| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
20.05.2011, 13:34
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2011, 19:22
| #2 | |
 | AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!Zitat:
Hier das Logfile von GMER: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-20 19:54:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD1200JD-00HBB0 rev.08.02D08
Running: 7rj48ke2.exe; Driver: C:\DOKUME~1\Peter\LOKALE~1\Temp\fxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT F6EF1136 ZwCreateKey
SSDT F6EF112C ZwCreateThread
SSDT F6EF113B ZwDeleteKey
SSDT F6EF1145 ZwDeleteValueKey
SSDT F6EF114A ZwLoadKey
SSDT F6EF1118 ZwOpenProcess
SSDT F6EF111D ZwOpenThread
SSDT F6EF1154 ZwReplaceKey
SSDT F6EF114F ZwRestoreKey
SSDT F6EF1140 ZwSetValueKey
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EB96916D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EB968FC2
INT 0x62 ? FAF45044
INT 0x63 ? FABC19DC
INT 0x73 ? FAC138BC
INT 0x82 ? FAF11954
INT 0x83 ? FAF1ABEC
INT 0x92 ? FABB3BEC
INT 0xA3 ? FAC1C044
INT 0xA4 ? FAC90044
INT 0xB1 ? FAFB5BEC
INT 0xB2 ? FABB1BEC
INT 0xB4 ? FAC148BC
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xEB5ED400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xEB68F420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xEB68F420]
.protectÿÿÿÿhardlockunknown last code section [0xEB68F200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xEB68F200, 0x5049, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:15:00 on 20.05.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Orb Index when idle.job" - "Orb Networks" - C:\Programme\Winamp Remote\bin\OrbLauncher.exe -----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )----- "{Default}" - ? - "%1" %* (Hidden registry entry, rootkit activity | System default value) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Desktop Search" - ? - C:\Programme\Windows Desktop Search\ControlPanel.cpl (File found, but it contains no detailed information) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys "catchme" (catchme) - ? - C:\DOKUME~1\Peter\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz134" (cpuz134) - ? - C:\DOKUME~1\Peter\LOKALE~1\Temp\cpuz134\cpuz134_x32.sys (File not found) "Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\WINDOWS\system32\drivers\Haspnt.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Intel(R) PRO/1000 Network Connection Driver" (E1000) - ? - C:\WINDOWS\System32\DRIVERS\e1000325.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mwgeobey" (mwgeobey) - ? - C:\WINDOWS\System32\drivers\xwrv.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Die derzeitige Homepage" - ? - About:Home (Hidden registry entry, rootkit activity | System default value) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install (Hidden registry entry, rootkit activity | File not found) >{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP (Hidden registry entry, rootkit activity | File signed by Microsoft) >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Hidden registry entry, rootkit activity | File signed by Microsoft) >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig (Hidden registry entry, rootkit activity | File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings (Hidden registry entry, rootkit activity | File signed by Microsoft) {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install (Hidden registry entry, rootkit activity | File not found) >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - ? - C:\WINDOWS\inf\unregmp2.exe /HideWMP (Hidden registry entry, rootkit activity | File not found) {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub (Hidden registry entry, rootkit activity | File signed by Microsoft) {44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT (Hidden registry entry, rootkit activity | File signed by Microsoft) >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - ? - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE (Hidden registry entry, rootkit activity | File not found) {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install (Hidden registry entry, rootkit activity | File signed by Microsoft) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - ? - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll (Hidden registry entry, rootkit activity | File not found) <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe (Hidden registry entry, rootkit activity | File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - ? - regsvr32.exe /s /n /i:U shell32.dll (Hidden registry entry, rootkit activity | File not found) {5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll (Hidden registry entry, rootkit activity | File not found) {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Hidden registry entry, rootkit activity | File not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll (Hidden registry entry, rootkit activity) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll (Hidden registry entry, rootkit activity) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll (Hidden registry entry, rootkit activity) {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Hidden registry entry, rootkit activity) {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\Software\Classes\Protocols\Handler )----- {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Hidden registry entry, rootkit activity | File not found) {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - ? - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Hidden registry entry, rootkit activity | File not found) {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - ? - C:\WINDOWS\system32\inetcomm.dll (Hidden registry entry, rootkit activity | File not found) {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - ? - C:\WINDOWS\system32\itss.dll (Hidden registry entry, rootkit activity | File not found) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - ? - C:\WINDOWS\system32\itss.dll (Hidden registry entry, rootkit activity | File not found) {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Hidden registry entry, rootkit activity | File not found) {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Hidden registry entry, rootkit activity) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - ? - C:\Programme\Outlook Express\wabfind.dll (Hidden registry entry, rootkit activity | File not found) {7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - ? - C:\WINDOWS\system32\occache.dll (Hidden registry entry, rootkit activity | File not found) {A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - ? - syncui.dll (Hidden registry entry, rootkit activity | File not found) {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl (Hidden registry entry, rootkit activity | File signed by Microsoft) {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - ? - C:\WINDOWS\system32\zipfldr.dll (Hidden registry entry, rootkit activity | File not found) {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - ? - C:\WINDOWS\system32\zipfldr.dll (Hidden registry entry, rootkit activity | File not found) {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - ? - C:\WINDOWS\system32\zipfldr.dll (Hidden registry entry, rootkit activity | File not found) {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - ? - C:\Programme\Image Resizer\ImageResizer.dll (Hidden registry entry, rootkit activity | File not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (Hidden registry entry, rootkit activity | File not found) {42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - ? - C:\WINDOWS\system32\appwiz.cpl (Hidden registry entry, rootkit activity | File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll (Hidden registry entry, rootkit activity) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll (Hidden registry entry, rootkit activity) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - ? - C:\WINDOWS\system32\dfsshlex.dll (Hidden registry entry, rootkit activity | File not found) {62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - ? - C:\WINDOWS\system32\dsuiext.dll (Hidden registry entry, rootkit activity | File not found) {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - ? - C:\WINDOWS\system32\dsquery.dll (Hidden registry entry, rootkit activity | File not found) {0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - ? - C:\WINDOWS\system32\dsuiext.dll (Hidden registry entry, rootkit activity | File not found) {8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - ? - C:\WINDOWS\system32\dsquery.dll (Hidden registry entry, rootkit activity | File not found) {F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - ? - C:\WINDOWS\system32\dsquery.dll (Hidden registry entry, rootkit activity | File not found) {f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - ? - C:\WINDOWS\system32\photowiz.dll (Hidden registry entry, rootkit activity | File not found) {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - ? - mmsys.cpl (Hidden registry entry, rootkit activity | File not found) {1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - ? - dssec.dll (Hidden registry entry, rootkit activity | File not found) {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - ? - diskcopy.dll (Hidden registry entry, rootkit activity | File not found) {88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - ? - C:\WINDOWS\system32\extmgr.dll (Hidden registry entry, rootkit activity | File not found) {7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - ? - C:\WINDOWS\System32\mmcshext.dll (Hidden registry entry, rootkit activity | File not found) {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll (Hidden registry entry, rootkit activity) {3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - ? - C:\WINDOWS\system32\icmui.dll (Hidden registry entry, rootkit activity | File not found) {675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - ? - C:\WINDOWS\system32\icmui.dll (Hidden registry entry, rootkit activity | File not found) {5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - ? - C:\WINDOWS\System32\icmui.dll (Hidden registry entry, rootkit activity | File not found) {176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - ? - icmui.dll (Hidden registry entry, rootkit activity | File not found) {3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - ? - C:\WINDOWS\system32\appwiz.cpl (Hidden registry entry, rootkit activity | File not found) {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - ? - cabview.dll (Hidden registry entry, rootkit activity | File not found) {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - ? - SlayerXP.dll (Hidden registry entry, rootkit activity | File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - ? - C:\WINDOWS\system32\mshtml.dll (Hidden registry entry, rootkit activity | File not found) {143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - ? - C:\WINDOWS\msagent\agentpsh.dll (Hidden registry entry, rootkit activity | File not found) {00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - ? - dskquoui.dll (Hidden registry entry, rootkit activity | File not found) {6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - ? - C:\WINDOWS\system32\docprop2.dll (Hidden registry entry, rootkit activity | File not found) {63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll (Hidden registry entry, rootkit activity) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll (Hidden registry entry, rootkit activity | File not found) {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - ? - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL (Hidden registry entry, rootkit activity | File not found) {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll (Hidden registry entry, rootkit activity | File not found) {2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - ? - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll (Hidden registry entry, rootkit activity | File not found) {03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll (Hidden registry entry, rootkit activity) {10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - ? - docprop.dll (Hidden registry entry, rootkit activity | File not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Hidden registry entry, rootkit activity | File not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Hidden registry entry, rootkit activity | File not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Hidden registry entry, rootkit activity | File not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Hidden registry entry, rootkit activity | File not found) {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - ? - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL (Hidden registry entry, rootkit activity | File not found) {58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - ? - C:\WINDOWS\system32\remotepg.dll (Hidden registry entry, rootkit activity | File not found) {3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - ? - fontext.dll (Hidden registry entry, rootkit activity | File not found) {D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - ? - C:\WINDOWS\system32\appwiz.cpl (Hidden registry entry, rootkit activity | File not found) {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll (Hidden registry entry, rootkit activity) {60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - ? - C:\WINDOWS\system32\dfshim.dll (Hidden registry entry, rootkit activity | File not found) {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - ? - C:\WINDOWS\system32\dsquery.dll (Hidden registry entry, rootkit activity | File not found) {ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - ? - shscrap.dll (Hidden registry entry, rootkit activity | File not found) {77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - ? - ntlanui2.dll (Hidden registry entry, rootkit activity | File not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - ? - C:\WINDOWS\system32\dfshim.dll (Hidden registry entry, rootkit activity | File not found) {6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Hidden registry entry, rootkit activity | File not found) {3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC} "Sldworks Shell Extension" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - "Microsoft Corporation" - C:\WINDOWS\system32\upnpui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll (Hidden registry entry, rootkit activity | File not found) {07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Hidden registry entry, rootkit activity | File not found) {CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - ? - C:\Programme\Windows Desktop Search\msnlExt.dll (Hidden registry entry, rootkit activity | File not found) {D426CFD0-87FC-4906-98D9-A23F5D515D61} "Windows Desktop Search Outlook Express SearchProtocol Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\OEPH.dll (Hidden registry entry, rootkit activity) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Hidden registry entry, rootkit activity) {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Hidden registry entry, rootkit activity) {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll (Hidden registry entry, rootkit activity) {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll (Hidden registry entry, rootkit activity) {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll (Hidden registry entry, rootkit activity) {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Hidden registry entry, rootkit activity) {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll (Hidden registry entry, rootkit activity) {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - ? - C:\WINDOWS\System32\XPSSHHDR.DLL (Hidden registry entry, rootkit activity | File not found) {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - ? - C:\WINDOWS\System32\XPSSHHDR.DLL (Hidden registry entry, rootkit activity | File not found) {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (Hidden registry entry, rootkit activity | File found, but it contains no detailed information) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll (Hidden registry entry, rootkit activity | File not found) {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll (Hidden registry entry, rootkit activity | File not found) {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll (Hidden registry entry, rootkit activity | File not found) {9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe (Hidden registry entry, rootkit activity) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {e57ce738-33e8-4c51-8354-bb4de9d215d1} "UPnP Tray Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\upnpui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} "Get_ActiveX Control" - "Netopsystems AG" - C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX (Hidden registry entry, rootkit activity) / https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "WebEx Communications, Inc" - C:\WINDOWS\DOWNLO~1\ieatgpc.dll (Hidden registry entry, rootkit activity) / https://solidline.webex.com/client/v_mywebex-t20-localized/support/ieatgpc.cab {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx (Hidden registry entry, rootkit activity) / hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1222359374 {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_22\bin\npjpi160_22.dll (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx (Hidden registry entry, rootkit activity) / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll (Hidden registry entry, rootkit activity) / hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 {6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) / hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109846742953 -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Hidden registry entry, rootkit activity) {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {2F85D76C-0569-466F-A488-493E6BD0E955} "dsWebAllowBHO Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\dsWebAllow.dll {A3CF7606-E683-4375-A372-96B75DA0AEF7} "GdfrDUEn Class" - "TODO: <Company name>" - C:\Programme\Get Styles\enlbrdr.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? - (File not found | COM-object registry key not found) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" - ? - (File not found | COM-object registry key not found) [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe (Hidden registry entry, rootkit activity | File signed by Microsoft) "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Hidden registry entry, rootkit activity) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe (Hidden registry entry, rootkit activity | File signed by Microsoft) "Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe (Hidden registry entry, rootkit activity | File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min (Hidden registry entry, rootkit activity) "AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\FRITZWLANMini.exe (Hidden registry entry, rootkit activity) "HPDJ Taskbar Utility" - "HP" - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (Hidden registry entry, rootkit activity) "Logitech Utility" - "Logitech Inc." - Logi_MwX.Exe (Hidden registry entry, rootkit activity | File signed by Microsoft) "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (Hidden registry entry, rootkit activity | File signed by Microsoft) "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (Hidden registry entry, rootkit activity | File signed by Microsoft) "SoundMAXPnP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Hidden registry entry, rootkit activity) "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Hidden registry entry, rootkit activity) "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" (Hidden registry entry, rootkit activity) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpzlnt04" - "HP" - C:\WINDOWS\system32\hpzlnt04.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Brother BRAdminPro Scheduler" (BRA_Scheduler) - ? - C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe (File found, but it contains no detailed information) "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1ca0e2f5c64d326)" (gupdate1ca0e2f5c64d326) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe "NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\hpzipm12.dll "SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe "SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe "TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\LIVING~1.SCR (File not found) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll" - "Microsoft Corporation" - C:\WINDOWS\System32\nwprovau.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
20.05.2011, 19:27
| #3 | |
| | AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!Zitat:
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 134):
0xE0B86000 \WINDOWS\system32\ntoskrnl.exe
0xE0B65000 \WINDOWS\system32\hal.dll
0xF6D87000 \WINDOWS\system32\KDCOM.DLL
0xF6C97000 \WINDOWS\system32\BOOTVID.dll
0xF6837000 ACPI.sys
0xF6D89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF6826000 pci.sys
0xF6887000 isapnp.sys
0xF6E4F000 pciide.sys
0xF6B07000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF6D8B000 intelide.sys
0xF6897000 MountMgr.sys
0xF6807000 ftdisk.sys
0xF6D8D000 dmload.sys
0xF67E1000 dmio.sys
0xF6B0F000 PartMgr.sys
0xF68A7000 VolSnap.sys
0xF67C9000 atapi.sys
0xF68B7000 disk.sys
0xF68C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF67A9000 fltmgr.sys
0xF6797000 sr.sys
0xF68D7000 PxHelp20.sys
0xF6780000 KSecDD.sys
0xF676D000 WudfPf.sys
0xF66E0000 Ntfs.sys
0xF66B3000 NDIS.sys
0xF6699000 Mup.sys
0xF68E7000 agp440.sys
0xF5D65000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5C4C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5C38000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C37000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5C14000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF6C3F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5BE9000 \SystemRoot\system32\DRIVERS\yukonwxp.sys
0xF5D55000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5D45000 \SystemRoot\system32\DRIVERS\L8042pr2.Sys
0xF6917000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xF6C47000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6927000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6669000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6C4F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5BD5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6937000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6947000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5BB2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6957000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF5B24000 \SystemRoot\system32\drivers\smwdm.sys
0xF5B00000 \SystemRoot\system32\drivers\portcls.sys
0xF6977000 \SystemRoot\system32\drivers\drmk.sys
0xF5AE8000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6EBB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6A07000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF665D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5983000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6A17000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6A27000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6C6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5972000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6A37000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6C87000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF6C8F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5942000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6A47000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6B1F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6DCF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF58D1000 \SystemRoot\system32\DRIVERS\update.sys
0xF5F2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A67000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6AA7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6DD7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6B87000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF6DDB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6E8B000 \SystemRoot\System32\Drivers\Null.SYS
0xF6DDD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF6B9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6BA7000 \SystemRoot\System32\drivers\vga.sys
0xF6DDF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF6DE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF6BAF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF6BB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6D53000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xED664000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xED60B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xED5E3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xED5BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xED59B000 \SystemRoot\System32\drivers\afd.sys
0xF5DD5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6BBF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xED520000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5DC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xED488000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5DB5000 \SystemRoot\System32\Drivers\Fips.SYS
0xED439000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF6DEB000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF6BCF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6997000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xED302000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0xF69B7000 \SystemRoot\system32\drivers\usbaudio.sys
0xF6675000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF69A7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF69C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED2C1000 \SystemRoot\system32\DRIVERS\fwlanusb.sys
0xF58C9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF58C5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xED209000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF6E05000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xDE800000 \SystemRoot\System32\win32k.sys
0xF58B5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF6BF7000 \SystemRoot\System32\watchdog.sys
0xDE9C6000 \SystemRoot\System32\drivers\dxg.sys
0xF6EB9000 \SystemRoot\System32\drivers\dxgthk.sys
0xDE9D8000 \SystemRoot\System32\ati2dvag.dll
0xDEA13000 \SystemRoot\System32\ati2cqag.dll
0xDEA43000 \SystemRoot\System32\atikvmag.dll
0xDEA74000 \SystemRoot\System32\ati3duag.dll
0xDEC95000 \SystemRoot\System32\ativvaxx.dll
0xDED01000 \SystemRoot\System32\ATMFD.DLL
0xED128000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xED09A000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xED759000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xED110000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF5E65000 \SystemRoot\system32\drivers\wdmaud.sys
0xF5A48000 \SystemRoot\system32\drivers\sysaudio.sys
0xF5DE8000 \SystemRoot\system32\drivers\kmixer.sys
0xF6501000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF6381000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF6C17000 \SystemRoot\System32\drivers\BrPar.sys
0xF6E33000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF6029000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xF6005000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF5FAD000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 43):
0 System Idle Process
4 System
716 C:\WINDOWS\system32\smss.exe
1352 csrss.exe
1664 C:\WINDOWS\system32\winlogon.exe
1756 C:\WINDOWS\system32\services.exe
1768 C:\WINDOWS\system32\lsass.exe
1992 C:\WINDOWS\system32\ati2evxx.exe
2008 C:\WINDOWS\system32\svchost.exe
180 svchost.exe
420 C:\WINDOWS\system32\svchost.exe
460 C:\WINDOWS\system32\svchost.exe
524 svchost.exe
768 svchost.exe
1144 C:\WINDOWS\system32\spoolsv.exe
1196 C:\Programme\Avira\AntiVir Desktop\sched.exe
1252 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1456 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1732 C:\WINDOWS\system32\ati2evxx.exe
200 C:\WINDOWS\explorer.exe
1272 C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
1368 C:\Programme\avmwlanstick\FRITZWLANMini.exe
1376 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1440 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1520 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
1516 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1600 C:\WINDOWS\system32\ctfmon.exe
1640 C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Dropbox\bin\Dropbox.exe
404 C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
1536 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1208 C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe
1396 C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
948 C:\Programme\Java\jre6\bin\jqs.exe
1692 C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
2088 C:\Programme\CDBurnerXP\NMSAccessU.exe
2288 C:\WINDOWS\system32\svchost.exe
2860 C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
3040 C:\WINDOWS\system32\svchost.exe
3352 C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
3768 C:\Programme\TeamViewer\Version4\TeamViewer.exe
2920 C:\Programme\Mozilla Firefox\firefox.exe
2208 C:\WINDOWS\system32\wscntfy.exe
3348 C:\Dokumente und Einstellungen\Peter\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00769e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD1200JD-00HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD1600BB-00GUA0, Rev: 08.02D08
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
149 GB \\.\PhysicalDrive1 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
Done!
|
|
| Themen zu AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden! |
| 0x00000001, adblock, adobe, alternate, antivir, askbar, avira, bho, cdburnerxp, conduit, converter, dateianhang, desktop, einstellungen, emsisoft, error, fehlermeldung, firefox, google, google chrome, helper, hängen, index, intranet, langsam, logfile, mozilla, mp3, object, oldtimer, otl log, plug-in, registry, safer networking, scan, sched.exe, searchplugins, software, staropen, stick, super, symantec, tr/crypt.xpack.ge, tr/crypt.xpack.gen, video converter, windows |
Hybrid-Darstellung
