|
Trojaner "TR/Agent.ruo" entdeckt Guten Tag, hab seit dem Wochende genau den selben Trojaner drauf. Leider heißt die datei anders.. C:\WINDOWS\system32\winexdti.dll:nixda: |
Hallo und :hallo: Bitte ein OSAM Logfile posten. |
Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:00:01 on 30.03.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "RealUpgradeLogonTaskS-1-5-21-1644491937-1078145449-839522115-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe "RealUpgradeScheduledTaskS-1-5-21-1644491937-1078145449-839522115-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "HOTASCougar.cpl" - ? - C:\WINDOWS\system32\HOTASCougar.cpl (File found, but it contains no detailed information) "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Cmcplsu" - "C-Media Corporation" - C:\WINDOWS\System\cmcnfgu.cpl "CreativeAudioConsole" - "Creative Technology Ltd" - C:\Programme\Creative\USB Headsets\AudioCS\CTAudCS.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - F:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "lgLcdCpl" - "Logitech Inc." - C:\Programme\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a1l8s10r" (a1l8s10r) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a1l8s10r.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys (File found, but it contains no detailed information) "ASUS Video3D Service" (Video3D) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\Drivers\Video3D32.sys "ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "C-Media USB Sound Interface" (cmudau) - "C-Media Inc" - C:\WINDOWS\System32\drivers\cmudau.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cportclm" (cportclm) - ? - C:\DOKUME~1\Icke\LOKALE~1\Temp\cportclm.sys (File not found) "d3dsmnbf" (d3dsmnbf) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\d3dsmnbf.sys "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "EIO" (EIO) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO.sys "Enhanced Display Driver Helper Service" (asuskbnt) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\drivers\atkkbnt.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\System32\DRIVERS\ENTECH.sys "FStarForce" (FStarForce) - "SNEG" - C:\WINDOWS\System32\DRIVERS\FStarForce.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "Hauppauge WinTV 848/9 WDM Video Driver" (HCWBT8XX) - "Hauppauge Computer Works" - C:\WINDOWS\System32\drivers\HCWBT8XX.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "ITERAID_Service_Install" (iteraid) - "Integrated Technology Express, Inc." - C:\WINDOWS\System32\DRIVERS\iteraid.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.12.2" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\WINDOWS\System32\drivers\libusb0.sys "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys "NPUSB" (NPUSB) - "NaturalPoint" - C:\WINDOWS\System32\DRIVERS\npusb.sys "npusbio" (npusbio) - "Thesycon GmbH, Germany" - C:\WINDOWS\System32\Drivers\npusbio.sys "oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys (File found, but it contains no detailed information) "Parallel Port Joystick Bus device driver" (PPJoyBus) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPJoyBus.sys "Parallel Port Joystick device driver" (PPortJoystick) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPortJoy.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SaiClass" (SaiClass) - "Saitek" - C:\WINDOWS\System32\drivers\SaiNtBus.sys "SaiH053C" (SaiH053C) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH053C.sys "SaiMini" (SaiMini) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiMini.sys "SaiNtBus" (SaiNtBus) - "Saitek" - C:\WINDOWS\System32\drivers\SaiBus.sys "SaiNtHid" (SaiNtHid) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "Thrustmaster HOTAS USB Bulk Out" (STTub203) - ? - C:\WINDOWS\System32\Drivers\STTub203.sys "TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS "USB Multi-Channel Audio Device Interface" (USBMULCD) - ? - C:\WINDOWS\System32\drivers\CM106.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WinRing0_1_2_0" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\WinRing0.sys "{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {1EBC3533-B289-409F-9924-B84B3F0717D2} "AceFTP Context Menu Shell Extension" - "Visicom Media Inc." - C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll {798082EF-407A-4788-AAD8-CFB2CFF105DA} "FSFKShell.CSEIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {4B9576CF-00E1-4578-89AE-83ED6D503E93} "FSFKShell.FKSIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {D0B00EE6-CFBA-4462-9872-75F8690526FE} "FSFKShell.FSPIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - F:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - F:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {FE8D01BF-610A-4261-9C6E-32D65A42C907} "ZipGenius DnD Extract handler" - ? - (File not found | COM-object registry key not found) {310A0C95-EA11-42AE-A8E4-53E69E650310} "ZipGenius Drop handler" - ? - (File not found | COM-object registry key not found) {C169E5F0-E2B3-41F3-B81A-7BA529CBE193} "ZipGenius Shell Extension" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - C:\WINDOWS\DOWNLO~1\ASUSTE~1.DLL / hxxp://support.asus.de/common/asusTek_sys_ctrl.cab {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} "Attachment Upload Control" - "WEB.DE GmbH" - C:\WINDOWS\DOWNLO~1\MAIL_U~1.OCX / https://stream.web.de/mail/activex/mail_upload_11213.cab {F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab {162247AF-26A7-44FC-A93A-69506EA244F3} "HWTest.HWTestControl" - ? - C:\WINDOWS\Downloaded Program Files\HWTEST.OCX / hxxp://service.maxdome.de/de/systemcheck/HWTest.CAB {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5571035D-372E-4CD7-83F7-76708DBF3419} "{5571035D-372E-4CD7-83F7-76708DBF3419}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "CodeMeter Control Center.lnk" - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Icke\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "HOTASMode" - "Thrustmaster" - "C:\Programme\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BW "/PC:\Programme\HOTAS\Profiles\DEFAULT.TMC" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CmUsbSound" - "C-Media Corporation" - RunDll32 cmcnfgu.cpl,CMICtrlWnd "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - C:\Programme\CyberLink\PowerDVD\Language\Language.exe "Launch LCDMon" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" "Launch LGDCore" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - ? - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install (File not found) "ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe "SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe "SoundMax" - "Analog Devices, Inc." - "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "VolPanel" - "Creative Technology Ltd" - "C:\Programme\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATK Keyboard Service" (ATKKeyboardService) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\ATKKBService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "CodeMeter Runtime Server" (CodeMeter.exe) - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe "Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe "Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Programme\Creative\Shared Files\CTAudSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c997fbe2a83b12)" (gupdate1c997fbe2a83b12) - ? - C:\WINDOWS\system32\drivers\gupdate1c997fbe2a83b12.sys (File not found) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "maxdome Download Manager" (Prosieben) - "Entriq, Inc." - C:\Programme\maxdome\DCBin\DCService.exe "MSSQL$SONY_MEDIAMGR" (MSSQL$SONY_MEDIAMGR) - "Microsoft Corporation" - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe "MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "nHancer Support" (nHancer) - "KSE - Korndörfer Software Engineering" - C:\Programme\KSE\nHancer 32bit\nHancerService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "SQLAgent$SONY_MEDIAMGR" (SQLAgent$SONY_MEDIAMGR) - "Microsoft Corporation" - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE "VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Programme\RealVNC\VNC4\WinVNC4.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "{468ogolrem" ({468ogolrem) - ? - C:\WINDOWS\system32\drivers\{468ogolrem.sys (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Code: [Drivers]C:\WINDOWS\system32\drivers\d3dsmnbf.sys C:\WINDOWS\system32\drivers\oreans32.sys bei Virustotal auswerten. Bitte dann die Ergebnislinks jeder Datei posten. |
Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:11:20 on 30.03.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "RealUpgradeLogonTaskS-1-5-21-1644491937-1078145449-839522115-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe "RealUpgradeScheduledTaskS-1-5-21-1644491937-1078145449-839522115-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "HOTASCougar.cpl" - ? - C:\WINDOWS\system32\HOTASCougar.cpl (File found, but it contains no detailed information) "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Cmcplsu" - "C-Media Corporation" - C:\WINDOWS\System\cmcnfgu.cpl "CreativeAudioConsole" - "Creative Technology Ltd" - C:\Programme\Creative\USB Headsets\AudioCS\CTAudCS.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - F:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "lgLcdCpl" - "Logitech Inc." - C:\Programme\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "airwv7e1" (airwv7e1) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\airwv7e1.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys (File found, but it contains no detailed information) "ASUS Video3D Service" (Video3D) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\Drivers\Video3D32.sys "ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "C-Media USB Sound Interface" (cmudau) - "C-Media Inc" - C:\WINDOWS\System32\drivers\cmudau.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "EIO" (EIO) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO.sys "Enhanced Display Driver Helper Service" (asuskbnt) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\drivers\atkkbnt.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\System32\DRIVERS\ENTECH.sys "FStarForce" (FStarForce) - "SNEG" - C:\WINDOWS\System32\DRIVERS\FStarForce.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "Hauppauge WinTV 848/9 WDM Video Driver" (HCWBT8XX) - "Hauppauge Computer Works" - C:\WINDOWS\System32\drivers\HCWBT8XX.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "ITERAID_Service_Install" (iteraid) - "Integrated Technology Express, Inc." - C:\WINDOWS\System32\DRIVERS\iteraid.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.12.2" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\WINDOWS\System32\drivers\libusb0.sys "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys "NPUSB" (NPUSB) - "NaturalPoint" - C:\WINDOWS\System32\DRIVERS\npusb.sys "npusbio" (npusbio) - "Thesycon GmbH, Germany" - C:\WINDOWS\System32\Drivers\npusbio.sys "Parallel Port Joystick Bus device driver" (PPJoyBus) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPJoyBus.sys "Parallel Port Joystick device driver" (PPortJoystick) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPortJoy.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SaiClass" (SaiClass) - "Saitek" - C:\WINDOWS\System32\drivers\SaiNtBus.sys "SaiH053C" (SaiH053C) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH053C.sys "SaiMini" (SaiMini) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiMini.sys "SaiNtBus" (SaiNtBus) - "Saitek" - C:\WINDOWS\System32\drivers\SaiBus.sys "SaiNtHid" (SaiNtHid) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "Thrustmaster HOTAS USB Bulk Out" (STTub203) - ? - C:\WINDOWS\System32\Drivers\STTub203.sys "TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS "USB Multi-Channel Audio Device Interface" (USBMULCD) - ? - C:\WINDOWS\System32\drivers\CM106.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WinRing0_1_2_0" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\WinRing0.sys "{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {1EBC3533-B289-409F-9924-B84B3F0717D2} "AceFTP Context Menu Shell Extension" - "Visicom Media Inc." - C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll {798082EF-407A-4788-AAD8-CFB2CFF105DA} "FSFKShell.CSEIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {4B9576CF-00E1-4578-89AE-83ED6D503E93} "FSFKShell.FKSIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {D0B00EE6-CFBA-4462-9872-75F8690526FE} "FSFKShell.FSPIcon" - "Thomas Molitor" - E:\Programme\FS Flight Keeper\FSFKShell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? - C:\Programme\NVIDIA Corporation\nView\nvshell.dll (File not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - F:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - F:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {FE8D01BF-610A-4261-9C6E-32D65A42C907} "ZipGenius DnD Extract handler" - ? - (File not found | COM-object registry key not found) {310A0C95-EA11-42AE-A8E4-53E69E650310} "ZipGenius Drop handler" - ? - (File not found | COM-object registry key not found) {C169E5F0-E2B3-41F3-B81A-7BA529CBE193} "ZipGenius Shell Extension" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - C:\WINDOWS\DOWNLO~1\ASUSTE~1.DLL / hxxp://support.asus.de/common/asusTek_sys_ctrl.cab {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} "Attachment Upload Control" - "WEB.DE GmbH" - C:\WINDOWS\DOWNLO~1\MAIL_U~1.OCX / https://stream.web.de/mail/activex/mail_upload_11213.cab {F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab {162247AF-26A7-44FC-A93A-69506EA244F3} "HWTest.HWTestControl" - ? - C:\WINDOWS\Downloaded Program Files\HWTEST.OCX / hxxp://service.maxdome.de/de/systemcheck/HWTest.CAB {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} "VMN Toolbar" - "Visicom Media Inc. " - C:\Programme\vmntoolbar\vmntoolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5571035D-372E-4CD7-83F7-76708DBF3419} "{5571035D-372E-4CD7-83F7-76708DBF3419}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "CodeMeter Control Center.lnk" - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Icke\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "HOTASMode" - "Thrustmaster" - "C:\Programme\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BW "/PC:\Programme\HOTAS\Profiles\DEFAULT.TMC" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CmUsbSound" - "C-Media Corporation" - RunDll32 cmcnfgu.cpl,CMICtrlWnd "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - C:\Programme\CyberLink\PowerDVD\Language\Language.exe "Launch LCDMon" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" "Launch LGDCore" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - ? - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install (File not found) "ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe "SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe "SoundMax" - "Analog Devices, Inc." - "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "VolPanel" - "Creative Technology Ltd" - "C:\Programme\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATK Keyboard Service" (ATKKeyboardService) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\ATKKBService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "CodeMeter Runtime Server" (CodeMeter.exe) - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe "Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe "Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Programme\Creative\Shared Files\CTAudSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c997fbe2a83b12)" (gupdate1c997fbe2a83b12) - ? - C:\WINDOWS\system32\drivers\gupdate1c997fbe2a83b12.sys (File not found) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "maxdome Download Manager" (Prosieben) - "Entriq, Inc." - C:\Programme\maxdome\DCBin\DCService.exe "MSSQL$SONY_MEDIAMGR" (MSSQL$SONY_MEDIAMGR) - "Microsoft Corporation" - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe "MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "nHancer Support" (nHancer) - "KSE - Korndörfer Software Engineering" - C:\Programme\KSE\nHancer 32bit\nHancerService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "SQLAgent$SONY_MEDIAMGR" (SQLAgent$SONY_MEDIAMGR) - "Microsoft Corporation" - C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE "VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Programme\RealVNC\VNC4\WinVNC4.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Disabled) "{468ogolrem" ({468ogolrem) - ? - C:\WINDOWS\system32\drivers\{468ogolrem.sys (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== So, nach dem deaktiveren waren die Datein C:\WINDOWS\system32\drivers\d3dsmnbf.sys C:\WINDOWS\system32\drivers\oreans32.sys weg, konnte sie nicht mehr Hochladen, leider. Beim Starten von Mozilla, kam die Meldung auch nicht mehr das der Trojaner gefunden wurde :) |
Ok, dann wurden die Einträge mitsamt den Dateien gelöscht - macht nix. Bitte nun diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen. |
Jut, hier der Download File hxxp://www.file-upload.net/download-2393007/Logdatein.rar.html |
Dein Link funktioniert irgendwie nicht :confused: Ich komm immer wieder auf die Hauptseite von file-upload |
Schike dir ne PM lade es auf mein Webspace hoch |
Ok das ging. Zitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten. |
Sagt 0/41 Virustotal. hxxp://www.virustotal.com/de/analisis/f2801bc61d42e903fac637b1893d38bb690e17f9574727ed27d2b3199d63d62e-1269977394 |
Ok, dann keine Funde. Noch Meldungen, Probleme? |
Nein alles i.O.... Dankeschön für die Hilfe..es ist echt nett so etwas zu haben :huepp: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:39 Uhr. |
Copyright ©2000-2025, Trojaner-Board