TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\d3dsloak.dll gefunden

fLuMpi · 29.03.2010, 12:45

Ja, leider hat es auch mich erwischt.

Hab schonmal die diversen threads zu dem Thema hier durchgelesen und versucht mit Hilfe von osam, das Biest zu vertreiben, aber er ist und bleibt leider hartnäkig.

Hier mal der Osam log, vieleicht hab ich was übersehen ???

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" C:\WINDOWS\system32\lsdelete.exe File found, but it contains no detailed information
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "Google Software Updater.job" "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Scheduled Update for Ask Toolbar.job" C:\Programme\Ask.com\UpdateTask.exe File found, but it contains no detailed information
Control Panel Objects
%SystemRoot%\system32
"access.cpl" "Microsoft Corporation" C:\WINDOWS\system32\access.cpl File exists
"appwiz.cpl" "Microsoft Corporation" C:\WINDOWS\system32\appwiz.cpl File exists
"desk.cpl" "Microsoft Corporation" C:\WINDOWS\system32\desk.cpl File exists
"hdwwiz.cpl" "Microsoft Corporation" C:\WINDOWS\system32\hdwwiz.cpl File exists
"inetcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\inetcpl.cpl File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
"intl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\intl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
"joy.cpl" "Microsoft Corporation" C:\WINDOWS\system32\joy.cpl File exists
|||||| "main.cpl" "Microsoft Corporation" C:\WINDOWS\system32\main.cpl File exists
"mmsys.cpl" "Microsoft Corporation" C:\WINDOWS\system32\mmsys.cpl File exists
|||||| "ncpa.cpl" "Microsoft Corporation" C:\WINDOWS\system32\ncpa.cpl File exists
"nusrmgr.cpl" "Microsoft Corporation" C:\WINDOWS\system32\nusrmgr.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\PhysX.cpl File exists
"powercfg.cpl" "Microsoft Corporation" C:\WINDOWS\system32\powercfg.cpl File exists
"sysdm.cpl" "Microsoft Corporation" C:\WINDOWS\system32\sysdm.cpl File exists
|||||| "telephon.cpl" "Microsoft Corporation" C:\WINDOWS\system32\telephon.cpl File exists
"timedate.cpl" "Microsoft Corporation" C:\WINDOWS\system32\timedate.cpl File exists
"wscui.cpl" "Microsoft Corporation" C:\WINDOWS\system32\wscui.cpl File exists
"wuaucpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\wuaucpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "atksgt" (atksgt) C:\WINDOWS\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "aupn0ebs" (aupn0ebs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\aupn0ebs.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"d3dsvch" (d3dsvch) "Microsoft Corporation" C:\WINDOWS\system32\drivers\d3dsvch.sys File exists
|| "ESLvnic Virtual Network 32 Bit" (ESLvnic1) "Turtle Entertainment GmbH" C:\WINDOWS\System32\DRIVERS\ESLvnic.sys File exists
|||||| "File Security Driver" (IKFileSec) "PCTools Research Pty Ltd." C:\WINDOWS\system32\drivers\ikfilesec.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "lirsgt" (lirsgt) C:\WINDOWS\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
|||||| "PCTools KDS" (PCTCore) "PC Tools" C:\WINDOWS\System32\drivers\PCTCore.sys File exists
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\WINDOWS\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
|||||| "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) "Protection Technology" C:\WINDOWS\System32\drivers\sfdrv01.sys File exists
|||||| "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) "Protection Technology" C:\WINDOWS\System32\drivers\sfhlp02.sys File exists
|||||| "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) "Protection Technology" C:\WINDOWS\System32\drivers\sfvfs02.sys File exists
|||||| "System Filter Driver" (IKSysFlt) "PCTools Research Pty Ltd." C:\WINDOWS\System32\drivers\iksysflt.sys File exists
|||||| "System Security Driver" (IKSysSec) "PCTools Research Pty Ltd." C:\WINDOWS\System32\drivers\iksyssec.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" "Microsoft Corporation" %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll File exists
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" "Microsoft Corporation" regsvr32.exe /s /n /i:U shell32.dll File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
HKLM\Software\Classes\Protocols\Handler
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\mshtml.dll File exists
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\mshtml.dll File exists
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\mshtml.dll File exists
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\mshtml.dll File exists
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\mshtml.dll File exists
{76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL File exists
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" "Microsoft Corporation" C:\WINDOWS\system32\occache.dll File exists
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
|||||| {83D96563-DB11-42DF-92F9-32CE7BA54ED8} "Altova Shortcut Drop Handler" "Altova GmbH" C:\WINDOWS\system32\LinkDropHandler.dll File exists
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" "Microsoft Corporation" C:\WINDOWS\system32\wuaucpl.cpl File exists
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
|||||| {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" "Revenger inc." C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll File exists
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File exists
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File exists
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File exists
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File exists
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" "Microsoft Corporation" C:\WINDOWS\system32\mmsys.cpl File exists
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File exists
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File exists
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." D:\tunes\iTunesMiniPlayer.dll File exists
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" "Microsoft Corporation" C:\WINDOWS\system32\cabview.dll File exists
|||||| {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" "Logitech, Inc." C:\Programme\Logitech\SetPoint\kbcplext.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" "Logitech, Inc." C:\Programme\Logitech\SetPoint\mcplext.dll File exists
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File exists
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File exists
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File exists
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" "Microsoft Corporation" C:\WINDOWS\system32\NETSHELL.dll File exists
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" "Microsoft Corporation" C:\WINDOWS\system32\NETSHELL.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" "Microsoft Corporation" C:\WINDOWS\System32\themeui.dll File exists
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File exists
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" "Microsoft Corporation" C:\WINDOWS\system32\wiashext.dll File exists
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" "Microsoft Corporation" C:\WINDOWS\system32\wiashext.dll File exists
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" "Microsoft Corporation" C:\WINDOWS\system32\wiashext.dll File exists
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" "Microsoft Corporation" C:\WINDOWS\system32\wiashext.dll File exists
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" "Microsoft Corporation" C:\WINDOWS\system32\wiashext.dll File exists
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File exists
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File exists
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" "Microsoft Corporation" C:\WINDOWS\system32\fontext.dll File exists
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File exists
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File exists
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" "Microsoft Corporation" C:\WINDOWS\system32\printui.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" "Microsoft Corporation" C:\WINDOWS\system32\ntshrui.dll File exists
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" "Microsoft Corporation" C:\WINDOWS\system32\ntshrui.dll File exists
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{E0E11A09-5CB8-4B6C-8332-E00720A168F2} "Syntaxanalyse der Adressleiste" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File exists
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File exists
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File exists
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
|||||| {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "Microsoft Corporation" C:\WINDOWS\System32\shimgvw.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" "Microsoft Corporation" C:\WINDOWS\System32\stobject.dll File exists
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" "Microsoft Corporation" C:\WINDOWS\system32\webcheck.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
|||| {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
DirectAnimation Java Classes "DirectAnimation Java Classes"
file://C:\WINDOWS\Java\classes\dajava.cab File not found | COM-object registry key not found
|||||| {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll File exists
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
|||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| "ICQ6" "ICQ, LLC." C:\Programme\ICQ6.5\ICQ.exe File exists
"NordicBet Poker" "Microgaming" C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe File exists
|| "PartyPoker.com" C:\Programme\PartyGaming\PartyPoker\RunApp.exe File exists
|||| "PokerStars.net" "PokerStars" C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
|||| "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||| {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
Known DLLs
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
"shell32" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
"url" "Microsoft Corporation" C:\WINDOWS\system32\url.dll File exists
"urlmon" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File exists
"wininet" "Microsoft Corporation" C:\WINDOWS\system32\wininet.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "Logitech SetPoint.lnk" "Logitech, Inc." C:\Programme\Logitech\SetPoint\SetPoint.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\ich\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "OpenOffice.org 3.1.lnk" C:\Programme\OpenOffice.org 3\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists
|||||| "RocketDock.lnk" C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "DAEMON Tools Lite" "DT Soft Ltd" "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun File exists
|||| "ICQ" "ICQ, LLC." "C:\Programme\ICQ6.5\ICQ.exe" silent File exists
|||| "Orb" "Orb Networks" "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background File exists
|||| "Skype" "Skype Technologies S.A." "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized File exists
"Steam" "Valve Corporation" "d:\steam\steam.exe" -silent File exists
|||| "swg" "Google Inc." "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell" "Microsoft Corporation" C:\WINDOWS\Explorer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "36X Raid Configurer" "JMicron Technology Corp." C:\WINDOWS\system32\xRaidSetup.exe boot File exists
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "iTunesHelper" "Apple Inc." "D:\tunes\iTunesHelper.exe" File exists
|||||| "JMB36X IDE Setup" C:\WINDOWS\RaidTool\xInsIDE.exe File found, but it contains no detailed information
|||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre6\bin\jusched.exe" File exists
|||| "WinampAgent" C:\Programme\Winamp\winampa.exe File found, but it contains no detailed information
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "ICQ Service" (ICQ Service) C:\Programme\ICQ6Toolbar\ICQ Service.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "Lavasoft Ad-Aware Service" (aawservice) "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\aawservice.exe File exists
|||||| "Logitech Bluetooth Service" (LBTServ) "Logitech, Inc." C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe File exists
|||| "Machine Debug Manager" (MDM) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE File exists
|||||| "Macromedia Licensing Service" (Macromedia Licensing Service) C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe File exists
"nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\WINDOWS\system32\GameMon.des File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "PC Tools Auxiliary Service" (sdAuxService) "PC Tools" C:\Programme\Spyware Doctor\pctsAuxs.exe File exists
|||||| "PC Tools Security Service" (sdCoreService) "PC Tools" C:\Programme\Spyware Doctor\pctsSvc.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"UIHost" "Microsoft Corporation" C:\WINDOWS\system32\logonui.exe File exists
"VmApplet" "Microsoft Corporation" C:\WINDOWS\system32\sysdm.cpl File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "LBTWlgn" "Logitech, Inc." c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists

cosinus · 29.03.2010, 14:44

Hallo und

Zitat:

|||| "DAEMON Tools Lite" "DT Soft Ltd" "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun File exists

Du hast die Daemontools installiert, möglich dass der Eintrag bzw. das Rootkit daher stammt. Öffne mal OSAM und such den Eintrag aupn0ebs.sys raus. Den rechtsklicken > Dump file as... > aupn0ebs.sys.dmp auf den Desktop und abspeichern. Die gespeicherte Datei bitte bei Virustotal.com hochladen und hier verlinken.

fLuMpi · 29.03.2010, 14:57

hab ich gemacht

scheint nix verdächtiges zu sein
hxxp://www.virustotal.com/de/reanalisis.html?0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d-1269870918

cosinus · 29.03.2010, 15:02

Dien OSAM Log sieht irgendwie merkwürdig aus. Erstell ein neues und poste es.

fLuMpi · 29.03.2010, 15:17

ja der sieht auch beim 2. mal noch so komisch aus leider

Gibts ne andere möglichkeit als Save log und die erzeugte pdf davon stumpf kopieren und hier posten ??

cosinus · 29.03.2010, 15:33

Code:

ATTFilter

"d3dsvch" (d3dsvch) "Microsoft Corporation" C:\WINDOWS\system32\drivers\d3dsvch.sys File exists

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei(en)

C:\WINDOWS\system32\drivers\d3dsvch.sys

bei Virustotal auswerten. Bitte dann Ergebnislink(s) posten.

fLuMpi · 30.03.2010, 09:08

Ja er schlägt an !

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.30 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.5.248 2010.03.29 -
Antiy-AVL 2.0.3.7 2010.03.30 -
Authentium 5.2.0.5 2010.03.30 -
Avast 4.8.1351.0 2010.03.29 Win32:Trojan-gen
Avast5 5.0.332.0 2010.03.29 Win32:Trojan-gen
AVG 9.0.0.787 2010.03.29 -
BitDefender 7.2 2010.03.30 -
CAT-QuickHeal 10.00 2010.03.30 -
ClamAV 0.96.0.0-git 2010.03.30 -
Comodo 4435 2010.03.30 -
DrWeb 5.0.2.03220 2010.03.30 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7396 2010.03.30 -
F-Prot 4.5.1.85 2010.03.29 -
F-Secure 9.0.15370.0 2010.03.30 -
Fortinet 4.0.14.0 2010.03.29 -
GData 19 2010.03.30 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.03.30 -
Jiangmin 13.0.900 2010.03.30 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.30 -
McAfee 5935 2010.03.29 -
McAfee+Artemis 5935 2010.03.29 -
McAfee-GW-Edition 6.8.5 2010.03.29 -
Microsoft 1.5605 2010.03.30 -
NOD32 4983 2010.03.29 a variant of Win32/Agent.QQJ
Norman 6.04.10 2010.03.29 -
nProtect 2009.1.8.0 2010.03.29 Trojan/W32.Agent.497664.T
Panda 10.0.2.2 2010.03.29 -
PCTools 7.0.3.5 2010.03.30 -
Prevx 3.0 2010.03.30 High Risk Rootkit
Rising 22.41.01.03 2010.03.30 -
Sophos 4.52.0 2010.03.30 -
Sunbelt 6115 2010.03.30 -
Symantec 20091.2.0.41 2010.03.30 Suspicious.Insight
TheHacker 6.5.2.0.247 2010.03.29 -
TrendMicro 9.120.0.1004 2010.03.30 -
VBA32 3.12.12.2 2010.03.29 -
ViRobot 2010.3.30.2251 2010.03.30 Trojan.Win32.RT-Agent.497664
VirusBuster 5.0.27.0 2010.03.29 -

Win32:Trojan-gen

Werd den eintrag dann mal komplett rauslöschen und neuen Osam check machen.

Aber schonmal dickes Dankeschön für deine Hilfe!

29.03.2010, 15:02	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\d3dsloak.dll gefunden - Standard$ TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\d3dsloak.dll gefunden Dien OSAM Log sieht irgendwie merkwürdig aus. Erstell ein neues und poste es. __________________ Logfiles bitte immer in CODE-Tags posten

TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\d3dsloak.dll gefunden

Plagegeister aller Art und deren Bekämpfung: TR/Agent.ruo' [trojan] in C:\WINDOWS\system32\d3dsloak.dll gefunden