![]() |
TR/Agent.ruo in C:\WINDOWS\system32\sysawcyf.dll Thread Nr 10 heute ;) Hallo Also hab mir den geliebten TR/Agent.ruo auch eingefangen, laut Antivir sitzt er in C:\WINDOWS\system32\sysawcyf.dll . Bisher hab ich Antivir und Ad-Aware drüber laufen lassen ohne sichtlichen erfolg und ausserdem läuft gerade Superantispyware. Aufgetaucht ist er bei mir , nachdem ich mit Firefox 3.6 schwere Probleme hatte und mir eine ältere Version downgeloadet habe. Vielen dank im vorrauß für eure Hilfe Hier mein Osam Log: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:24:49 on 28.03.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Ad-Aware Update (Daily 1).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 2).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 3).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Daily 4).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v2.3.1.9" (MDC8021X) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\mdc8021x.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "az8gakuf" (az8gakuf) - ? - C:\WINDOWS\system32\drivers\az8gakuf.sys (Hidden registry entry, rootkit activity | File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys "DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys "Hamachi Network Interface" (hamachi) - ? - C:\WINDOWS\System32\DRIVERS\hamachi.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24\RivaTuner32.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "Secdrv" (Secdrv) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\DRIVERS\secdrv.sys "Sinus 154 data II Driver" (DT154_A02) - "Deutsche Telekom AG" - C:\WINDOWS\System32\DRIVERS\TS154USB.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SSPORT" (SSPORT) - ? - C:\WINDOWS\system32\Drivers\SSPORT.sys (File not found) "TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "winegbxz" (winegbxz) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\winegbxz.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplact.dll {124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplsens.dll {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliPoint\ipcplwir.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {002C5F79-B71E-44FD-966A-684AD20F58C2} "SmarThru4 Als HTML speichern" - ? - C:\Programme\SmarThru 4\WebCapture.dll {A9A0537F-A1B3-4472-BE97-CBB588B2965F} "SmarThru4 Auswahl erfassen" - ? - C:\Programme\SmarThru 4\WebCapture.dll {7944DB2F-E7C7-4A84-922D-305182AD87F3} "SmarThru4 Markierten Text speichern" - ? - C:\Programme\SmarThru 4\WebCapture.dll {C4F01940-1BF8-4447-AF12-7B548BBBFEB2} "SmarThru4 Web Capture" - ? - C:\Programme\SmarThru 4\WebCapture.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "T-Com WLAN Manager.lnk" - ? - C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Steam" - "Valve Corporation" - "C:\Programme\Steam\Steam.exe" -silent "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Ad-Watch" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "atchk" - "Intel Corporation" - "C:\Programme\Intel\AMT\atchk.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe" "itype" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliType Pro\itype.exe" "LogitechCommunicationsManager" - "Logitech Inc." - "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install "PRISMSVR.EXE" - "Conexant Systems, Inc." - "C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE" /APPLY "Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AntiVir PersonalEdition Classic Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe "AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Programme\DSL-Manager\DslMgrSvc.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel" - C:\Programme\Intel\AMT\LMS.exe "Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Programme\Intel\AMT\atchksrv.exe "Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel" - C:\Programme\Intel\AMT\UNS.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\System32\ACTUAL~1.SCR (File found, but it contains no detailed information) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 03/28/2010 at 11:18 PM Application Version : 4.34.1000 Core Rules Database Version : 4742 Trace Rules Database Version: 2554 Scan type : Complete Scan Total Scan Time : 01:03:50 Memory items scanned : 574 Memory threats detected : 0 Registry items scanned : 5654 Registry threats detected : 0 File items scanned : 85728 File threats detected : 5 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atdmt[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@www.etracker[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@statse.webtrendslive[1].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt Das hat mir Superantispyware raußgeworfen... |
Und in der Hoffnung euch damit behilflich zu sien habe ich nun auch noch einen OTL Scan gemacht: OTL Extras logfile created on: 29.03.2010 13:49:14 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 186,30 Gb Total Space | 106,03 Gb Free Space | 56,91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOONDOG Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH) "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "C:\Programme\Curse\CurseClient.exe" = C:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6 "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0 "{C53FB914-C1F6-4F9D-93E2-A3A84935EC15}" = Sinus 154 data II "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AVSCDDVDBDDataBurner_is1" = AVS CD\DVD\BD Data Burner version 2.1 "Bubble Bobble World" = Bubble Bobble World "Catan Online Welt" = Catan Online Welt "Diablo" = Diablo "Dirty Split" = Dirty Split (remove only) "eMule" = eMule "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.1.5 "HardwareOC Crysis Benchmark v1.3.0.0_is1" = HardwareOC Crysis Benchmark v1.3.0.0 "HECI" = Intel® Management-Engine-Interface "HijackThis" = HijackThis 1.99.1 "hon" = Heroes of Newerth "ICQToolbar" = ICQ Toolbar "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{C53FB914-C1F6-4F9D-93E2-A3A84935EC15}" = Sinus 154 data II "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Standard) "LastFM_is1" = Last.fm 1.5.4.24567 "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "MESOL" = Intel® Active-Management-Technologie "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PunkBusterSvc" = PunkBuster Services "RivaTuner" = RivaTuner v2.24 "Samsung SCX-4300 Series" = Samsung SCX-4300 Series "Scrabble" = Scrabble "Starcraft" = Starcraft "Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Trillian" = Trillian "Tunngle beta_is1" = Tunngle beta "VLC media player" = VideoLAN VLC media player 0.8.6e "Warcraft II BNE" = Warcraft II BNE "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Diablo" = Diablo "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.03.2010 06:57:43 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 24.03.2010 06:09:17 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 24.03.2010 18:28:24 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 25.03.2010 07:47:52 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 25.03.2010 16:17:25 | Computer Name = MOONDOG | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung hon.exe, Version 0.1.54.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 26.03.2010 06:03:56 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 27.03.2010 06:52:53 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 28.03.2010 07:34:00 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 28.03.2010 15:48:11 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 29.03.2010 05:47:28 | Computer Name = MOONDOG | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. [ System Events ] Error - 26.03.2010 06:03:57 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 27.03.2010 06:52:46 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.03.2010 06:52:46 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 28.03.2010 07:34:00 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.03.2010 07:34:00 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 28.03.2010 15:48:15 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.03.2010 15:48:15 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 28.03.2010 19:49:23 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7034 Description = Dienst "TunngleService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 29.03.2010 05:47:07 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.03.2010 05:47:07 | Computer Name = MOONDOG | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt < End of report > |
Hab ich irgendwas vergessen? Oder bei der Thread erstellung Fehler gemacht? |
Liebes Trojaner-Team ich war seit Tagen nicht auf Facebook etc Internetbanking schiebe ich auch vor mich her. Bitte schaut über meinen Log und helft mir den Trojaner loszuwerden. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 18:02 Uhr. |
Copyright ©2000-2025, Trojaner-Board