| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Systemübernahme oder/und Malware? - WIN XPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
01.10.2010, 18:47
| #1 |
 |  Systemübernahme oder/und Malware? - WIN XP Gestern als ich GMER und OSAM angehen wollte, wurde ich erst mal geschockt, als nach dem Hochfahren Internet-Konnektion nicht zustande kam: Netzwerkkarte wurde nicht erkannt. Ich bekam schon Panik ob STUXXNET zuschlägt (habe Siemens-PC) ;-) Nach Rütteln ander Netzwerkkarte war's wohl nur ein Wackelkontakt. 1. Ist mir sowas aber seit Jahren nicht passiert. 2. Schon seltsam. Nun also heute GMER + OSAM. 1.GMER: Download u. install problemlos. Scan hört aber unvermittelt auf (=Aktivitätsfenster bleibt einfach leer). Gleichzeitig verschwinden die Desktop-Icons und Windows-Leisten. Es bleibt der schlichte Win-XP-Hintergrund (=Grüner Hügel). Ich kann zwar auf "Copy" (Log) klicken. Aber nach schließen des GMER-Programmfensters, bleibt nur der Mauszeiger. Alos keine Möglichkeit das Log zu sichern, ein Program zu starten oder Windows herunter zu fahren. Bleibt nur der Stromschalter. Ich habe immerhin die beiden letzten Log-Einträge manuell aufgeschrieben. Hier sind sie: Type: Disk Name: \Device\Harddisk0\DR0 Value: Sector 62 rootkit_like behaviour; copy of MBR Und das auch für Sector 63. Wie gesagt: die letzten beiden Einträge bevor GMER seine Aktivität einstellte. Ich finde: ziemlich verdächtig! Nun OSAM: Download, install und Ausführung problemlos. Das Ergebnisfenster zeigt nur grüne Balken oder unbekannte Risks also graue Balken. --- OSAM-LOG Beginn --- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:36:14 on 01.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AutoDiskCpl" - "Iomega Corp." - C:\WINDOWS\System32\AutoDisk.cpl "QuickTime" - "Apple Inc." - C:\software_multimedia\quicktime\QTSystem\QuickTime.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "Ad-Watch Connect Kernel Filter" (Ad-Watch Connect Filter) - ? - C:\WINDOWS\system32\drivers\NSDriver.sys (File not found) "AFS2k" (AFS2K) - "Oak Technology Inc." - C:\WINDOWS\system32\drivers\AFS2K.sys "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgarkt.sys "Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\WINDOWS\System32\DRIVERS\AvgArCln.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GhostPciScanner" (GhPciScan) - "Symantec Corporation" - C:\Programme\Symantec\Norton Ghost 2003\ghpciscan.sys "InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDfs.sys "InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\system32\drivers\incdrm.sys "InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys "InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys "Iomega Devices Disk Filter Services" (iomdisk) - "Iomega Corporation" - C:\WINDOWS\System32\DRIVERS\iomdisk.sys "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys "Ndiskio" (Ndiskio) - "Norman ASA" - c:\norman_viruscontrol\nse\bin\ndiskio.sys "Norman General Security Driver" (NGS) - "Norman ASA" - c:\norman_viruscontrol\ngs\bin\ngs.sys "Norman Registry Security driver" (nregsec) - "Norman ASA" - C:\Norman_VirusControl\Ngs\Bin\nregsec.sys "Norman Security driver" (NPROSEC) - "Norman ASA" - C:\Norman_VirusControl\Ngs\Bin\nprosec.sys "nvcfsr" (nvcfsr) - "Norman ASA" - C:\NORMAN_VIRUSCONTROL\Nvc\BIN\nvcfsr.sys "NvcMFlt" (NvcMFlt) - "Norman ASA" - C:\WINDOWS\System32\DRIVERS\nvcw32mf.sys "nvcoafl51" (nvcoafl51) - ? - C:\NORMAN_VIRUSCONTROL\nvc\BIN\nvcoafl51.sys "nvcoaft51" (nvcoaft51) - "Norman ASA" - C:\NORMAN_VIRUSCONTROL\nvc\BIN\nvcoaft51.sys "nvcoarc51" (nvcoarc51) - ? - C:\NORMAN_VIRUSCONTROL\nvc\BIN\nvcoarc51.sys "OODrvled" (OODrvled) - "O&O Software GmbH" - C:\WINDOWS\System32\DRIVERS\OODrvled.sys "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SANDRA" (SANDRA) - "SiSoftware" - C:\Software\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys "SBRE" (SBRE) - "Sunbelt Software" - C:\WINDOWS\system32\drivers\SBREdrv.sys "TerraTec Cinergy T² Driver (TTCinergyT2.sys)" (TTCinergyT2) - "TerraTec Electronic GmbH" - C:\WINDOWS\System32\Drivers\TTCinergyT2.sys "TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS "V7" (V7) - "IBM Corporation" - C:\WINDOWS\system32\drivers\V7.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} "CRLUpdate" - "Microsoft Corporation" - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Software\Packer\7-Zip\7-zip.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Seagate" - C:\Programme\Seagate\DiscWizard\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Seagate" - C:\Programme\Seagate\DiscWizard\tishell.dll {AB77609F-2178-4E6F-9C4B-44AC179D937A} "a² Context Menu Shell Extension" - ? - C:\Programme\a2_free\a2contmenu.dll (File found, but it contains no detailed information) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {CB6C13AE-D1BD-4EA5-81FC-A1AC20942B6A} "dsContextMenu" - ? - C:\PROGRA~1\PACKAR~1\DSRClick.dll (File found, but it contains no detailed information) {B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" - ? - C:\Software\Packer\Filzip\fzshext.dll {c7745760-8ead-11ce-b750-02608ca5202c} "IomegaWare Shell Extension" - "Iomega Corp." - C:\Programme\Iomega\Shell\ImgMenu.dll {c7745761-8ead-11ce-b750-02608ca5202c} "IomegaWare Shell Extension" - "Iomega Corp." - C:\Programme\Iomega\Shell\ImgProp.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Software\Packer\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Software\Packer\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {57C51AF9-DEF7-11D3-A801-00C04F163490} "PropPage Class" - "Symantec Corporation" - C:\Programme\Symantec\Norton Ghost 2003\GhoShExt.dll {8903F6C9-25E3-40AC-A98F-E6D35CD0469C} "PSPad" - ? - C:\Software\PSPADE~1\PSPADS~1.DLL (File found, but it contains no detailed information) {950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Nero AG" - C:\Programme\Ahead\InCD\incdshx.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - ? - (File not found | COM-object registry key not found) {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - ? - (File not found | COM-object registry key not found) {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - ? - (File not found | COM-object registry key not found) {FACEB421-912E-11D3-B7D5-0080AD41AF95} "ZipStar Shell Extension" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Trashcan" - ? - C:\Programme\Agnitum\Outpost Firewall 1.0\trash.exe (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {EB387D2F-E27B-4D36-979E-847D1036C65D} "QDiagHUpdateObj Class" - "Gteko Ltd." - C:\WINDOWS\system32\qdiagh.ocx / hxxp://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326 {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {5ED80217-570B-4DA9-BF44-BE107C0EC166} "Windows Live Safety Center Base Module" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\wlscBase.dll / hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab {62475759-9E84-458E-A1AB-5D2C442ADFDE} "{62475759-9E84-458E-A1AB-5D2C442ADFDE}" - ? - (File not found | COM-object registry key not found) / hxxp://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/de/win/QuickTimeInstaller.exe {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? - (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38199.1043865741 {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Script" - ? - C:\Software\AT-PROMPT_Translator\PRMTIE\prmtie5.htm "Script" - ? - C:\Software\AT-PROMPT_Translator\PRMTIE\options.htm -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {CC962137-2E78-4f94-975E-FC0C07DBD78F} "Developer Toolbar" - ? - (File not found | COM-object registry key not found) {FF284F5C-7CF9-4682-8701-D467C1DBB99F} "Übersetzer" - "PROMT Ltd." - C:\Software\AT-PROMPT_Translator\PRMTIE\prmtie.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {CC7E636D-39AA-49b6-B511-65413DA137A1} "{CC7E636D-39AA-49b6-B511-65413DA137A1}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "softwareuptodate" - "Bernd Ott" - C:\Programme\Software-UpToDate\Software_UpToDate_Client.exe /reminder -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedhlp.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ASM" - "AOL LLC" - "C:\Software\AOL_Active Security Monitor\ASMonitor.exe" HIDEMAIN "DiscWizardMonitor.exe" - "Seagate" - C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "InCD" - "Nero AG" - C:\Programme\Ahead\InCD\InCD.exe "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "Norman ZANDA" - "Norman ASA" - "C:\Norman_VirusControl\Npm\Bin\ZLH.EXE" /LOAD /SPLASH "PCMService" - "CyberLink Corp." - "C:\Software_Multimedia\CyberLink_Home_Cinema\PowerCinema\PCMService.exe" "QuickTime Task" - "Apple Inc." - "C:\software_multimedia\quicktime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "WinPatrol" - "BillP Studios" - C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Software_Multimedia\CyberLink_Home_Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Software_Multimedia\CyberLink_Home_Cinema\PowerCinema\Kernel\TV\CLSched.exe "GhostStartService" (GhostStartService) - "Symantec Corporation" - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE "InCD Helper" (InCDsrv) - "Nero AG" - C:\Programme\Ahead\InCD\InCDsrv.exe "Iomega App Services" (Iomega App Services) - "Iomega Corporation" - C:\PROGRA~1\Iomega\System32\AppServices.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "LogoMedia TranslateDotNet Server" (LogoMedia TranslateDotNet Server) - "LogoMedia Corporation" - C:\Software\Power Translator\LogoMedia TranslateDotNet Server.exe "Norman eLogger service 6" (eLoggerSvc6) - "Norman ASA" - C:\Norman_VirusControl\Npm\bin\ELOGSVC.EXE "Norman Network Filtering service" (NNFSVC) - "Norman ASA" - C:\Norman_VirusControl\Ngs\Bin\Nnf.exe "Norman NJeeves" (Norman NJeeves) - "Norman ASA" - C:\Norman_VirusControl\Npm\Bin\Njeeves.exe "Norman Resource Provider" (NVOY) - "Norman ASA" - C:\Norman_VirusControl\npm\bin\nvoy.exe "Norman Scanner Engine Service" (nsesvc) - "Norman ASA" - C:\Norman_VirusControl\nse\bin\NSESVC.EXE "Norman Scheduler Service" (Scheduler) - "Norman ASA" - C:\Norman_VirusControl\Npm\Bin\scheduler.exe "Norman Security service" (NPROSECSVC) - "Norman ASA" - C:\Norman_VirusControl\Ngs\Bin\Nprosec.exe "Norman Virus Control on-access component" (nvcoas) - "Norman ASA" - C:\Norman_VirusControl\Nvc\bin\nvcoas.exe "Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Norman_VirusControl\Npm\Bin\Zanda.exe "O&O Defrag 2000" (OOD2000) - "O&O Software GmbH" - C:\WINDOWS\system32\OOD2000.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Software\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe "Zope instance at C:\Plone\Data" (Zope_29920312) - ? - C:\Plone\Python\PythonService.exe "Zope instance at C:\Plone\parts\instance" (Zope_-722186511) - ? - C:\Plone\python\PythonService.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru --- OSAM-LOG Ende --- Bin auf Interpretation gespannt Viele Grüße Stefan |
|
| Themen zu Systemübernahme oder/und Malware? - WIN XP |
| abbruch, ad-aware, ad-watch, bho, browser, converter, desktop, feedback, flash player, hijack, hijackthis, hkus\s-1-5-18, home, install.exe, internet, internet browser, internet explorer, jusched.exe, lightning, malware, malware?, mozilla, msiexec.exe, nicht installiert, nt.dll, opera.exe, optional, plug-in, programm, prozess, realtek, registry, rundll, saver, scan, security, service pack 1, suspekt, symantec, systemübernahme, taskmanager, windows internet, windows internet explorer, windows xp, windows-explorer |
Hybrid-Darstellung
