| |
| |||||||
Log-Analyse und Auswertung: Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.05.2011, 08:35
| #31 | |
 |  Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
Mann, ist das alles anstrengend. Es dauert jetzt schon mehrere Tage und die ganze Zeit bin ich dadurch nicht arbeitsfähig. Ich hoffe es läuft bald wieder. So, unhide ist durch. Keine Datei von MBR auf dem Desktop. Und nun? |
|
14.05.2011, 17:00
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.
__________________Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ |
|
14.05.2011, 18:17
| #33 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Erledigt. Bei MBRCheck kann ich wieder kein File finden. Deshalb als Screen angehängt. DAs andere Programm führe ich gleich auch noch aus. Muss erst mal Abendbrot mit Frau und Kinder einnehmen.
__________________ |
|
14.05.2011, 18:58
| #34 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? erster Teil: GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover Rootkit scan 2011-05-14 19:57:03 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 Running: gkh9om3r.exe; Driver: C:\Users\Bjoern\AppData\Local\Temp\ugriipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8384F589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83874092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE peauth.sys A1C4302C 102 Bytes JMP D146689B ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpAddRequestHeadersA 777D9ABA 5 Bytes JMP 003E18D5 .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpAddRequestHeadersW 777E0848 5 Bytes JMP 003E1A9D .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!CreateWindowExW 77230E51 5 Bytes JMP 68EF8197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!DialogBoxIndirectParamW 77254AA7 5 Bytes JMP 6901FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!DialogBoxParamW 7725564A 5 Bytes JMP 68E14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!DialogBoxParamA 7726CF6A 5 Bytes JMP 6901FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!DialogBoxIndirectParamA 7726D29C 5 Bytes JMP 6901FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!MessageBoxIndirectA 7727E8C9 5 Bytes JMP 6901FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!MessageBoxIndirectW 7727E9C3 5 Bytes JMP 6901FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!MessageBoxExA 7727EA29 5 Bytes JMP 6901FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] USER32.dll!MessageBoxExW 7727EA4D 5 Bytes JMP 6901FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!closesocket 77013BED 5 Bytes JMP 005C000A .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!recv 770147DF 5 Bytes JMP 005A000A .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!connect 770148BE 5 Bytes JMP 005B000A .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!getaddrinfo 77016737 5 Bytes JMP 005F000A .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!send 7701C4C8 5 Bytes JMP 005D000A .text C:\Program Files\Internet Explorer\iexplore.exe[4704] WS2_32.dll!gethostbyname 77027133 5 Bytes JMP 005E000A .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CreateDialogParamW 77229BFF 5 Bytes JMP 68E4C5A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!EnableWindow 7722A72E 5 Bytes JMP 68E4C523 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!GetAsyncKeyState 7722C09A 5 Bytes JMP 68E0D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 68F083A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CallNextHookEx 7722CC8F 5 Bytes JMP 68EE9D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CreateWindowExW 77230E51 5 Bytes JMP 68EF8197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 68EA463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!GetKeyState 77234FDA 5 Bytes JMP 68E4D79A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!IsDialogMessageW 77236F06 5 Bytes JMP 68E14284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CreateDialogParamA 77243E79 5 Bytes JMP 69020ACE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!IsDialogMessage 7724407A 5 Bytes JMP 6902036F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CreateDialogIndirectParamA 77249110 5 Bytes JMP 69020B05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!CreateDialogIndirectParamW 772508AD 5 Bytes JMP 69020B3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!DialogBoxIndirectParamW 77254AA7 5 Bytes JMP 6901FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!EndDialog 7725555C 5 Bytes JMP 68E15AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!DialogBoxParamW 7725564A 5 Bytes JMP 68E14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!SetKeyboardState 77256B52 5 Bytes JMP 690206D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!SendInput 77257055 5 Bytes JMP 69021298 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!SetCursorPos 7726C1D8 5 Bytes JMP 690212F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!DialogBoxParamA 7726CF6A 5 Bytes JMP 6901FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!DialogBoxIndirectParamA 7726D29C 5 Bytes JMP 6901FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!MessageBoxIndirectA 7727E8C9 5 Bytes JMP 6901FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!MessageBoxIndirectW 7727E9C3 5 Bytes JMP 6901FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!MessageBoxExA 7727EA29 5 Bytes JMP 6901FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!MessageBoxExW 7727EA4D 5 Bytes JMP 6901FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] USER32.dll!keybd_event 7727EC9B 5 Bytes JMP 69021623 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHChangeNotification_Lock + 2A62 75FA98E8 4 Bytes [11, 36, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHChangeNotification_Lock + 2A6A 75FA98F0 4 Bytes [5F, 35, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHChangeNotification_Lock + 2B46 75FA99CC 4 Bytes [11, 36, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHChangeNotification_Lock + 2B4E 75FA99D4 4 Bytes [5F, 35, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHChangeNotification_Lock + 2B56 75FA99DC 4 Bytes [11, 36, 65, 65] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHGetDesktopFolder + 55D 75FAD08C 4 Bytes [11, 36, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] SHELL32.dll!SHGetDesktopFolder + 565 75FAD094 4 Bytes [5F, 35, 65, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[4776] ole32.dll!OleLoadFromStream 76B65BF6 5 Bytes JMP 6902022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] ole32.dll!CoCreateInstance 76BB590C 5 Bytes JMP 68EF8C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!closesocket 77013BED 5 Bytes JMP 64D0EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!socket 77013F00 5 Bytes JMP 64D0E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!recv 770147DF 5 Bytes JMP 64D0F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!connect 770148BE 5 Bytes JMP 64D0E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!getaddrinfo 77016737 5 Bytes JMP 64D0E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!send 7701C4C8 5 Bytes JMP 64D0E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4776] WS2_32.dll!gethostbyname 77027133 5 Bytes JMP 0079000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1904] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B65E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [65643932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [65641ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6563C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [65643B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6564595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [656447A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [65644EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [65641D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6563F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [65641BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [656406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6563FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [65641ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [65641A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [65640043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [65640CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [65643932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [65641BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [656406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [65641BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [65640CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [65642ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6563F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6563F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6563FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [65641A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [65641ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [65644EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [656447A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6563DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [656406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [65643932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6563DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6563DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [65640571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [65641D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6563DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [656441F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6564595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [65644735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [65644B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6564823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [656489C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [65648584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [65647E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [65648CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [656490D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [65647C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [65648D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [65647F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6564794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [65647D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [65648898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [656486C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [65648760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [65647EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [65649B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6564958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [656499D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [65648026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [65647F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [65647AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [656497FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [65647BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [65649C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [656498B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [656477ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [656496FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [656481EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [656480BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [65648286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [65648D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [65647DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [65648F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6564892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [65649A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [656492E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [65649E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [65648E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [65647B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [65649029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6564789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [656483BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6564861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [65648A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [65648454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [656484EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [65649974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [65648EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6563D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [65640F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [65641904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6564141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [65641A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [656409C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6563FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6563F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6563F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [656427FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [65641BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6563F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6563EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6563E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [65642ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [656427DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6563E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [65640043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6563EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [65641BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [65641A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [65649974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [65649916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [65648A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [65648D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [65648E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [65647D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [65648FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [65649E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [65649029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [65649E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [65647C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4776] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [65639F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) |
|
14.05.2011, 19:00
| #35 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? zweiter Teil: ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000143 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:284] 87C37E7A Thread System [4:288] 87C3A008 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ????????? ????????????????????????"?????p???????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????????*6to4mp?????? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0188?????????????? ????????????N?????????????????{FCE56CD5-5754-47EB-B556-12812C2256DC}??????????????????????????? ?????????????????????????????????????kad????????)?????????? ?????????????????????1????????????&????????????????????????????????????????????????9??D0??????????????????ev??? ?????????????????????1????????????&????????????????????c??? ?????????????????????1????????????????????????????? ?????????????????????1????????z????????????????????????????8??2F????z??????1??87??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?5?????? ?????c???e??tunnel?968??? .??????A?????-8C??Microsoft-6zu4-Adapter?6_{??????????????????????????????????????????ic??? ?????????????????????1??????????????????????????????????????????????????????1C-A7C1-A901??? ?????????????????????1????????.???????????????????? p Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ????0E??*6to4mp?A???????????????Microsoft-6zu4-Adapter???????????????-??E4??? b?????????????????Microsoft-6zu4-Adapter????????N??????d???????????????n??System Reserved?Ne???u?u?u?u?u?u?????u??????2D??????70???????????8??BF????N???????????D???????N???????????D?????????6????????C??????S ??????4D???????2????????????????????N???????????D???????N???????????D? ??? ?????????????????????????????????????????????????????????z??????1??43??@volsnap.inf,%storage\volumesnapshot.devicedesc%;Standard-Volumeschattenkopie???????????????????????????????????? ????????????????????????????????????????????sD3-??6.1.7600.16385??"{??? ???????????????????????????????????????f??? ?????????????????????1??L????????? ??????69?????????????????0-47??? ?????????????????????1????????????&????????????????????c??? ?????????????????????1????????????????????? ?????????????????????1????????z???????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?5????????????????????.????????????????????????? ? ?????????????????????1????????????&?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ????????????cb??????4D???????????B???????|???5???????2???????????????????????????????????????????????????????????????????????????????????????0??}????? ?????????????s?????????????B???e???????????6??s???????????????????????????????????????????????????6-???????????B???????????????????????????9???e??? ??7???????????x?????6?????????????16??Microsoft-6zu4-Adapter #55?6?2???????????3???????????????????????????????????????????????4???h??nettun.inf?53???????? ?????????????????????1?????????????????????????????0??????}"??? ?????????????????????1?????????????????????????????????????????????????????????8??B0???????????"??3-??@nettun.inf,%msft%;Microsoft?e???????????_??????????*6to4mp?A-??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????-??8C???????????9??????? ?????????????????????,????????????'???????????????????????? p?????????????????? "?????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????*6to4mp?????? ? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????????????????????????????????????p????????k???????e??????????????????? ???????s?????s?????s?????????????? ????????????????????????e??? ???????s???????????s???????????????????????????s???????????r??CSMI=None;????????????????5??????u?u?u???s??????????????? ???????s???????????s?????????????????????????????s???s????? ???????o?????s????????????????V???????????system32\DRIVERS\AgileVpn.sys???Video Save???????? ??U??????p????s???s??WAN Miniport (IKEv2)??????^??t?????????n?????????????????????????????s???????\??????????????????@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100???????????p???????????????????s??????s???? ???????s?????s???????????????????? ?????? ???????s????? ???????s??????????????????????????????????????????????? ???????s???????? ??s????????r?p??? ?????????????H??s?????????????????????????4?????????? ???????????????????H??s???????????/?????????????4?????????? ???????????????????0??s???????????????????????????????????????????9p??s????????????????????????????????/????????????????\???(??????P???? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????6-21-2006????????????0?????????e????oem29.inf:Realtek.NTx86.6.1:RTL8192su.ndi:1086.27.708.2010:usb\vid_0bda&pid_8172?l??Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter?lle??????????????????netvwifibus.inf?????\??\USB#VID_0C45&PID_6310#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}t?7??USB 2.0 Camera???????????????????????????????????????????????????????????????????i???????i???????i??Microsoft???? ???????????????????????????????????????f??????????????????????????????????????????????\\?\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{9B39C062-67DE-4F66-B3E4-631758B5B88C}?AC????????????X??????????t????????????????????z??????????????????????????????????????v???m???????????l??s???????????????????#????????}?? ?????????2??????ic???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????ma??{17CCA71B-ECD7-11D0-B908-00A0C9223196}???????????????0???????t??????????????????volsnap.inf???? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???????????????????????????????{?????????u??? ???????o?????u?????p??????????`????????r???u???????????????????&??Virtual WiFi Filter Driver?A92??Net??????????????????u???z???u????X??????&???t??11???????????u???????????-??tA??????????????????????Virtueller WiFi-Bustreiber?ers\vwifibus.sys,-257????system32\DRIVERS\vwifimp.sys??????X??????v???t???????????????????????????????w??????????????.s???u???????u??? ???????|???????????u????????,?D??? ???????????? D??u??????????????%SystemRoot%\System32\termsrv.dll????????????????????????????u?u????? ???????|???????? ??u??????????(??????????e?????????u??????e???CloseTSObject????????????????????t??3728??????(??u???????t??CollectTSObjectData?????????????????????????? ??u???u?????????u??????????OpenTSObject?????????u???????y??perfts.dll??????????????????t??????????????????e?????????u?????????e????tslabels.ini????? ??????????????????? ??????????????r????????????????????????? ??u?????????t?????u????????????????p??????u?u?u?u?u?u?u?u?u?u?u?u?u??? ???????o?????u?? ??u????????$???? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???????????????????g????????16???????????????????????????c???f???????????????????????u??????????????????????????????????????????6??????????????g?????? ?????????????????o???????????????????????o????????????????????????????192.168.137.1???????????????????????p????????p???????5??????????????t??????????? ????t???????????? ???i???????????e???????????#???#???????????????????????????s?j?s?t?t?t?t??@%systemroot%\system32\srvsvc.dll,-102???????????t????D??t????????????????T??u????????h??????????????????????????????????????????????????_??????????????????????????????????????????????? y??????????????n???????????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t???????????????????????????????????????t???????????6??%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation????????? ?????????????J??t???-??????????@%SystemRoot%\ehome\ehr Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????????????\\?\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}?{????$??????F???????3????????????????????z?????????ce??tunnel??????\\?\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{49261078-1006-489F-B846-6D73062FC432}?????\\?\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{17B94FBC-5751-4AA4-92E6-BDD69F39CEF8}?tB??\\?\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{B42BF4A9-6AEA-431D-B8AF-C28F94F97550}?in??\\?\Root#*6TO4MP#0021#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A17F9CD0-E82D-45A6-A3F4-D08DBECDF4A1}?????\\?\Root#*6TO4MP#0022#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{2D1C22C8-0A8F-4563-9A21-B98B98D6374C}?SB??\\?\Root#*6TO4MP#0023#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5EE76FB8-FBCF-4509-AC65-998A7DBE07B5}?A7??\\?\Root#*6TO4MP#0024#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5F3857CA-03B1-46DC-995E-243E89E97AE0}?hi??\\?\Root#*6TO4MP#0025#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0D3A1162-D85F-4895-90F7-0A3A633C4D65}?????\\?\Root#*6TO4MP#0026#{ad498944-762f-11 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????B???????????????????+?s????????????? ???????o?????s?????s????????$???????????????????T??s?????????e????@%systemroot%\system32\IPBusEnum.dll,-102????????s????????h?????%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted?????T??s?????????n????@%systemroot%\system32\IPBusEnum.dll,-103???? ???s??????????????????????????????????????????????t????????s?????????????? ????????????????s???????????e??RpcSs?fdPHost????????????????s????????????????,??s???????????????????????????????????????s??????????????????SeChangeNot ifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeLoadDriverPrivilege?????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????s????????,?H??? ???????????? H??s??????????????%SystemRoot%\system32\ipbusenum.dll?????????????????????????????? ???????s???????????s?????????????????????????????????p???????????????????? ??????????????(??????P?????????????????????????? ????????????????????????"?????p???????-4????X??????4??????????????? ????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????? ????????????????????????.???????????????????s?????? ?????????????????????-??????"??????????????????????A????????y08E??? ?????????????????????-?????????????????????????n??? ?????????????????????-????????N???????????? ????????????????????????????????I x8???????????B??s-??? l??????c?????t?-???????????????????????9??????{9??????????????????????????? ???????????????????????????????????????f????????????????55B9????N??????-?????DA0??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5AF??? ???????1?????????????,????????$?f?<???????????????????????????????-8??? ?????????????????????,????????z?????#B09????$??????5???????A??Root\*6TO4MP\0100?????z??????7??????{D??\\?\Root#*6TO4MP#0100#{cac88484-7515-4c03-82e6-71a87abac361}?-??? ???????1?????????????,??N?????$?f?<???????????????????????????????3-??? ?????????????????????,????????????'????????????????????}????$??????9???????A??Root\*6TO4MP\0100????????????????D??????-4??\\?\Root#*6TO4MP#0100#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A61AFA56-124D-4488-850F-251B05536611}?2}? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????tunnel??????int?????? ????????????????????????????$?N?B?????????????????????? ???????|???????????l?:??????????Z?&???????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{70C2F948-853C-440A-9BA8-3CA5480BA5EF}] DATAGRAM 181?2??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B9F9470F-2723-47D1-B05E-37AC45566EA4}] SEQPACKET 180???? ???y???0??????t\??????????????????????11??????????????????????????????????????????? ???????}???????????k????????"?????????????2F????N??????d????????????N?????????????????????????????? ???????}???????????k????????"??????????????????????????-????????m?????????????????????????? ???????}???????????k????????"?????????????? ??????????????????????????????? ???????}???????????k????????"???v?????????ce???????????N????????m?????????????????? ?????????????????????1????????????&????????????????????E??? ?????????????????????1?????????????????????????????B??8C??nettun.inf???s???????????????"???t??? ??????????????????????????????"??? ???????????? ??????????????????tunnel??????? "?????????????????ndi Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}?T_T??? ???????????????????????????? ?????????9}??{4d36e967-e325-11ce-bfc1-08002be10318}\0009?-C???????????}???h??disk.inf?T??????? ?????????????????????1????????????&????????????????????p??? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????????????T??ip???????????????F??9B??disk.inf?C??? ???????e?????Net??disk_install?C??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????e??et???????????B??92??disk_install?4??? ???????2??????te??.NT?et??? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????.NT?????????????????????????Microsoft???? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????Microsoft???????????????????????????????? ??????????????????6-21-2006?????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????????5}??????????{4d36e972-e325-11ce-bfc1-08002be10318}\0038?? ??{5EE76FB8-FBCF-4509-AC65-998A7DBE07B5}???????????????????????s???????????????????????????????????????O??????????? ?????????????????????1?????????????????????????????0??07??????????????????????????? ????????????????????????????????????????????s?????? ???????????????????????????????????????f??? ?????????????????????1??L????????? ???????????? ?????????????????????1????????????&???????????????????????????????? ?????????????????????1????????????????????????????? ???????????????????k?1????????????????????? ???????????????????u?1????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????ic??{77F7F122-20B0-4117-A2FB-059D1FC88256}?????????????????????????e???????????????????????????e??????????????????????????I?????? ?????????????????????1????????????????????????????Microsoft???? ? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ?????l???????????B??????66?????????????????s?????????????1??43???????????e?????s_T???????????T??????????????????????????????????????el???????????i??_{ ??_{???????????????????b???????i???????????????????????????????_????????????z??????6??6F???????????N??_{???????????F??-B????8?????????????16??????????????????????NN??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????8??BF??????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????????????A??18??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????"??{3??????????????E5??? ?????????????????????1??????????????????????????????????????????????????????(?isatap.fri??? ?????????????????????1????????????????????????????? ???????}???????????n????????"?????????????????? x??????5???????H??disk_install?C????z??????{??????15????????????N??????-????D948??? ???????0??????9F??? ????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????6??1F??????????? ???????/???????????????????????? ???????????2?????????????? ???????Z?????????????1??????????A?&???????????????????????????????????????usb\class_08&subclass_06&prot_50????USBSTOR_BULK????? ???????@???????????????????? ?????????????????#???????????????????? ????????????????????????????????????N??????s?????DAT??????????????????lBIOS [\Device\NetBT_Tcpip_{8EB3CA0B-8302-442D-859C-C20FBBD4C07D}] SEQPACKET 12?????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EE79B2C2-AD69-41FF-B4C0-75933199356B}] SEQPACKET 144??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????????? ??????????????????? ???????????????????????????????????????f??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????1?????????????,????????$?a?<???????????????????????????????????? ?????????????????????,????????z?????#???????.???? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ??????????<???????????h??????? ????????????e?????????????????e???????????????e??*6to4mp??e??????????Root\*6TO4MP\0107???Typ?????????????????4?????X?????????????????????*6to4mp?????? ?????????6????????????????????????????????????????????????pip????,??????6???????}???????????s???p??????????????? ???????n????? 74????:????????g?????????t??cdrom.inf_x86_neutral_db87d184bc84f910???????????????n??????11????????????????????????????????????m??????????????????????? ???????????????????????B??? ???????o???????? ???????????$???H??????????????????B??????????????????????????????????????????????????? ???????????????????????????????u??????s????????????????????????????g???e??? ???????v????????????N??????????????????????????????????????i??????????????? J?????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3CB60E18-4D9A-46E3-87EA-BD2CCA77DD9D}] DATAGRAM 207????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CD86123-C752-4D3A-AC4B-1AFD2268F534}] SEQPACKET 215?????????????$??????t??????????????????? ????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????????????? ???????3????????????N??????i????D?????????????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6 =LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|????? ????????????????????????????&?????????????? ?????????????????????,??????????????2EF8??? ?????????????????????,??????????????32FC??? ?????????????????????,??????????????433D??? ?????????????????????,??????????????5280???????????}????????????????[\De????N??????T?????D{B??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?AGR??????#???? ?????????????????????,????????????????ev???????????????A?????? 2??? ??????????????????????????????????????????????Protocol Failures over net.tcp?Protocol Failures over net.pipe?Dispatch Failures over net.tcp?Dispatch Failures over net.pipe?Connections Dispatched over net.tcp?Connections Dispatched over net.pipe?Connections Accepted over net.tcp?Connections Accept Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????? ???j?6???j???j????????????{4d36e972-e325-11ce-bfc1-08002be10318}??{0??tunnel?899??????T ??6.1.7600.16385??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?EF9??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter??????????????f?????s?f????N??????3????D-B0??? ???????9?????B30??30??????{3???????????????????????????????e?e?g?h?h?h?l?l?l???l???????????????????????????????A?????? 2??? ??G????b??????xc??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????*6to4mp?????*6to4mp??????????????????????5??9-??????????????????16??????16??tunnel??????????????????????????????????\Device\{07E93C2A-5908-45D1-8295-6E932D7EC916}??ac??????????????????lBIOS [\Device\NetBT_Tcpip_{8EB3CA0B-8302-442D-859C-C20FBBD4C07D}] SEQPACKET 12?????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B5D69215-B851-4929-8885-30576AE8DEE6}] SEQPACKET 166?????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????s????????????????????l??????? ??????46??Microsoft????????????????????????????T??????{B??????????24??{4d36e972-e325-11ce-bfc1-08002be10318}\0155??&????:????????g????tunnel??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?7A8????8??????D???????????????????????j??? p????????????FCF???????j????N???????????????????:??????7?g-F??? ????????????????????N?????????????????????????int?????STK02H Camera??????????????????????????????????????????w?????????g??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?1A??????????????????????????????????????????????????? p??????}?????ice??? ???????7?????F-E??? ???????2?????A-4??????????????s???????-4??*6to4mp?????????FA??????????*6to4mp??????? ?????????????@machine.inf,%*pnp0c02.devicedesc%;Hauptplatinenressourcen?????????????????????s??????N??????R????D25D??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%6t Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????p???????????????????????Net???????<???????????h??????? ??????k??????????????????????text??????????????????????????????????????????*??????p????d_50??????????int???????????????P????????????n????????????????? '??el????X??????????????????n???????????e???e??nettun.inf??????PCI-Bus-Treiber???????????????(??????????u??????????????????????n|??????????????????????????????????????????????????????????tunnel???????????????.??s???text?l ???????????????????????????????????????f?n?u?{?|?|?l????????????????????????????????????X??????????t???????????????????????????????0??????????????*6to 4mp?????? ??????????????????????????????????????????08???????????????????????????????B??????A1??????????????????????????? ???????????????????????????????????????f????????????????442D????N??????B?????D}"??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??"{??? ???????1?????????????,????????$?F?<???????????????????????????????22??? ?????????????????????,????????z?????#120??????#???? ?????????????????????1????????z?????????????z?????????? ??nettun.inf: Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ????????Net?????????????*6to4mp?????????????????????????????7?????N???????????D?????tunnel???????????????B????????)?????? h?????????????????? h?????????????????@umbus.inf,%ms%;Microsoft???t???*6to4mp?????????????????????????????????????????????????????????????????????????????????Net????????? ??????????????????????????????X??????????t??????????????????????LocalSystem?????????????????????????? ???????@????????????????????$?N?_???????????????????????????????N?????????????????????? P?????????????????{B3951ABB-815B-4566-96B2-214A289E160D}??%i????*??????a????d%;M??TCPIP6TUNNEL?Tcpip6?????\Device\{B3951ABB-815B-4566-96B2-214A289E160D}???R??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter???????8?????????????16??tunnel??????*6to4mp?tt???????????????????????????????????????????????????????????????e??????? ???????U?????????????,????????$?:?<???????????????????????????????74??????????????????????Volume?ED6??fritz.box???????????????????????s????? ??????{??37??????????????????????????????????????????d?????&??????l? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ???0?5??{4d36e96a-e325-11ce-bfc1-08002be10318}\0000?? ??? ?????????????5?????!????0?????N???$????????????????????????5?5????????? ???????4?????4???????1??L????????? ??????0?0?????4???4???0????????? ???????0?????5???????1????????????&??????????????????????????-???-???6??????????0??@???????????6?6?6???5?5?????6?6?????5?5?5??????????????????????s????????????1??????? ???????V??nvcod165.dll,NVCoInstaller???????????????; ??????????-?????????????)?????????????????????s??????????????????? ???????0???????????0??????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?riv?????5?????????V?????0?????????0??? ???????0?????0???????1??????????????????????????????????????,??0??????????? ???????0???????????#?1?????????????????????????0???????0??Microsoft????????0???????????s??????????? ???0??????????????6-21-2006??????0???????0?????0??? ???????0?????0???????1????????????????????? ???????0???????????#?1?????????????????????????????a??LS???????0???0???0??? ???0??? ???????.??6.1.7600.16385??????? ???????0?????0???????1??????? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ???0?V???5?6?0????"??0?????????????????e?????\?`??????`?????????????*6to4mp?-4???????????8??????F2??intelppm????11??????????????????????11???????????????????e???????????????-???????-???e?e?@??????0????????????f????*??0???????????????????????????0???????????????????????????????????????????e???????????????????????????????6?????????? ?.???????.???.??mouclass????STHDA???oem8.inf?????????????????????????5???????0???.???????.??4&2cd2afe8&0?7????>??8???.?g?.???8?9?4???e?eA?????P??????? ??????? ???????.?????v??????????$?????????5???????????????????????????_???????????????????lBIOS [\Device\NetBT_Tcpip_{8EB3CA0B-8302-442D-859C-C20FBBD4C07D}] SEQPACKET 12?????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7A9288A-8746-41F3-948C-B0B068C12091}] SEQPACKET 1????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????@??????????????2? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ???-??????????????????????????&??5???????????i???????f?f?`??11???????????????u???}??????`???????????{7??????? ???????????6??? P??????(?????801??? ???????5?????5???????1????????????????????iaStor_mobl_Inst?5??? ???????5???????????4?1????????P??????????????????5???5???5???5???5???5???5???5??????Controll??Intel(R) ICH9M-E/M SATA AHCI Controller?CI????N?????? ????D?? ??? ??????? ???????????5??????????T???????????????90?????5??????N??????????????????5????????N??~???????????????5?????5???????.???5???5???5???5????? ???????.???????????4?1?????????????????????????5??????? ??? ???????0?????5???????1????????????????????? ???????5???????????4?1???????????????????????5?????????????????????????5??????????????????eingesteckt in Tastaturanschluss?????5?5??????b??5???4?g?4???????????_??b???? ???????????????? ??5???????? ?B???????????{36fc9e60-c465-11cf-8056-444553540000}\0001?? ????B??5??????????????usbui.dll,USBHubPropPageProvider????? ???????0 ????5???????1????????????&???????????????????????? ???????5?????0???????1??????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n?n???????????n?????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1??????????????????????????????R??n????????h?????????????????????e??????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????@%SystemRoot%\system32\clfs.sys,-100???????????????????n????? ???????n?????n???????1????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????g?1???????????????????????????????????????????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????@%SystemRoot%\system32\clfs.sys,-101???????n????? ???????n?????n???????1????????????????????? ???????n???????????g?1????????????????????????<???????????????AdapterNameClass?s?????n????? ???????f????????????????.??????? ????B????? ???????n??????????????????????????????????????????? ???????n?????n?????m????"?????????????????????????????????t??????????????????????????????????,%m???????????????p????"??n??????p????????w?????????????? ?????????n???????m? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???q?????????????d?????????V2A??????????????e5???????l??Cryptography???????????????np????????????????????????s??????p????????????????????????????????? ??????????????g????????/????????????????????????????????????P??n????????h?????\SystemRoot\system32\DRIVERS\isapnp.sys???????$??n??????p???Boot Bus Extender?????R??n???????????d??machine.inf_x86_neutral_65848c2d7375a720?????l?n?n?n?n?n?n??? ??????????????g?????8??n????????h??????????????o???o??????????????\SystemRoot\system32\DRIVERS\agp440.sys????????o????Intel AHCI Controller????o???????n???0??e2?????o???????s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????n???$|??d????????????????????????????<??????0?g?????????????????????????@???????e??System?????????b????srvnet???????????????p?????s1F??tunnel???v ?????b?????b?b?b????X??f???s???l???????????????????????????????b?????????e????%SystemRoot%\System32\WDI\LogFiles\WdiContextLog.etl????ssmdrv?t????? ?????????????b??????????????????T?????????? ???????b?????b???????,???????????? ???????????? ???????b?????b???????,?? ????????? ???????????? ???????b???????????b?;????????@????????c??Dot3svc?????? @??b??????????e???Ethernet Authentication Service??????b?b????? ???????b???????????b?,????????^?????????????^??b??????????CreateSession,Logon,Logoff,StartShell,EndShell??????? *??b??????????e???Group Policy Service?????b?b?b???????b?????????e????gpsvc???SENS?????b??? ???????b???????????b?0?????????????????????b?b?b???b???????????????????b???A??????Logon,Logoff?????????b?????????e????ProfSvc??????????b???????????A?? ? ???????b???????????b?0????????????????????? 4??b??????????e???System Event Notification????????b??????????Shu Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???np????????????????????????s??????p???????????????????????????????????????????????g????????/????????????????????????????????????P??n????????h?????\SystemRoot\system32\DRIVERS\isapnp.sys???????$??n??????p???Boot Bus Extender?????R??n???????????d??machine.inf_x86_neutral_65848c2d7375a720?????l?n?n?n?n?n?n??? ??????????????g?????8??n????????h??????????????o???o??????????????\SystemRoot\system32\DRIVERS\agp440.sys????????o????Intel AHCI Controller????o???????n???0??e2?????o???????s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2????????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???s?????????????g???????????????????????????????e???????u???u???p?p????????? ???????o?????o???????,???????????????????o?????????????????????o???????????0?????????????o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2???????????????????v????\??o?????????n????????????g???????????????????????t??? ?????o??????p???????????????????system32\DRIVERS\lltdio.sys?????@%systemroot%\system32\drivers\luafv.sys,-100???FSFilter Virtualization?????tunnel???8???? ??e???\??pi??ip??Extended base?????&??o?????????e????????????????t???\SystemRoot\system32\drivers\luafv.sys????????????????????????????????????????????????????????????????????? ???????P??o????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??/???????o??????p???SCS Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????p?????????????????????????????<??????A?gLo??????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#???????????????? ????????????????????????????????????????????sCC0??? ??????????????????????????????????????????? ?????????????????????1??L????????? ??????u?u????????????????s\Sy??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?}#????N??????e????D\ae??????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????F??3E??????????????????? ?????????????????????1???????????????????????????????????\????? ?????????????????????1????????????????????? ??????????????x???Microsoft???????????? ???????? ????????????1????????????&????????????????????_??? ?????????????????????1??????????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???k?p????N??k???.?????????????????????????s???????????????????????????? ??????????s????LegacyDriver???????o?u???k??Net??l???k???????????????k??????????? ???j???1?????1?1???k?????????????????s??????????????????????????????????????????8??p????????h?????LegacyDriver?e??system32\DRIVERS\bowser.sys???????X? ?????????????????????????????????????????????????????????????k?k?k??????????? ???h???.???????????j?k?k?k?k?k?k???j?k?k?k?k?k?k??ROOT\vdrvroot??9BC????8??k????????h??????????k???_??ee???????????k???l?l?k???t?t?????????k?????????? ?????????????????????????k??????s????????????????????C???????????k???l?l?1??? ???????t???????????????????????????k??????????????????????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}\0005??????????k??????s???text????Microsoft????`?b?i?k?k?k?k????N??k????????D??????g?j?k?k?????k???l?l??????????????????????????<??l????? g?????????????3???????e?g?k?k?k???k???????????t??? ???????????????????t???l?l?1??{00000000-0000-0000-0000-000000000000}???????????k???????????????k??????s?????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???l?????????u???u??????????? ???????k?????l?????k????????????I? ?????????????N?????????????????? ???????l???????????k??????????V????????????????e???5???????????????1?????????l?&???????@??????s???netrasa.inf??????????l???????3???l?l?l???????????5?? ?????v???????h???????e??????????6.1.7600.16385?m?m???l???????????????????k???a??????{00000000-0000-0000-0000-000000000000}??????? ??????????????????????????????????? ???????k?????l?????k????????????L?????????????VolumeSnapshot??????? ???????l???????????k??????????N?????????????<??l?????g?????????????????l?l?2?????l?&????X??m???i??? ??{71a27cdd-812a-11d0-bec7-08002be2092f}???????????i???@??????????????????????_n??????????????????????????????????????????o????????~???????l??????????netrasa.inf??????l?l?l??vol ume_install?HID??.NTx86?e?e??????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0000????????????????????s????????????????????????????disk.inf?????????????????????????,??????86???????e??????????WAN Miniport (IPv6)?????Ndi-Mp-Ipv6??????????l???????????????l???????e????? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ???p??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506??????????????????????????????????????????????????????????????????????????????&???????????????????????????????&?????????????????????????????????? ?p??????e???SeaPort??????&???????????????????????????????&????????????????????????????????????????????????????????????????????????????????????????@Fir ewallAPI.dll,-23501???????@FirewallAPI.dll,-23502???????mpssvc?????????&???p????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501???????@FirewallAPI.dll,-23502???????mpssvc?????????????q???q??? ???????o???????????o????????L??????????????&???p?????????????????????????????????????????????????????????????????#????????????????????@FirewallAPI.dll ,-23501??????????????????????????&???p??????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501???? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???l?n????N??k????????D?? ????X??l???0???0????????????????????N??l????????Dt?????????????????????R?????????????t??????????X??l???????e??????????????????? ???????,???????u???????p???????????????????????d????????????????N??l?????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????g?g?g?g?g?h?l?l?l?l?l?????????????????????????????????????????????n?u???k?k?k???l??? ???????k?????l?????k????????????)????????S????? .??k??????????????? ???????l??????????????????????N????????????????j???s???????????k??????????????????????????? ??????????????x????l?l?l?????????????????????l?&??@%SystemRoot%\system32\tcpipcfg.dll,-50004?a27????r??m???4?g?4??????a3???l?l???????????????????????k?&??? ???????k?????l?????k????????????*??????????V??? ??????????????????? ???????l???????????k??????????N???????????? ???????l???????????k??????????N??????????????l?&??? X???????????????????N??m???-????D11c???????4???????l??????????STORAGE\Volume?????????????~????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????ms_agilevpnmini Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ???p?????????????~???????????p???,???????????????D??system32\DRIVERS\ndisuio.sys???????p????????????????????????????????Net??????????????s??s????????? ?????.0???5???.NT??????????????????????p??LocalSystem???????6??p?????????e????i8042prt?}??????????????????????????????????????????????????????t??????? ????.NT?Vo??? ???????o???????????p????????$???N???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t????? ??U??????p?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignP rimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege ??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?O??????k??@%SystemRoot%\syste Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ???l?????????????????????t???????????????????????????????{???????????????????????????????{????????????????????????P???????????h?????????????????t????? ???{???????z???y???????????t???i???t???????z???????z???????z???????z??? ???????t???????????t????????(??????????????????????????????'???????????'??? ???????t???????????t????????F????? ???????????? ??????????????g????#?????????????????????????c????3700??????????????????????????c????????????????????????????????t???t?????!??<?????????????????????c? ???????????????????????????c?????? ??Z??????p??????????????????????????????????????????????????s?????????????'???????'???"??????????????????????????????????<???????????????????????????? ????????????????t???!????????????????????????c??????????????????????????????????t??????????????????<????'???????????????'???"????????????????????????? ?????? ???????????????????????????????????'???????????????'???!??<?????????????????????c?????5110?,????????????????????????c?????? ???????'??????????????????????????????????<????'????????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???n??????b??n?????????n?????????????????????4??t5???????????????????????????n??????????????@%SystemRoot%\system32\drivers\fileinfo.sys,-100?????????????????????????????u??????????????????????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001??????Z??????5????h00}????~????????????e?i???????????????????????????????????{??????????????????????t???usb.inf?????????????@%SystemRoot%\system3 2\drivers\fltmgr.sys,-10000?????????????5?g1c??System32\DRIVERS\fvevol.sys?????IP Network Address Translator????????n???-??25????<??p????????h??????????????????????????u??????{3??????{3???????*???????p??????p?????8??n????????h??????????????u???????+?????????????????????? ????????????????????????usbccgp?????????????????????t???????????????t????n?n?n?n?n?n?n???????????????????????????????v???v???????????????????????????? ????????????R??n????????h?????\SystemRoot\system32\DRIVERS\elxstor.sys?0???????n??????p???SCSI Miniport?????R??n???????????d??elxstor.inf_x86_neutral_4263942b9dfe9077?????n?n?n?n?n?n??????????????????????$??n????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???o?????????????o???????????????????o???-??e5??e5???????????t???????????p??t_??????????????ms????@??o???c????hip_???????????-???????????e???????????r??tO????????????????????????8??o????????h??????????????C?g09????<??o??????????????Laptop-Bjoern???Mausklassentreiber???????????????7??????3-??*ntkern??????????????o???????????????????3?g?3??????ms???????????????2???????????????????v????\??o?????????n????????????g???????????????????????t??? ?????o??????p???????????????????system32\DRIVERS\lltdio.sys?????@%systemroot%\system32\drivers\luafv.sys,-100???FSFilter Virtualization?????tunnel???8???? ??e???\??pi??ip??Extended base?????&??o?????????e????????????????t???\SystemRoot\system32\drivers\luafv.sys????????????????????????????????????????????????????????????????????? ???????P??o????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??/???????o??????p???SCSI Miniport?????P??o???????????d??lsi_fc.inf_x86_neutral_a7088f3644ca646a??????o?o?o?o?o?o????????????????t?????????????????????????????????????????R??o? ???????h???? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???s?t??system32\DRIVERS\netbios.sys?????s?s?s?s?s?s?s??????????????t?????????????????????m??????t????????)?r????????t???s?????s?????????t??????????tu nnel???????????????????????????B???????u???t??? ???????o???????????s??????????^?????????????^??s?????????e????@%SystemRoot%\system32\drivers\irenum.sys,-100????????????????????????????8??s????????h?????system32\drivers\irenum.sys??????????????+???+????????????????????^??s?????????n????@%SystemRoot%\sys tem32\drivers\irenum.sys,-101???????s?s?s?s?s?s????? ???????o???????????n??????????R????????????????s???????:??? D??s???????????????????????n????????m??????????u??system32\drivers\rdpencdd.sys????????s?????????e?????????????????????????????????????????????t??? D????????????????????????????????????l?????????p???????????????????t???t??? ???????o?????s?????s??????????R???????????@%systemroot%\system32\wkssvc.dll,-1001?????System32\DRIVERS\RDPCDD.sys?????@%systemroot%\system32\drivers\RDPENCDD.sys,-101??????b??t?????????n??????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???V?{????<????????g?????g?i?l???????????l?l?l???????????6??.1???i?k?i??{72631e54-78a4-11d0-bcf7-00aa00b7b32a}\0001????????????????????s???????????????????s?????h?i?k???????????????????????????????????????????;???????i??{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????8???????_?i?i?i?i?i?i??? F??i???0?????#{e???7?i?i?i?????j???????d???????e???????????????i???k?k???????????????????????????????????s?-????X??l???&???&???????????????i???y??sv??? ??i???????????????????~?}?????i??????????????? ???m????????????????N??n?????????e?????????????????????8??????-C???????j??????s????????????????s?s?o???????????????????F??????A5???????i??????s???{4d36e97d-e325-11ce-bfc1-08002be10318}\0008?????@compositebus.inf,%msft%;Microsoft??????????????????t??????????????????????????s?????W?h?j?i????????STORAGE\Volume???c??LegacyD river??????????????????????N??i????????D?????????????? ?????? M??STORAGE\Volume???????????????~???????????????Z???????????????????y??s?????N??l?????????D?????????e???????e??? ???m??? ???????4????N??j????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???W????? l??????????????????????????????q????????~??l???3????????<??????|?g????????????????????????????????????????????drmkaud??????????l???3?????????????????? ????????????machine.inf:GENDEV_SYS.NTx86:SWENUM:6.1.7600.16385:root\swenum?:GE???????????????????l?l?????????l??????????PnP-Softwareger?te-Enumerator????l?l?l???????????????e???????????3??????root\swenum??????l?l????Microsoft???? ???????l???????????l????????????????????????s?????VolumeSnapshot??????? ???????l???????????????????????????????f???????l??????? ???????l?????l???????1??L????????? ??????????????l???l???l????????? ???????l?????l???????1????????????&???????????????????????? ???????l?????l???????1????????????????????? ???????l???????????k?1?????????????????????????????????????????l???3???????l?l???????l????? ???????l?????l???????1???????????????????????l???l????? ???????l???????????k?1??????????????????????<??????????D???l??root\rdp_kbd?????l?????l????? ???????l?????l???????1????????????&??????????????????????????l???l????? ???????l?????l??????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???p?{???w?w?w???????p???????p??????????????????????t???? ???????????????????? ??p??????????system32\DRIVERS\mrxsmb10.sys????????????????????B???????????????????? ??`??????p????????????????}??? ??????????????r????????????????????????? ??j?????????t??????????????????????????T???????????h??????r?r?p??? ???????p???????????p??????????????????????????????4?? ?????????? ????\???????????????????? ??????????????????????????? ??????? ????????p?????o???o???p????????? ???????o???????????m??????????T?4??????????????????????????p??\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk-Filtertreiber????????p??????p???Pnp Filter???????p?p?p?p?p?p?p???????u???????????????????p??? ???????o??????????????????????P?6??????????????q??????????????????????????????@%systemroot%\system32\wkssvc.dll,-1004??????????q???????u????6??p????????h??????????p??????op???????????????????????????B??????????????t???????????i8042prt???????p?????p??system32\DRIV ERS\msisadrv.sys???disk.inf????????????????????????????????????????t?? Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ---- |
|
14.05.2011, 19:36
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Dafür ist der MBR erstmal in Ordnung. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? |
|
14.05.2011, 21:46
| #37 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6579 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.05.2011 22:31:04 mbam-log-2011-05-14 (22-31-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 360574 Laufzeit: 1 Stunde(n), 42 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Superantispyware folgt gleich noch. |
|
14.05.2011, 22:55
| #38 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? So, SASW habe ich auch nach Update durchgeführt. Wo ich dort eine Log-Datei finde, weiß ich allerdings nicht. Gefunden hatte er nur diverse Cookies. Das ist komisch, weil er bei jedem Scann Cookies findet und ich derzeit ja gar nicht durch das www surfe sondern nur hier zur Bekämpfung der Malware bin. Im Anhang habe ich mal noch ein Screen vom Verlauf meines IE. Diese Seiten habe ich alle nicht besucht... Ich nehme also an, dass mein System noch immer infiziert ist, oder? |
|
14.05.2011, 23:02
| #39 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Habe jetzt noch mal Avira angeschaut. Dort sind in der Quarantäne noch Dateien. Weiß nicht, was ich damit jetzt machen soll. Screen anbei. |
|
15.05.2011, 11:33
| #40 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.05.2011, 14:46
| #41 | |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/14/2011 at 11:35 PM Application Version : 4.52.1000 Core Rules Database Version : 7058 Trace Rules Database Version: 4870 Scan type : Complete Scan Total Scan Time : 00:46:59 Memory items scanned : 458 Memory threats detected : 0 Registry items scanned : 11222 Registry threats detected : 0 File items scanned : 45475 File threats detected : 35 Adware.Tracking Cookie C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@ad.ad-srv[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@ad.adserver01[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@ad.zanox[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@ad2.adfarm1.adition[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@adfarm1.adition[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@adform[2].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@adx.chip[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@apmebf[2].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@doubleclick[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@mediaplex[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@track.adform[1].txt C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Cookies\Low\helihausen@zanox[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@ad.yieldmanager[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@ad1.adfarm1.adition[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@ad2.adfarm1.adition[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@ad3.adfarm1.adition[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@adfarm1.adition[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@ads.auto-motor-und-sport[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@adserver2.clipkit[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@adx.chip[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@apmebf[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@atdmt[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@bs.serving-sys[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@content.yieldmanager[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@doubleclick[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@mediaplex[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@serving-sys[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@tracking.quisma[2].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@tradedoubler[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@traffictrack[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@webmasterplan[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@www.active-tracking[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@www.googleadservices[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@zanox-affiliate[1].txt C:\Users\Redakteur\AppData\Roaming\Microsoft\Windows\Cookies\Low\redakteur@zanox[1].txt |
|
15.05.2011, 14:50
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 16:30
| #43 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Ja, Avira fand jetzt 4 neue Dateien befallen mit: HEUR/Crypted.E JAVA/Exdoer.BE.2 Hochen jetzt in Quarantäne. Im Verlauf des IE 8 sehe ich, dass mein Laptop weiter lustig im Internet surft. Die Updates von Win 7 wollen nicht so recht. Es wird vorbereitet und beim Neustart wird die Installation der Updates abgebrochen. Im abgesicherten Modus habe ich dann versucht das gleiche hinzubekommen. Dort finde ich aber unter Systemsteuerung kein Windows Updates. Außerdem erhalte ich weiter unregelmäßig diese Fenster mit den Skriptfehlern, die ich eingangs meines Posts beschrieb. Ich bleibe im Status der Verzweiflung! |
|
15.05.2011, 16:36
| #44 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?Zitat:
 Welche Seiten?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 16:56
| #45 |
| | Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Na, das sehe ich am Verlauf von IE8. Dort sind lauter Webseites eingetragen, die ich nicht besucht habe. Hatte ich schon gepostet: hxxp://www.trojaner-board.de/attachments/17642d1305410088-nach-befall-von-tr-kazy-mekml-1-alles-wieder-sauber-webverlauf.jpg |
|
| Themen zu Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? |
| anti-malware, automatisch, befall, dateien, desktop, detected, diverse, explorer, festplatte, infected, leer, link, link geklickt, log, maleware, malwarebytes, musik, neu, nicht mehr, ordner, problem, programme, rechner, scan, sicherheit, system |
Linear-Darstellung
