????????????,????????????????????????????????????????????????????????Microsoft???Microsoft????????e??*6to4mp?????????-4??????SE??11??????? ???????1???????????????????????h??????#????????????????????????k???k??????????????????????????????????????l??????????????????????????????????????????? ??????????????????????????2????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????????@nettun.inf,%msft%;Microsoft??????8?????????????16????:????????????????????????? 3??????????????????????????????38??????????Microsoft-6zu4-Adapter #97?2?2??????16???$?????????????????????????????????????????????s? ???i?j?j?k???t????????????????s????????????8??????72??????????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%msft%;Microsoft?3??????p6??????????????-A??????E5??Microsoft-6zu4-Adapter #99?13????????????????????????????????????????????\???e???????????B???????????????g???????f???????f??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?? ??{4d36e972-e325-11ce-bfc1-08002be10318}\0110?????@nettun.inf,%msft%;Microsoft?-??????????????????11??????????????????tunnel??????\\?\USB#VID_0D8C&PID_0103&MI_00#6&167e581&0&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\GLOBAL?\Tc???????????v????????m???????X??????????????????6??? ?????????????????????-??????????????????????s?????? ??D????i??????????? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????k???????????????????????????????????????????&??Microsoft-6zu4-Adapter #114???????8?????????????????? ????????????????????N???????????D??????e??????s????????????????????????????????????????????????}????????????????????????6?????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????@nettun.inf,%msft%;Microsoft?2???????????????3??????8}??????????????????????????? ?????????????????????,?????????????????f????????????????"{40????N??????-?????DF0??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5-E??? ???????1?????????????,????????$?K?<???????????????????????????????-4??? ?????????????????????,????????z?????#F80??????#?????$??????"???????7??Root\*6TO4MP\0071?????z??????}??????3B??\\?\Root#*6TO4MP#0071#{cac88484-7515-4c03-82e6-71a87abac361}?9??????? ???????1?????????????,??N?????$?K?<???????????????????????????????B5??? ?????????????????????,????????????'????????????????????}????????????$??????-???????E???????????????&??? ??????????????????????????????`????????e??? P????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ???8?9???????'???s?????????epo??1????????Z???}?~?i????8??8???:???????????????:???8?8?9???????'???????????e??????????????????AmdK8????????8???????????? ??NVIDIA?ft???? ???????8?????8???????3???????????????????????8????1????????8??? ???????8???????????0?3???????????????????????8?????????????D??M????????8???????8??NVIDIA?ft????????8???f???????n??????re??? ???8???d?????OM ??7-27-2004???? ???????8?????8???????3????????????????????? ???????8???????????/?3???????????????????????8?????????????????????????8????????????????????F??8??????????????????? ???8??? ???????8??5.1.2600.445?5?????????8?????9?9????? ???????8?????8???????3??????????????????????????????????????<??8??????????? ???????8???????????7?3????????????????????????????????? ???????8??????????5.1.2600.445?5??????????????????Ports????????8???????8??System??cd????2??8???o?gde??@oem14.inf,%nvda%;NVIDIA?;(Standardsystemger?te) ???????8???????????????g?????#?#?#?#?#?#?#?#?#?8????\\?\PCI#VEN_10DE&DEV_0057&SUBSYS_E0001458&REV_A3#3&2411e6fe&1&50#{cac88484-7515-4c03-82
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ???:?????????????x?????9?:?????????????????????????? ??????????? ??????????? ??????????? ??????????????????????????????????????????????????????????????????????? ????(??????P????????????(??????P???????????????????????????????????? F??:???0?????9?0?????:?????????????????????????9?9?9?3?:?:?:?:?:?:?1??? ???????9?????????????,?????????????????f????N??:?????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????1?????:?????:?,????????.???A?????????????????????????????????}?????? ???????:???????????:?,??????????????#????????:#?????.??:??????????????Root\MS_NDISWANIP\0000???????????:??????????????\\?\Root#MS_NDISWANIP#0000#{cac8 8484-7515-4c03-82e6-71a87abac361}???? ???????1?????:?????:?,????????.???A?????????????????????????????????}?????? ???????:???????????:?,???????????? ??????????????:??????.??:??????????????Root\MS_NDISWANIP\0000???????:???????:??????????????\\?\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\NDISWANIP??????:??? ???????,?????:?????:?,??????????s? ??????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116778e12b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116778e12b@0021fb106939 0xCA 0xA9 0x7A 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???m????????$???4????? ??????? ????????????????????????? ????????????????????????????????????????????????????????????????????????????????&?????????????????????????\??????????????????????????????????????????? ????????????????????????????????????????????.???????????.???.???????????????.???t?.??????$???4????? ??????? ????0???(??????P???????????????N??e?????????D????????$???4????? ??????? ????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(?????????????????? ??????????????????????????????????????????????????????????????????????????????&??????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000????????????????????shc??Dogan????$???e???????????????????????????????f???6???e???e???????????????????????????????d??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????$???e??????????????????????????{000000
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s???????g???g????? ???????}??????? ????????????????????????????2??????/?g?/????N??k???n????DaxM????X??????????????}?}????????????????blbdrive??????????????????????N??h?????????DSi??Image???NDProxy?76??????? ???????g?????g?????g?-??(???$?????????????????????????????????????????????? ???????g?????g???????-????????????????????????????? ???????g?????????????-?????????????????????y?????g????? ???????g???????????g?,??????"?h?????????????h??g ???????????r?????h??????????????????????????????????????? ? ?????????????? 4??g?????????????????????????????????? ? ??????g?g?????????6??????? ???????g?????g???????1??L????????? ??????????????g???g???g?????g??? ???????g?????g???????1????????????&???????????????????????? ???????g?????g???????1????????????????????? ???????g???????????g?1????????|?????????????????????????????|??g???6??????machine.inf:GENDEV_SYS.NTx86:NO_DRV_X:6.1.7600.16385:*pnp0c04????g?g???????g ?????????????????????????????????????g??????????????? ???????g?????g???????1????????????????????? ???????g?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?t?????????????g?????????????j???????u????????????????????????????????????????T??s????????h????????????y????PlugPlay????? ???????o???????????s??????????:????????g???????????????????????????p?????????e????*6to4mp?????????p????????t??????????????????????C:\PA7302.DAT??????? ??????N??????D???????????????e????????????????????????????m??t??????p????????|??? ???????o?????t??????????????@?????????m????????????????????????????????????????????t?????????????? ????????????????t???????????e??RPCSS?SamSS???????,???????????????????????????????????????2??t??????????????????SeChangeNotifyPrivilege???????"??t????? ????n?????t??? ???????????????????????????????s??????????rdbss???????%SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation???@comres.dll,-2947???? 8??t??????????????NT AUTHORITY\NetworkService?????? F??t???????????????t????$??t?????????e????@comres.dll,-2946????????t????????h???????$??t?????????n????? ???????t???????????m????????,?F??? ???????????%systemroot%\system32\msdtckrm.dll??????KtmRmServic
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???j?q??USB?????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ??\???????????????\?f?f?j?j?j?j???????|???????????????????j???????????????????j????????????????????????????????????????N??j????????D??????e?g?h?i?j?j? j??@%systemroot%\system32\wkssvc.dll,-1004??????j???j???j???j???????????????????E???????????4????????????@????????g??????P??k?????????e?????????????????????????????????????z??????????????? ???????????????EC168BDA?????????????4?????????????????????????s????????????????????????????52???j???????????j????????????N??j????????D?????? ^??????1???????????????????????????????????j??????s????????j???D??????????????????t?????????????N??????|?????|?????t?tt????????e??int????????????????? ?????????????????4??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???e???????????????e?e?g?h?j?j?j??LegacyDriver?????????1???????z???z??*6to4mp???????N??j???????????????????????????????m?????v?m???????t???????????B?? ??????????????????????????????N??j??????????????? P??k???3?????3??????X??k???&???&?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???t??????????????N??t?????????n????? ???t??????????????Video Save???????????t???????????e??SamSS?Srv?????????,??t???????????????????????????????????????t??????????????????SeChangeNotifyPrivilege?SeImpersonatePri vilege?SeAuditPrivilege?SeLoadDriverPrivilege????????t?t?t?t?t?t?t?t?t?t?t????????????????????????????h?????????????? ???????u???????????t?????????????? ?????????????????????????y?????? ???????o?????t????????????????R??????????????????????????????????????????????t????*6to4mp?????6-21-2006??????]?????????????????g?????????e????? ???`???-?????t5E?????? ?????????????8???????????h??????????l???????????e???????????????????????&???????????,???,??????????????t?????????????8??t????????h???????N???????????? ??d???j?t?t?t?t?t?t??text????????????????????usb.inf?????????????????? ???????t?????????????????????????? ???????????? ???????o?????u?????u????????$?????????????%systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted???RpcSs?????????J??t?????????n????@%SystemRoot%\system32\pcasvc.dll,-2???????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ?????t???????t??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege??????????????????????????????t?t?t?t?t?t?t?t?t?t?t?t?? ??????????????t???@%systemroot%\system32\wkssvc.dll,-100????????h??t????????h?????%SystemRoot%\System32\svchost.exe -k NetworkService??????t?????????????????????t??????N??t?????????n????@%systemroot%\system32\wkssvc.dll,-101??????? 8??t??????????????NT AUTHORITY\NetworkService?????????????????????????Gamma???? ???????t???????????e???????????????????e????????????b??u?????????e??????????????N??????????????????????????????????????t?????????????????????????????? ??????????????`??t?????????n?????????????t???????t??????????system32\DRIVERS\nvm62x32.sys????????????????????????????????t???j???e???????t??????p????? <??????????????????t??tunnel??????int?????????????USB????????????????{????????????????????????????System32\drivers\partmgr.sys??????6??????-????h8EC???????????????????v????????????????????????????N???????????D??z??*6to4mp?????????????disk.inf????*6to4mp????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???j?|???h?h????????? ???????f ????????????,??P??????? ????I????? ???????h?????????????,????????????(???????????????????????? ???????h???????????g?1?????????????????????????h???0??8}??machine.inf:AMD_SYS.NTx86:NO_DRV:6.1.7600.16385

ci\ven_1022&dev_1100???? ???????h?????h???????1????????????????????????????????? ???????h???????????h?1?????????????????????????????????????????h???????????h?h???????h????? ???????h?????h???????1???????????????????????h???h???h??054&??? ???????h???????????h?1?????????????????????????????????????????h???1??85???h?h&C?????h????? ???????g?????h???????1????????????&??????????????????????????h???h???h??REV_??? ???????h?????h???????1????????????????????? ???????h???????????h?1????????????????????????????? ???????????h???????8???????????h?h?h?????h????? ???????h?????h???????1?????????????????????h?h????????? ???????h???????????h?1?????????????????????????????????????????h??????????6.1.7600.16385???8?????h????? ???????h?????h???????1????????????????????????????????? ?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???s?s???????p????????????????????????????????n???????P??s???????????????????????p??????????????????????*???????????????????Tcpip???????<????????????? ???<????????????????<??????????? ??p???????????????????????s????????????????????????j??s???????????????????s???????????????????????s????????h??????u?u?u???s?s?s?s?s?s?s?s?s?s?s?s?s?s? s?s?s?s?s?s?s?s?s?s?s????P??s?????????e???????????????????????????????????????????????????????????????????????????????????????????&??????????????????? ?????!??????"?????????????;??????????????????????????????????????????????????????????????*???????????@%SystemRoot%\System32\hidserv.dll,-101??????s?s?s?s?s??? ???????o?????s?? ??s????????$??????????v??%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted???@%SystemRoot%\System32\hidserv.dll,-102?????? D??s???????????????????s??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?????????s0?????P??s?????????n????? ???s?????????????????s???s???????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????t4??????? ???????0??????r????????????5??????????? ???????0?????1?U??????? ???????o????????????????????????$?????????f&????.??????{??????A9??ASP.NET-Zustandsdienst???&??? 8??????A??????????NT AUTHORITY\NetworkService??????????????}?????n?&????,?????????????????????????????????????????????????????????UT????2??????E??68????4??????s??ei??????? ???Stellt die Unterst?tzung f?r nicht aktive Sitzungszust?nde von ASP.NET bereit. Wenn der Dienst angehalten wird, werden nicht aktive Anforderungen nicht verarbeitet. Wenn der Dienst deaktiviert ist, k?nnen die explizit abh?ngigen Dienste nicht gestartet werden.???CloseStateServicePerfData?????8??????v??????CollectStateServicePerfData?????????4F??? ???????????????????k????????*????? ??????11d??????????????????????????????????? ???????????????? ?????????????????????????A????????????j?????e?j??aspnet_state_perf.ini??????????????????????????????????????????????CC0???????????D??????-0???????????????s??????????????????????? ???????t??????rt???f?g?o?o?o???????t??? ?????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???n????????????????????????@%systemroot%\system32\drivers\RdpRefMp.sys,-101?6?????????????????sMi???????????????????4???????}???????z??Blue????????????????????????????????????????????*6to4mp??C????????????????????????????? ???????????????????b??k?????g?????? k?&??? b??j???3??????????USB?26??{8ECC055D-047F-11D1-A537-0000F8753ED1}???4??usbccgp?ic???j?j?j?j????????USB??9???v???t???????\???n???e??? *??k???p???????1???????????????5???????u???????????????????????j???????k??.NT??????Z?Z?????????????????????????????????????????k???????3???????k???M?? sg????????????????????????X??k???????????????????v?????s?0??? ???m???????????????????????????u??????????????????MEDIA???????????tunnel?304???????????????????????????F???????????????????????i???????????????????7?? ?????2???????????0??????????? ???????k?????j?????j?,??????????c? ???????R??????????????????????????????????????s????????iv???j???k??? ???????h?????????????,????????????(???????????????????????? ?????????????????????,??"???&??????????????0??{4d36e972-e325-11ce-bfc
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????????????????tunnel???????????????0???e???????????D??????-A???????????????0??????0-????????N???????????D?? ????????????5d??????????????????8??????????????????????????????t??????????*6to4mp?????*6to4mp?e7???,?? ????????????????????????????????,?? ????????????????????????????????,?? ???????????????????????????????Root\*6TO4MP\0138????????????D??????Tc????????????$??????3???????B??? ??????? ?????94E????N???????????D??????????????????????????????????????????????????????????@??????????????????????? ???????????????????????????"???????????????????????????????%???????????????????????????????$???????????????????????????????$?????????????????????????? ?????'???????????????????????????6???????????????????????????????!????????????????????????5????????????????????????????6???????????????????????????5?? ???????????????????????????????(???@???????????????????????????!????????????????????????6??????????????????????????????6??????????????????????????6??? ???????????????????????6????????????????????????????????? ?????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????&??{4d36e972-e325-11ce-bfc1-08002be10318}?nsu???????????????B??????FE??????F-??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ?????????????>?? ???j??? ???????????j?j? ? ?j? ?j? >????j>????????j?j**????? ????+%????? ?????j?? ????????j?j???j? ? ??? ???????????? ????????????????j?jY????j???????j????? Y??j?????$???????{??????????????????-8??? p?????? ??????????????????? ??????????? p??????{????????????????????????????????N??????*?????D#0????8?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}\0155?66??"????????????????????j???????????B??????????ce???????????????????????????????????n???e??????????????????????????????????? ???????a?????????????,??????(?????????????14????N??????A?????D28???????????i???e???$???????{??????????????????-9????X??????????????????????_???????????????????????????????????????????????????????????_??????????????????? ???????????????????3??????????????????? ???????????????????????????????????????????????????????????n?????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???i?????????????????????????i???\??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\ snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|?PM???y?y?i???i??? ???i??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|?????????i?????????P????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|????y?w?i???y?y?i???????i?????????P????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|?????????i?????????????????e????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Prof
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???-?{????????????????????????T??i????????h?????\SystemRoot\system32\DRIVERS\SiSRaid2.sys???PNP_TDI??:???????i??????p???SCSI Miniport?????T??i???????????d??sisraid2.inf_x86_neutral_845e008c32615283???????????????t?????????????????????????????????????????T??i????????h?????\Sy stemRoot\system32\DRIVERS\sisraid4.sys????????i??????p???SCSI Miniport?????T??i???????????d??sisraid4.inf_x86_neutral_65ab84e9830f6f4b????i?i?i?i?i?i? ???????i????????????B??i?????????e????????????????????????*6to4mp??????i????????????????N??i????????D?????LegacyDriver?E???????j???????h???????e??HIDC lass????? ???W??????????????? ???????h?????????????,????????????(???????????????????????LegacyDriver????? ??Z???/???????/???????i??????s??????? ???????????????WUDFRd??????????????? ???n??????????s????????i??????????LegacyDriver?????????g???4???e???????h???F???e???????????????????????z??????nf??@compositebus.inf,%compositebus.devi cedesc%;Busenumerator f?r Verbundger?te?c:??ENTECH???????????????????????4???????????3??????????MEDIA????? ??d???4?
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???n?t??????????? ???g???|??????????BFE??????????????????????????????????????????????????m???j?j???k????????tunnel?vic???j???????????0???0???j???j??LegacyDriver?????i?j ?j?k?????????k???j???k??????????????? ???????j???????????j?,????????P????????????k???k??LegacyDriver?e????N??k?????????D??????X?????????????*6to4mp??n???????y???????k??????????USB????????? ?u???????z???e?h?j?k???????????????????n?????u??? Z??????C?????etB??????????WimFltr??8??????????????Microsoft????????e??????????????????????????????? ???????k?????k????xk?,??????????e? ???????V???????????????????????? ???????k???????????j?,????????N???????????LegacyDriver?????????????o?o?o?????k?&??????????????s????????_???%???e???????t??tunnel???????k???k???k??FltM gr???????h?j?k?k???????????????????g?9???????z???????????4????????????????????????????N??m?????????D?????????????p?{?????????????????k???????????????? ???????????????????????????????????????????????????z??LegacyDriver??????4??j?????g??????X?????????????usbccgp?????MEDIA???A???????FF??????00???????k?
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???s?u??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????? ?????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????? ?????????????? ???e???i?????43B???$???e??????????????????????????ACPI\PNP0B00?*PNP0B00???????? .??e???s?????ach??RMCAST?75}???$???e???????????????????????????????e???????????f?f?f???????u???e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????$???e???????????????????????????0???#??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????$???e????????????????????????????N??e???????????????????e???3???e??????$???4????? ??????? ??????????????? ????????????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???z????? ???????y?????w????????????????????????????????????? ???????{?????{????????????????????????????????? ???????{???????????'???????????????????'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow| Desc=Network rules for outbound TCP traffic from AxInstSV|??????V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|???? ???{??????????2???? ???{??????????3????????{???????????1??? ???{??????????4??????????{????? ???????{?????{????????????????????????????? ???????{????????k???????????@?????????????V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|????V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|?e??V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|?????V2.0|Action=Block|Dir=Out|App=%SystemRoot%\

---- EOF - GMER 1.0.15 ----

Xellar · 19.05.2010, 12:58

Log von OSAM !

cosinus · 19.05.2010, 13:47

Das OSAM Log geht i.O., GMER sieht zwar am Ende komisch aus, aber das macht mir keine allzu großen Sorgen, ich denke das Tool hatte da nen kleinen Fehltritt.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Xellar · 19.05.2010, 13:52

alles klärchen cheffe..

klasse

mein pc is jetz wieder super schnell...der

is vorbei
xDD

ich lass jetz mal Malwarebytes laufen und danach das andere proggi

19.05.2010, 12:11	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google ist Langsam und leitet um auf dubiose seiten Ok. Bitte weitermachen mit GMER und OSAM. __________________ __________________

Google ist Langsam und leitet um auf dubiose seiten

Log-Analyse und Auswertung: Google ist Langsam und leitet um auf dubiose seiten