Ist mein System virenfrei?

khronuz · 25.01.2008, 15:00

Ich hatte bereits alles sichtbar, habe es nun nochmals überprüft in den Einstellungen und eine erneute Suche nach der 'server.exe' blieb ohne Fund.

Auf meinem Rechner sind eine Reihe von Dateien ähnlich der 'bwgo0002748a.exe'. Sie unterscheiden sich nur in der Zehlenkombination nach den drei führenden Nullen.

Habe die Datei nun Kaspersky geschickt. Zu Avira hatte ich keine Adresse gefunden in dem Link.

Von Kaspersky kam folgende Nachricht zurück:

Hello.
No malicious software was found in the attached file.
-----------------
Regards, Yury Nesmachny
Virus Analyst, Kaspersky Lab.

Mit 'Silent Runners' muss ich mich jetzt erst nochmal in Ruhe auseinandersetzen. Hatte dafür grad wenig Zeit über.
Reiche ich aber noch nach.

TrojanHunter · 25.01.2008, 15:09

moin
Probier mal einen Rootkithunter, evtl. werden diese Dateien vor dir versteckt.
(z.b Blacklight http://www.pcwelt.de/downloads/datenschutz/sicherheit/128506)

khronuz · 25.01.2008, 16:14

Habe Blacklight grad laufen lassen und es hat keine Rootkits gefunden.

khronuz · 26.01.2008, 11:56

"Silent Runners.vbs", revision 55, http://ww*.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"startkey" = "C:\WINNT\system32\server.exe" [file not found]
"LDM" = "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
"ctfmon.exe" = "ctfmon.exe" [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"LVCOMSX" = "C:\WINNT\system32\LVCOMSX.EXE" ["Logitech Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"UpdReg" = "C:\WINNT\Updreg.exe" ["Creative Technology Ltd."]
"CTStartup" = "C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"startkey" = "C:\WINNT\system32\server.exe" [file not found]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ISUSPM Startup" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Nuance Communications, Inc."]
"OpwareSE4" = ""C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"" ["ScanSoft, Inc."]
"EPoXUSDM" = ""C:\Programme\EPoX\USDM\USDM.EXE" "5000"" ["EPoX COMPUTER CO.,LTD."]
"ISUSPM" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -scheduler" ["Macrovision Corporation"]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"F-Secure Manager" = ""C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"F-Secure TNB" = ""C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup\ {++}
"CTStartup" = ""C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE" EAX.AVI" ["Creative Technology Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper"
-> {HKLM...CLSID} = "EWPBrowseObject Class"
\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Eigene Logitech-Bilder"
-> {HKLM...CLSID} = "Eigene Logitech-Bilder"
\InProcServer32\(Default) = "C:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "ShimLayer Property Page"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\winnt\apppatch\slayerui.dll" [MS]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
-> {HKLM...CLSID} = "Registered ActiveX Controls"
\InProcServer32\(Default) = "C:\Programme\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
-> {HKLM...CLSID} = "Developer Studio Components"
\InProcServer32\(Default) = "C:\Programme\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" = "AutoCAD DWG InfoTip Handler"
-> {HKLM...CLSID} = "AcInfoTipHandler"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{8A0BC933-7552-42E2-A228-3BE055777227}" = "AutoCAD DWG Column Handler"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{ADC46291-D8A1-4486-A24C-86FFB392AEFA}" = "Autodesk Dgn File Preview"
-> {HKLM...CLSID} = "AcDgnImageExtractor"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcDgnCOM17.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINNT\system32\AcSignIcon.dll" ["Autodesk, Inc."]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = ""C:\WINNT\system32\vsjitdebugger.exe" -p %ld -e %ld" [MS]
"Auto" = "0"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = "AutoCAD DWG column info"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

Default executables:
--------------------

<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINNT\system32\NOTEPAD.EXE" "%1"" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Dokumente und Einstellungen\Default User\Eigene Dateien\Eigene Bilder\Wallpapers\UFC_wallpaper07.jpg"

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 17, 37
%SystemRoot%\system32\msafd.dll [MS], 18 - 20, 23 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 21 - 22

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{49783ED4-258D-4F9F-BE11-137C18D3E543}\
"ButtonText" = "Titan Poker"
"MenuText" = "Titan Poker"
"Exec" = "C:\Poker\Titan Poker\casino.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programme\BlueSoleil\BTNtService.exe" [null data]
COM+-Ereignissystem, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]}
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINNT\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
F-Secure Automatic Update Agent, FSAUA, ""C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe"" ["F-Secure Corporation"]
F-Secure Management Agent, FSMA, ""C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]
FSGKHS, F-Secure Gatekeeper Handler Starter, ""C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]
HID Input Service, HidServ, "C:\WINNT\system32\hidserv.exe" [MS]
LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe" [empty string]

Accessibility Tools:
--------------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator\
"Application Path" = (empty string) [file not found]
"Display Name" = "Narrator"
"Start with Utility Manager" = dword:0x00000001

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINNT\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor MP830\Driver = "CNMLM7Q.DLL" ["CANON INC."]
Canon MP FAX Language Monitor MP830\Driver = "CNCF2Lb.DLL" ["Canon Inc."]
EPSON V3 2KMonitor302\Driver = "E_SL2302.DLL" ["SEIKO EPSON CORPORATION"]

---------- (launch time: 2008-01-26 11:38:57)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 132 seconds.
---------- (total run time: 167 seconds)

khronuz · 27.01.2008, 14:21

Hat denn der Bericht von 'Silent Runners' irgendetwas zum Vorschein gebracht, was ungewöhnlich ist?

Ist mein System virenfrei?

Log-Analyse und Auswertung: Ist mein System virenfrei?