| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/Crypt.XPACK.Gen on boardWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.03.2010, 12:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner TR/Crypt.XPACK.Gen on board Ok. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2010, 18:11
| #17 |
 | Trojaner TR/Crypt.XPACK.Gen on board Jetzt aber.
__________________ mbam log und SUPERAntiSpyware log Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3926 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 29.03.2010 14:16:53 mbam-log-2010-03-29 (14-16-53).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 139296 Laufzeit: 4 minute(s), 36 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) =============================================== SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/29/2010 at 04:43 PM Application Version : 4.34.1000 Core Rules Database Version : 4743 Trace Rules Database Version: 2555 Scan type : Complete Scan Total Scan Time : 02:14:08 Memory items scanned : 610 Memory threats detected : 0 Registry items scanned : 6435 Registry threats detected : 0 File items scanned : 229906 File threats detected : 46 Adware.Tracking Cookie C:\Dokumente und Einstellungen\****\Cookies\****user@smartadserver[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@doubleclick[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@stats.paypal[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@server.iad.liveperson[3].txt C:\Dokumente und Einstellungen\****\Cookies\****user@zanox[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@server.iad.liveperson[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@fastclick[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@weborama[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@track.effiliation[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.adnet[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@content.yieldmanager[3].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adviva[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@content.yieldmanager[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@specificclick[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ads.medienhaus[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.adition[1].tx C:\Dokumente und Einstellungen\****\Cookies\****user@imrworldwide[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ads.quartermedia[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@serving-sys[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@webmasterplan[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@guj.122.2o7[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.ad-srv[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.zanox[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@eas.apm.emediate[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@track.effiliation[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ww251.smartadserver[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@unitymedia[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@atdmt[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@im.banner.t-online[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@traffictrack[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@2o7[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@mediaplex[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@bs.serving-sys[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@paypal.112.2o7[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@media6degrees[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@xiti[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@tradedoubler[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@apmebf[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adtech[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@www.etracker[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@cdn5.specificclick[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@tracking.quisma[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@zanox-affiliate[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@www.googleadservices[1].txt Geändert von lelon (29.03.2010 um 18:15 Uhr) Grund: del blank lines |
|
29.03.2010, 18:23
| #19 |
| | Trojaner TR/Crypt.XPACK.Gen on board Okay, werde ich machen.  Aber besteht den die möglichkeit das du mir auch sagst was da los ist. Weisst du, ich  zuviel  Wenn es schnell geht bin ich gleich mit dem Log dabei Danke, -Lelon |
|
29.03.2010, 18:50
| #20 |
| | Trojaner TR/Crypt.XPACK.Gen on board Und das OSAM log file Danke. ==============================================0 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/29/2010 at 04:43 PM Application Version : 4.34.1000 Core Rules Database Version : 4743 Trace Rules Database Version: 2555 Scan type : Complete Scan Total Scan Time : 02:14:08 Memory items scanned : 610 Memory threats detected : 0 Registry items scanned : 6435 Registry threats detected : 0 File items scanned : 229906 File threats detected : 46 Adware.Tracking Cookie C:\Dokumente und Einstellungen\****\Cookies\****user@smartadserver[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@doubleclick[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@stats.paypal[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@server.iad.liveperson[3].txt C:\Dokumente und Einstellungen\****\Cookies\****user@zanox[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@server.iad.liveperson[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@fastclick[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@weborama[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@track.effiliation[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.adnet[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@content.yieldmanager[3].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adviva[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@content.yieldmanager[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@specificclick[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ads.medienhaus[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.adition[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@imrworldwide[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ads.quartermedia[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@serving-sys[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@webmasterplan[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@guj.122.2o7[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.ad-srv[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ad.zanox[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@eas.apm.emediate[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@track.effiliation[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@ww251.smartadserver[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@unitymedia[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@atdmt[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@im.banner.t-online[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@traffictrack[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@2o7[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@mediaplex[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@bs.serving-sys[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@paypal.112.2o7[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@media6degrees[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@xiti[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@tradedoubler[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@apmebf[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@adtech[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@www.etracker[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@cdn5.specificclick[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@tracking.quisma[2].txt C:\Dokumente und Einstellungen\****\Cookies\****user@zanox-affiliate[1].txt C:\Dokumente und Einstellungen\****\Cookies\****user@www.googleadservices[1].txt |
|
29.03.2010, 18:59
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen on board Das Log ist von SUPERAntiSpyware und nicht von OSAM...
__________________ --> Trojaner TR/Crypt.XPACK.Gen on board |
|
29.03.2010, 19:05
| #22 |
| | Trojaner TR/Crypt.XPACK.Gen on board Test bestanden SorryReport of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:44:57 on 29.03.2010 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16981 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information) "bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM USB-Fernanschluss" (avmaura) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmaura.sys "catchme" (catchme) - ? - C:\DOKUME~1\****\LOKALE~1\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GMSIPCI" (GMSIPCI) - ? - G:\INSTALL\GMSIPCI.SYS (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MSICPL" (MSICPL) - ? - G:\install4\MSICPL.sys (File not found) "NTACCESS" (NTACCESS) - ? - G:\NTACCESS.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SetupNTGLM7X" (SetupNTGLM7X) - ? - G:\NTGLM7X.sys (File not found) "SSHDRV65" (SSHDRV65) - ? - C:\WINDOWS\system32\drivers\SSHDRV65.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "USB 2710 Camera" (DCamUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emDevice.sys "USB Device Lower Filter" (FiltUSBEMPIA) - "eMPIA Technology Inc." - C:\WINDOWS\System32\DRIVERS\emFilter.sys "USB Still Image Capture Device" (ScanUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emScan.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? - (File not found | COM-object registry key not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FEED82A-42A6-4117-A803-7EC3EB9339E0} "ClientControl Class" - ? - C:\WINDOWS\Downloaded Program Files\IpClientSetting.dll / hxxp://192.168.178.23/plugin/client.cab {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} "QDiagAOLCCUpdateObj Class" - "GTek Technologies Ltd." - C:\WINDOWS\system32\qdiagcc.ocx / hxxp://aolcc.aol.de/computercheckup/qdiagcc.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} "VaPgCtrl Class" - ? - C:\WINDOWS\Downloaded Program Files\VAPGDecoder.dll / hxxp://192.168.178.23/plugin/h263ctrl.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "1&&1 Internet AG Browser Configuration by mquadr.at" - "mquadr.at software engineering und consulting GmbH" - C:\WINDOWS\system32\ieconfig_1und1.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "AOL 9.0 Tray-Symbol.lnk" - "America Online, Inc." - C:\Programme\AOL 9.0\aoltray.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Picture Package VCD Maker.lnk" - "Sony Corporation." - C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 2.0.lnk" - ? - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "StarOffice 8.lnk" - ? - C:\Programme\Sun\StarOffice 8\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "1&1 EasyLogin" - "1&1 Internet AG" - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" - ? - "1&1 EasyLogin" HIDE (File not found) "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe" "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 7.0; Win32; 1&1); GTB6.3; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)" -"hxxp://www.hotwheels.com/games/brakeless/nobrakes.dcr" -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Userinit" - ? - C:\WINDOWS\system32\mssrkv32.exe (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AOLDialer" - "America Online, Inc" - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "emMonitor" - "EMPIA Technology Corporation" - C:\WINDOWS\emMon.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Power Manager" - "Gembird Electronics Ltd." - "C:\Programme\Gembird\Power Manager\pm.exe" -winstartup "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SW20" - ? - C:\WINDOWS\system32\sw20.exe "SW24" - ? - C:\WINDOWS\system32\sw24.exe (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - ? - C:\Programme\Bonjour\mDNSResponder.exe (File not found) "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe "UPnPService" (UPnPService) - ? - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - ? - C:\Programme\Bonjour\mdnsNSP.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
29.03.2010, 19:17
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen on boardCode:
ATTFilter [Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"SSHDRV65" (SSHDRV65) - ? - C:\WINDOWS\system32\drivers\SSHDRV65.sys (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
C:\WINDOWS\system32\drivers\SSHDRV65.sys C:\WINDOWS\system32\drivers\wdica.sys bei Virustotal auswerten. Bitte dann die Ergebnislinks jeder Datei posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 07:10
| #24 |
| | Trojaner TR/Crypt.XPACK.Gen on board So, hier nun das Ergebnis. Das Programm OSAM ist nicht nach setzen der Einstellung "Disable objects using the driver" und setze die darunterliegende Option auf "Always" und dem "Deaktiviere die Einträge die dir dein Helfer in einem Zitat gepostet hat indem du den Haken vor dem Eintrag enfernst. Nach dem Reboot geschieht nichts und kein log erscheint wie in der Anleitung http://www.trojaner-board.de/84180-a...n-manager.html zu lesen ist. Nach Neustart von OSAM erhalte ich die Meldung Operations results: "Deleted entries: HKLM\SYSTEM\CurrentControlSet\Services SSHDRV65 C:\WINDOWS\system32\drivers\SSHDRV65.sys HKLM\SYSTEM\CurrentControlSet\Services WDICA C:\WINDOWS\system32\drivers\WDICA.sys Hier das 1. OSAM log ====================================================== Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 07:42:58 on 30.03.2010 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16981 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information) "bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM USB-Fernanschluss" (avmaura) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmaura.sys "catchme" (catchme) - ? - C:\DOKUME~1\Luis\LOKALE~1\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GMSIPCI" (GMSIPCI) - ? - G:\INSTALL\GMSIPCI.SYS (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MSICPL" (MSICPL) - ? - G:\install4\MSICPL.sys (File not found) "NTACCESS" (NTACCESS) - ? - G:\NTACCESS.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "SetupNTGLM7X" (SetupNTGLM7X) - ? - G:\NTGLM7X.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "USB 2710 Camera" (DCamUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emDevice.sys "USB Device Lower Filter" (FiltUSBEMPIA) - "eMPIA Technology Inc." - C:\WINDOWS\System32\DRIVERS\emFilter.sys "USB Still Image Capture Device" (ScanUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emScan.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? - (File not found | COM-object registry key not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FEED82A-42A6-4117-A803-7EC3EB9339E0} "ClientControl Class" - ? - C:\WINDOWS\Downloaded Program Files\IpClientSetting.dll / hxxp://192.168.178.23/plugin/client.cab {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} "QDiagAOLCCUpdateObj Class" - "GTek Technologies Ltd." - C:\WINDOWS\system32\qdiagcc.ocx / hxxp://aolcc.aol.de/computercheckup/qdiagcc.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} "VaPgCtrl Class" - ? - C:\WINDOWS\Downloaded Program Files\VAPGDecoder.dll / hxxp://192.168.178.23/plugin/h263ctrl.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "1&&1 Internet AG Browser Configuration by mquadr.at" - "mquadr.at software engineering und consulting GmbH" - C:\WINDOWS\system32\ieconfig_1und1.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "AOL 9.0 Tray-Symbol.lnk" - "America Online, Inc." - C:\Programme\AOL 9.0\aoltray.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Picture Package VCD Maker.lnk" - "Sony Corporation." - C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Luis\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 2.0.lnk" - ? - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "StarOffice 8.lnk" - ? - C:\Programme\Sun\StarOffice 8\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "1&1 EasyLogin" - "1&1 Internet AG" - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" - ? - "1&1 EasyLogin" HIDE (File not found) "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe" "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 7.0; Win32; 1&1); GTB6.3; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)" -"hxxp://www.hotwheels.com/games/brakeless/nobrakes.dcr" -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Userinit" - ? - C:\WINDOWS\system32\mssrkv32.exe (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AOLDialer" - "America Online, Inc" - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "emMonitor" - "EMPIA Technology Corporation" - C:\WINDOWS\emMon.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Power Manager" - "Gembird Electronics Ltd." - "C:\Programme\Gembird\Power Manager\pm.exe" -winstartup "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SW20" - ? - C:\WINDOWS\system32\sw20.exe "SW24" - ? - C:\WINDOWS\system32\sw24.exe (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - ? - C:\Programme\Bonjour\mDNSResponder.exe (File not found) "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe "UPnPService" (UPnPService) - ? - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - ? - C:\Programme\Bonjour\mdnsNSP.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ========================================================= Hier das 2. OSAM Log nach dem reboot: ======================================================= Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 07:36:05 on 30.03.2010 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16981 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information) "bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM USB-Fernanschluss" (avmaura) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmaura.sys "catchme" (catchme) - ? - C:\DOKUME~1\Luis\LOKALE~1\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GMSIPCI" (GMSIPCI) - ? - G:\INSTALL\GMSIPCI.SYS (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MSICPL" (MSICPL) - ? - G:\install4\MSICPL.sys (File not found) "NTACCESS" (NTACCESS) - ? - G:\NTACCESS.sys (File not found) "nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "SetupNTGLM7X" (SetupNTGLM7X) - ? - G:\NTGLM7X.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "USB 2710 Camera" (DCamUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emDevice.sys "USB Device Lower Filter" (FiltUSBEMPIA) - "eMPIA Technology Inc." - C:\WINDOWS\System32\DRIVERS\emFilter.sys "USB Still Image Capture Device" (ScanUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emScan.sys (Disabled) "SSHDRV65" (SSHDRV65) - ? - C:\WINDOWS\system32\drivers\SSHDRV65.sys (File found, but it contains no detailed information) (Disabled) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? - (File not found | COM-object registry key not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FEED82A-42A6-4117-A803-7EC3EB9339E0} "ClientControl Class" - ? - C:\WINDOWS\Downloaded Program Files\IpClientSetting.dll / hxxp://192.168.178.23/plugin/client.cab {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} "QDiagAOLCCUpdateObj Class" - "GTek Technologies Ltd." - C:\WINDOWS\system32\qdiagcc.ocx / hxxp://aolcc.aol.de/computercheckup/qdiagcc.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} "VaPgCtrl Class" - ? - C:\WINDOWS\Downloaded Program Files\VAPGDecoder.dll / hxxp://192.168.178.23/plugin/h263ctrl.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "1&&1 Internet AG Browser Configuration by mquadr.at" - "mquadr.at software engineering und consulting GmbH" - C:\WINDOWS\system32\ieconfig_1und1.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "AOL 9.0 Tray-Symbol.lnk" - "America Online, Inc." - C:\Programme\AOL 9.0\aoltray.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Picture Package VCD Maker.lnk" - "Sony Corporation." - C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Luis\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 2.0.lnk" - ? - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "StarOffice 8.lnk" - ? - C:\Programme\Sun\StarOffice 8\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "1&1 EasyLogin" - "1&1 Internet AG" - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe "C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" - ? - "1&1 EasyLogin" HIDE (File not found) "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe" "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 7.0; Win32; 1&1); GTB6.3; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)" -"hxxp://www.hotwheels.com/games/brakeless/nobrakes.dcr" -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Userinit" - ? - C:\WINDOWS\system32\mssrkv32.exe (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AOLDialer" - "America Online, Inc" - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "emMonitor" - "EMPIA Technology Corporation" - C:\WINDOWS\emMon.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "Power Manager" - "Gembird Electronics Ltd." - "C:\Programme\Gembird\Power Manager\pm.exe" -winstartup "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SW20" - ? - C:\WINDOWS\system32\sw20.exe "SW24" - ? - C:\WINDOWS\system32\sw24.exe (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - ? - C:\Programme\Bonjour\mDNSResponder.exe (File not found) "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe "UPnPService" (UPnPService) - ? - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - ? - C:\Programme\Bonjour\mdnsNSP.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ========================================================== Virustotal Analyseergebnis C:\WINDOWS\system32\drivers\SSHDRV65.sys Datei SSHDRV65.sys empfangen 2010.03.30 05:44:37 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 2/42 (4.77%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: ___. Geschätzte Startzeit ist zwischen ___ und ___ . Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.30 - AhnLab-V3 5.0.0.2 2010.03.29 - AntiVir 7.10.5.248 2010.03.29 - Antiy-AVL 2.0.3.7 2010.03.30 - Authentium 5.2.0.5 2010.03.30 - Avast 4.8.1351.0 2010.03.29 - Avast5 5.0.332.0 2010.03.29 - AVG 9.0.0.787 2010.03.29 - BitDefender 7.2 2010.03.30 - CAT-QuickHeal 10.00 2010.03.30 - ClamAV 0.96.0.0-git 2010.03.30 - Comodo 4434 2010.03.30 - DrWeb 5.0.2.03220 2010.03.30 - eSafe 7.0.17.0 2010.03.28 - eTrust-Vet 35.2.7395 2010.03.29 - F-Prot 4.5.1.85 2010.03.29 - F-Secure 9.0.15370.0 2010.03.30 - Fortinet 4.0.14.0 2010.03.29 - GData 19 2010.03.30 - Ikarus T3.1.1.80.0 2010.03.30 - Jiangmin 13.0.900 2010.03.29 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.30 - McAfee 5935 2010.03.29 - McAfee+Artemis 5935 2010.03.29 - McAfee-GW-Edition 6.8.5 2010.03.29 - Microsoft 1.5605 2010.03.30 - NOD32 4983 2010.03.29 - Norman 6.04.10 2010.03.29 - nProtect 2009.1.8.0 2010.03.29 - Panda 10.0.2.2 2010.03.29 Suspicious file PCTools 7.0.3.5 2010.03.30 - Prevx 3.0 2010.03.30 - Rising 22.41.01.01 2010.03.30 RootKit.Win32.Undef.et Sophos 4.52.0 2010.03.30 - Sunbelt 6115 2010.03.30 - Symantec 20091.2.0.41 2010.03.30 - TheHacker 6.5.2.0.247 2010.03.29 - TrendMicro 9.120.0.1004 2010.03.30 - VBA32 3.12.12.2 2010.03.29 - ViRobot 2010.3.29.2250 2010.03.29 - VirusBuster 5.0.27.0 2010.03.29 - weitere Informationen File size: 120320 bytes MD5...: a322501277d7733f5266581b79b8cc79 SHA1..: 31162ee646e632b8d4fd1d470b15b385e4b43465 SHA256: c8d54703d44428f77bb7e2da4d78802e7e908f57ef71df3a97d8e5348ee3bfb1 ssdeep: 1536:8z5R9OiJ5CTexWiT3JuNwb+6oIWkzEotbxmltDwTECq4Y9PtZkdAtxuGuaS :IIixWiT3JuNwaGzEotYltD/nwdAto PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x191e0 timedatestamp.....: 0x4010e49f (Fri Jan 23 09:08:47 2004) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19476 0x19600 6.19 5b21ed7af4e4124e40a0a2f5caeb1602 .rdata 0x1b000 0x1e9 0x200 4.35 4c1ba5a04b6184d55ec616b29711943c .data 0x1c000 0xae0 0x200 2.71 a46fcfd61337ac48de9d44deba8e6cf3 INIT 0x1d000 0x476 0x600 4.43 26ff97797d0294bf73e6f544522f84b1 .reloc 0x1e000 0x313c 0x3200 6.69 6c53d3cca2b27425ba498d2a5f7e0fbd ( 1 imports ) > ntoskrnl.exe: ZwCreateFile, ZwQuerySystemInformation, IoCreateDevice, ObfDereferenceObject, KeSetEvent, IofCompleteRequest, IoCreateSymbolicLink, IoDeleteDevice, IoDeleteSymbolicLink, PsGetCurrentProcessId, KeSetAffinityThread, RtlInitUnicodeString, IoGetDeviceObjectPointer, IoFreeIrp, IoGetAttachedDevice, RtlFreeUnicodeString, KeInitializeEvent, IoBuildSynchronousFsdRequest, KeWaitForSingleObject, ExAllocatePool, IoAllocateIrp, IofCallDriver, MmUnlockPages, IoFreeMdl, ExFreePool, RtlAnsiStringToUnicodeString, RtlInitString, KeNumberProcessors, memmove, ExReleaseResourceLite, IoDetachDevice, ExAcquireResourceExclusiveLite, KdDebuggerEnabled, toupper, strrchr, ExAllocatePoolWithTag, KeGetCurrentThread, ExDeleteResourceLite, IoAttachDeviceByPointer, IoGetRelatedDeviceObject, ZwClose, ObReferenceObjectByHandle, tolower, ExInitializeResourceLite ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Die Datei C:\WINDOWS\system32\drivers\wdica.sys konnte nicht analysiert werden da diese nich mehr vorhanden ist (3 x gechecked). Danke, -Lelon |
|
30.03.2010, 09:53
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen on board Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 11:39
| #26 |
| | Trojaner TR/Crypt.XPACK.Gen on board Arne, das Programm SUPERAntiSpyware läuft ja nun Konkurrent zum Programm AVIRA. Mus ich das SPyWare danach wieder deinstallieren? Und nur zur Info, eine neue Version Malwarebytes (ver. 1.45 deutsch) ist herausgekommen, beim update installiert es sich automatisch und danach muss noch einmal das Update gemacht werden! |
|
30.03.2010, 11:49
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen on board Du kannst SUPERAntiSpyware danach wieder deinstallieren wenn es Dich stört. Solange der Echtzeitschutz von SUPERAntiSpyware aber nicht an ist, sollte es nicht stören. Und ja, Malwarebytes solange aktualisieren, bis es keine Updates mehr findet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 15:13
| #28 |
| | Trojaner TR/Crypt.XPACK.Gen on board Hallo Arne, hier nun das malware log; Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3932 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 30.03.2010 13:10:57 mbam-log-2010-03-30 (13-10-57).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 117007 Laufzeit: 4 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. ======================================================================================== und das SUPERAntiSpyware Scan Log SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/30/2010 at 04:01 PM Application Version : 4.34.1000 Core Rules Database Version : 4748 Trace Rules Database Version: 2560 Scan type : Complete Scan Total Scan Time : 02:44:54 Memory items scanned : 597 Memory threats detected : 0 Registry items scanned : 6439 Registry threats detected : 0 File items scanned : 233161 File threats detected : 31 Adware.Tracking Cookie C:\Dokumente und Einstellungen\****\Cookies\****@smartadserver[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@doubleclick[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@server.iad.liveperson[3].txt C:\Dokumente und Einstellungen\****\Cookies\****@zanox[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@server.iad.liveperson[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@weborama[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@revsci[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@content.yieldmanager[3].txt C:\Dokumente und Einstellungen\****\Cookies\****@content.yieldmanager[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@imrworldwide[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@ad.ad-srv[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@insightexpressai[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@adx.chip[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@ad.zanox[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@tribalfusion[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@ww251.smartadserver[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@atdmt[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@im.banner.t-online[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@2o7[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@mediaplex[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@ads.pointroll[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@advertising[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@apmebf[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@adtech[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@track.webtrekk[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@www.etracker[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@ad.bauerverlag[1].txt C:\Dokumente und Einstellungen\****\Cookies\****@invitemedia[2].txt C:\Dokumente und Einstellungen\****\Cookies\****@pointroll[2].txt Dank und Gruß. -Luis |
|
30.03.2010, 15:47
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Crypt.XPACK.Gen on boardZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2010, 15:53
| #30 |
| | Trojaner TR/Crypt.XPACK.Gen on board incl. der D:\ part oder langt c:\ |
|
| Themen zu Trojaner TR/Crypt.XPACK.Gen on board |
| 0 bytes, 1.exe, adobe, antivir, antivir guard, avira, bho, bonjour, browser, canon, desktop, excel, explorer, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, magix, nvidia, rundll, scan, server, software, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, uleadburninghelper, userinit.exe, windows, windows internet, windows internet explorer, windows xp |
Linear-Darstellung
