trojan/tr.ruo log file

quuuh · 29.03.2010, 16:36

Hallo,
kann mir bitte jemand die entsprechenden Einträge nennen?

Dank im Vorraus!

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:21:12 on 29.03.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options )-----
"notepad.exe" - ? - C:\Program Files\Notepad2\Notepad2.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl (File found, but it contains no detailed information)
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\AntiVir Desktop\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"LBeepKE" (LBeepKE) - "Logitech Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVIDIA Network Bus Enumerator" (nvnetbus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
"NVIDIA nForce Networking Controller Driver" (NVENETFD) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVENETFD.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"sysanj" (sysanj) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\sysanj.sys
"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys
"Virtual CD-ROM Device Driver" (vcdrom) - "Microsoft Corporation" - C:\Program Files\System\CPL Bonus\Vcdrom.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "Compressed (zipped) Folder" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\System32\erasext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{8A56567E-A333-4843-B6E1-C3A262E41D8C} "HashPage Class" - "Beeblebrox.org" - C:\Program Files\HashTab Shell Extension\HashTab32.dll
{B1883831-F0D8-4453-8245-EEAAD866DD6E} "HashTab Context Menu" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - D:\Programme\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - D:\Programme\SetPoint\mcplext.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} "PhotoToys" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Windows Desktop Search\msnlExt.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "Windows Media Player Add to Playlist Context Menu Handler" - ? - (File not found | COM-object registry key not found)
{8DD448E6-C188-4aed-AF92-44956194EB1F} "Windows Media Player Burn Audio CD Context Menu Handler" - ? - (File not found | COM-object registry key not found)
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "Windows Media Player Play as Playlist Context Menu Handler" - ? - (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Programme\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "SearchSettings Class" - "Spigot, Inc." - C:\Program Files\Search Settings\SearchSettings.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} "Dealio Toolbar" - ? - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} "Dealio Toolbar" - ? - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (File not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "SearchSettings Class" - "Spigot, Inc." - C:\Program Files\Search Settings\SearchSettings.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech Inc." - D:\Programme\SetPoint\SetPoint.exe (Shortcut exists | File exists)
"Windows Search.lnk" - "Microsoft Corporation" - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Shortcut exists | File exists)
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Eraser" - "The Eraser Project" - C:\Program Files\Eraser\Eraser.exe -hide
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"SpybotSD TeaTimer" - "Safer Networking Limited" - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"Steam" - "Valve Corporation" - "d:\programme\steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"AutoShutdownManager" - "EnviProt" - C:\Program Files\AutoShutdownManager\AutoShutdownManager.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"iTunesHelper" - "Apple Inc." - "D:\Programme\iTunesHelper.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Program Files\Search Settings\SearchSettings.exe
"UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information)
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"ASDM_Service" (ASDM_Service) - "EnviProt" - C:\Program Files\AutoShutdownManager\Services\AutoShutdownManager_Service.exe
"ASDM_UpdateService" (ASDM_UpdateService) - "EnviProt" - C:\Program Files\AutoShutdownManager\Services\ASDM_Helperservice.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

undoreal · 29.03.2010, 18:17

Halli hallo deaktiviere folgende Eeinträge:

Zitat:

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"sysanj" (sysanj) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\sysanj.sys

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} "Dealio Toolbar" - ? - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (File not found)

Lösche die deaktivierten Einträge bitte NICHT ! Wir müssen drigend weitere Analysen durchführen und dafür brauchen wir die Dateien.

Der Trojaner kann nach der Deaktivierung eh keinen Schaden mehr anrichten.

trojan/tr.ruo log file

Log-Analyse und Auswertung: trojan/tr.ruo log file

trojan/tr.ruo log file

trojan/tr.ruo log file

Ähnliche Themen: trojan/tr.ruo log file