Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden

tkder1 · 31.03.2010, 12:23

Hallo liebe Comm...
auch ich muss mich in die Reihe der Infizierten stellen

Ich hänge mal den Osam Log dran...ich würde ja selber was fixen, weiß aber net richtig welche Datei...bzw. traue mich nicht

Deswegen hoffe ich einfach mal auf einen Kompetenzler, der mir hilft den Trojaner los zu werden

Vielen Dank im Voraus!

Zitat:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:41:10 on 31.03.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.51
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Agnitum Ltd." - e:\agnitum\outpos~1\wl_hook.dll
"AppInit_DLLs" - "Adobe Systems, Inc." - C:\WINDOWS\system32\acaptuser32.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"1,5TB AKTivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB AKTivieren.bat
"1,5TB DEaktivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB DEaktivieren.bat
"Internetverbindung_prüfen.job" - ? - D:\Downloads\Programmieren_zuHause\Internetverbindung prüfen\I-net prüfen.bat
"NeroLiveEpgUpdate-TKDER1_Tobi.job" - "Nero AG" - E:\Nero\Nero 9\Nero Live\NeroLive.exe
"SofortAktualisierung BGInfo.job" - ? - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\SofortAktualisierung[1].exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - E:\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"NokiaConnectionManager" - "Nokia" - E:\NOKIA\NOKIAP~1\CONNEC~1.CPL
"WISO Internet Security" - ? - C:\PROGRA~1\WISOIN~1\avconfig.cpl (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"Ad-Watch Connect Kernel Filter" (Ad-Watch Connect Filter) - ? - C:\WINDOWS\system32\drivers\NSDriver.sys (File not found)
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys
"afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys
"Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys
"ajcbf72r" (ajcbf72r) - ? - C:\WINDOWS\system32\drivers\ajcbf72r.sys (Hidden registry entry, rootkit activity | File not found)
"AMD Special Tools Driver" (AmdTools) - "AMD, Inc." - C:\WINDOWS\System32\DRIVERS\AmdTools.sys
"aqd841y5" (aqd841y5) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aqd841y5.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll
"ATI T200 Unified AVStream service" (ATIAVAIW) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\atinavt2.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"c1415" (c1415) - ? - C:\WINDOWS\system32\c1415.sys (File found, but it contains no detailed information)
"cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Tobi\LOKALE~1\Temp\cdiskdun.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"CO_Mon" (CO_Mon) - ? - C:\WINDOWS\system32\Drivers\CO_Mon.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"GBDevice" (GBDevice) - ? - C:\WINDOWS\system32\drivers\GBDevice.sys (File not found)
"GBFSHook" (GBFSHook) - ? - C:\WINDOWS\system32\drivers\GBFSHook.sys (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"GoBack2K" (GoBack2K) - ? - C:\WINDOWS\system32\drivers\GoBack2K.sys (File not found)
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Icatch(IV) Still Camera Device" (USBCamera) - ? - C:\WINDOWS\System32\Drivers\Bulk533.sys (File not found)
"Icatch(IV) Video Camera Device" (Ca533av) - ? - C:\WINDOWS\System32\Drivers\Ca533av.sys (File not found)
"IwUSB" (IwUSB) - "TDi GmbH TechnoData - Interware" - C:\WINDOWS\System32\Drivers\IwUSB.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"LUMDriver" (LUMDriver) - "IBM" - C:\WINDOWS\system32\drivers\LUMDriver.sys
"ntiomin" (ntiomin) - ? - C:\WINDOWS\system32\drivers\ntiomin.sys (File not found)
"ntnbsw" (ntnbsw) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnbsw.sys
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"NVR0Dev" (NVR0Dev) - ? - C:\WINDOWS\nvoclock.sys (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - E:\RivaTuner v2.24\RivaTuner32.sys (File found, but it contains no detailed information)
"SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys
"SANDRA" (SANDRA) - ? - E:\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys (File not found)
"siusbmod" (siusbmod) - ? - C:\WINDOWS\System32\DRIVERS\siusbmod.sys (File not found)
"SIWIO" (SIWIO) - ? - C:\WINDOWS\TEMP\SiwIo.sys (File found, but it contains no detailed information)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys
"TerraTec H5 Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emBDA.sys
"TerraTec H5 OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emOEM.sys
"TICalc" (TICalc) - ? - C:\WINDOWS\system32\drivers\TICalc.sys (File found, but it contains no detailed information)
"TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
"uigxrdr" (uigxrdr) - "GMX GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"USB 2.0 DVB-T/TV BOX" (M9207) - "ULi Electronics Inc." - C:\WINDOWS\System32\DRIVERS\M9207BDA.sys
"USB Camera Manager Plus" (OVT511Plus) - ? - C:\WINDOWS\System32\Drivers\omcamvid.sys (File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - D:\Downloads\Word u. Excel von Tobias\Sonstiges\Bilder\Wallpapers\BMW_041.jpg
"(1) Source" - ? - hxxp://www.finanzen.net/ (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2256CF1E-D19C-2CD6-0205-080000070308} "StubPath" - ? - C:\WINDOWS\system32\common.exe (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - E:\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - E:\ALCOHO~1\AxShlex.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{709C6E11-538F-4759-86AC-6ACB302AA0DE} "Desktop Manager" - ? - C:\WINDOWS\system32\msvdm.dll (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - E:\OFFICE~1\Office12\NAMEEXT.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - E:\ICQLite\ICQLite\ICQLiteShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office2003\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\NOKIA\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\OFFICE~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "GMX GmbH" - E:\GMX Upload Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - E:\WinRaR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "SOFTWIN" - C:\WINDOWS\BDOSCAN8\oscan82.ocx / hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
{E8F628B5-259A-4734-97EE-BA914D7BE941} "Driver Agent ActiveX Control" - "Touchstone Software Corp" - C:\WINDOWS\Downloaded Program Files\driveragent.ocx / hxxp://driveragent.com/files/driveragent.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} "F-Secure Online Scanner 3.0" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{0B79F48A-E8D6-11DB-9283-E25056D89593} "F-Secure Online Scanner 3.1" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226930356
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} "McFreeScan Class" - "McAfee, Inc." - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll / hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5936/mcfscan.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243235255546
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{BE833F39-1E0C-468C-BA70-25AAEE55775E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab.dll / hxxp://www.systemrequirementslab.com/sysreqlab.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} "WScanCtl Class" - "CA" - C:\WINDOWS\Downloaded Program Files\webscan.dll / hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} "{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{DF9C24D1-030E-49ED-5EB5-D6610086C313} "{DF9C24D1-030E-49ED-5EB5-D6610086C313}" - ? - (File not found | COM-object registry key not found) / hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe (File found, but it contains no detailed information)
"ICQ Lite" - ? - E:\ICQLite\ICQLite\ICQLite.exe (File not found)
"ICQ7" - "ICQ, Inc." - E:\ICQ7.0\ICQ.exe
{A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - E:\Agnitum\Outpost Firewall Pro\ie_bar.dll
"PartyPoker.com" - ? - E:\PartyPoker\PartyPoker\RunApp.exe
"PartyPoker.net" - ? - E:\PartyPoker\PartyPokerNet\RunPF.exe (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\OFFICE~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - E:\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"CesarFTP.lnk" - "Alexandre Cesari" - E:\CesarFTP\CesarFTP.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"DynDNS Updater Tray Icon.lnk" - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynTray.exe (Shortcut exists | File exists)
"Outpost Firewall.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Outpost Firewall.lnk (Shortcut exists | File not found)
"Quicken 2010 Zahlungserinnerung.lnk" - "Lexware GmbH & Co. KG" - E:\Lexware\Quicken\2010\billmind.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Bginfo.lnk" - "Sysinternals" - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\Bginfo.exe (Shortcut exists | File exists)
"Verknüpfung mit FTPStatus.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\FTP Aktivitäten abfragen\FTPStatus\FTPStatus\bin\Release\FTPStatus.exe (Shortcut exists | File exists)
"Verknüpfung mit Zeitsteuerung alt.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\Zeitsteuerung VB2008\Zeitsteuerung\Zeitsteuerung\bin\Release\Zeitsteuerung alt.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NVIDIA nTune" - ? - "E:\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (File not found)
"Remote Control Editor" - "Elgato Systems" - "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
"studNET-Autologin" - "Dossin-Brade GbR" - C:\WINDOWS\system32\studnet\studnet.exe /auto
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.miniclip.com/games/down-hill-chill/de/"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - ? - nwiz.exe /installquiet (File not found)
"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe (File found, but it contains no detailed information)
"OutpostMonitor" - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
"QuickTime Task" - "Apple Computer, Inc." - "E:\QuickTime\qttask.exe" -atboottime
"RivaTuner" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /T
"RivaTunerStartupDaemon" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /S
"RTSS" - ? - "E:\RivaTuner v2.24\Tools\RTSS\RTSS.exe" /s
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - E:\Acronis\TrueImageHome\TrueImageMonitor.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"GMX MediaCenter" - "GMX GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\acs.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Backbone Service" (BBDemon) - "Dassault Systemes" - E:\CATIA\intel_a\code\bin\CATSysDemon.exe
"CesarFTP FTP Server" (CesarFTP) - ? - E:\CesarFTP\server.exe (File found, but it contains no detailed information)
"DynDNS Updater" (DynDNS Updater) - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynUpSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HDD & SSD access service" (HDD & SSD access service) - ? - "C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe" (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - E:\Alcohol 120\StarWind\StarWindService.exe
"StyleXPService" (StyleXPService) - ? - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (File not found)
"Symantec Core LC" (Symantec Core LC) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - E:\TeamViewer\Version4\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
"uvnc_service" (uvnc_service) - "UltraVNC" - E:\UltraVNC\winvnc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

cosinus · 31.03.2010, 14:39

Hallo und

Code:

ATTFilter

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ntnbsw" (ntnbsw) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnbsw.sys

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)

C:\WINDOWS\system32\drivers\ntnbsw.sys

bei https://www.virustotal.com auswerten und poste den Ergebnislink.

tkder1 · 31.03.2010, 15:35

ok...erstmal vielen Dank.
Die Datei ist nach dem Neustart nicht wieder aufgetaucht!
Ist die Sache damit erledigt?

anbei noch der neue log:

Zitat:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:29:45 on 31.03.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.51

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Agnitum Ltd." - e:\agnitum\outpos~1\wl_hook.dll
"AppInit_DLLs" - "Adobe Systems, Inc." - C:\WINDOWS\system32\acaptuser32.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"1,5TB AKTivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB AKTivieren.bat
"1,5TB DEaktivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB DEaktivieren.bat
"Internetverbindung_prüfen.job" - ? - D:\Downloads\Programmieren_zuHause\Internetverbindung prüfen\I-net prüfen.bat
"NeroLiveEpgUpdate-TKDER1_Tobi.job" - "Nero AG" - E:\Nero\Nero 9\Nero Live\NeroLive.exe
"SofortAktualisierung BGInfo.job" - ? - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\SofortAktualisierung[1].exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - E:\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"NokiaConnectionManager" - "Nokia" - E:\NOKIA\NOKIAP~1\CONNEC~1.CPL
"WISO Internet Security" - ? - C:\PROGRA~1\WISOIN~1\avconfig.cpl (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"Ad-Watch Connect Kernel Filter" (Ad-Watch Connect Filter) - ? - C:\WINDOWS\system32\drivers\NSDriver.sys (File not found)
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"af5ca4zg" (af5ca4zg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\af5ca4zg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys
"afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys
"Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys
"ajphevqt" (ajphevqt) - ? - C:\WINDOWS\system32\drivers\ajphevqt.sys (Hidden registry entry, rootkit activity | File not found)
"AMD Special Tools Driver" (AmdTools) - "AMD, Inc." - C:\WINDOWS\System32\DRIVERS\AmdTools.sys
"ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll
"ATI T200 Unified AVStream service" (ATIAVAIW) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\atinavt2.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"c1415" (c1415) - ? - C:\WINDOWS\system32\c1415.sys (File found, but it contains no detailed information)
"cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Tobi\LOKALE~1\Temp\cdiskdun.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"CO_Mon" (CO_Mon) - ? - C:\WINDOWS\system32\Drivers\CO_Mon.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"GBDevice" (GBDevice) - ? - C:\WINDOWS\system32\drivers\GBDevice.sys (File not found)
"GBFSHook" (GBFSHook) - ? - C:\WINDOWS\system32\drivers\GBFSHook.sys (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"GoBack2K" (GoBack2K) - ? - C:\WINDOWS\system32\drivers\GoBack2K.sys (File not found)
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Icatch(IV) Still Camera Device" (USBCamera) - ? - C:\WINDOWS\System32\Drivers\Bulk533.sys (File not found)
"Icatch(IV) Video Camera Device" (Ca533av) - ? - C:\WINDOWS\System32\Drivers\Ca533av.sys (File not found)
"IwUSB" (IwUSB) - "TDi GmbH TechnoData - Interware" - C:\WINDOWS\System32\Drivers\IwUSB.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"LUMDriver" (LUMDriver) - "IBM" - C:\WINDOWS\system32\drivers\LUMDriver.sys
"ntiomin" (ntiomin) - ? - C:\WINDOWS\system32\drivers\ntiomin.sys (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"NVR0Dev" (NVR0Dev) - ? - C:\WINDOWS\nvoclock.sys (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - E:\RivaTuner v2.24\RivaTuner32.sys (File found, but it contains no detailed information)
"SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys
"SANDRA" (SANDRA) - ? - E:\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys (File not found)
"siusbmod" (siusbmod) - ? - C:\WINDOWS\System32\DRIVERS\siusbmod.sys (File not found)
"SIWIO" (SIWIO) - ? - C:\WINDOWS\TEMP\SiwIo.sys (File found, but it contains no detailed information)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys
"TerraTec H5 Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emBDA.sys
"TerraTec H5 OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emOEM.sys
"TICalc" (TICalc) - ? - C:\WINDOWS\system32\drivers\TICalc.sys (File found, but it contains no detailed information)
"TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
"uigxrdr" (uigxrdr) - "GMX GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"USB 2.0 DVB-T/TV BOX" (M9207) - "ULi Electronics Inc." - C:\WINDOWS\System32\DRIVERS\M9207BDA.sys
"USB Camera Manager Plus" (OVT511Plus) - ? - C:\WINDOWS\System32\Drivers\omcamvid.sys (File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "ntnbsw" (ntnbsw) - ? - C:\WINDOWS\system32\drivers\ntnbsw.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - D:\Downloads\Word u. Excel von Tobias\Sonstiges\Bilder\Wallpapers\BMW_041.jpg
"(1) Source" - ? - hxxp://www.finanzen.net/ (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2256CF1E-D19C-2CD6-0205-080000070308} "StubPath" - ? - C:\WINDOWS\system32\common.exe (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - E:\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - E:\ALCOHO~1\AxShlex.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{709C6E11-538F-4759-86AC-6ACB302AA0DE} "Desktop Manager" - ? - C:\WINDOWS\system32\msvdm.dll (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - E:\OFFICE~1\Office12\NAMEEXT.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - E:\ICQLite\ICQLite\ICQLiteShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office2003\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\NOKIA\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\OFFICE~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "GMX GmbH" - E:\GMX Upload Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - E:\WinRaR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "SOFTWIN" - C:\WINDOWS\BDOSCAN8\oscan82.ocx / hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
{E8F628B5-259A-4734-97EE-BA914D7BE941} "Driver Agent ActiveX Control" - "Touchstone Software Corp" - C:\WINDOWS\Downloaded Program Files\driveragent.ocx / hxxp://driveragent.com/files/driveragent.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} "F-Secure Online Scanner 3.0" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{0B79F48A-E8D6-11DB-9283-E25056D89593} "F-Secure Online Scanner 3.1" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226930356
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} "McFreeScan Class" - "McAfee, Inc." - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll / hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5936/mcfscan.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243235255546
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{BE833F39-1E0C-468C-BA70-25AAEE55775E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab.dll / hxxp://www.systemrequirementslab.com/sysreqlab.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} "WScanCtl Class" - "CA" - C:\WINDOWS\Downloaded Program Files\webscan.dll / hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} "{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{DF9C24D1-030E-49ED-5EB5-D6610086C313} "{DF9C24D1-030E-49ED-5EB5-D6610086C313}" - ? - (File not found | COM-object registry key not found) / hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe (File found, but it contains no detailed information)
"ICQ Lite" - ? - E:\ICQLite\ICQLite\ICQLite.exe (File not found)
"ICQ7" - "ICQ, Inc." - E:\ICQ7.0\ICQ.exe
{A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - E:\Agnitum\Outpost Firewall Pro\ie_bar.dll
"PartyPoker.com" - ? - E:\PartyPoker\PartyPoker\RunApp.exe
"PartyPoker.net" - ? - E:\PartyPoker\PartyPokerNet\RunPF.exe (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\OFFICE~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - E:\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"CesarFTP.lnk" - "Alexandre Cesari" - E:\CesarFTP\CesarFTP.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"DynDNS Updater Tray Icon.lnk" - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynTray.exe (Shortcut exists | File exists)
"Outpost Firewall.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Outpost Firewall.lnk (Shortcut exists | File not found)
"Quicken 2010 Zahlungserinnerung.lnk" - "Lexware GmbH & Co. KG" - E:\Lexware\Quicken\2010\billmind.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Bginfo.lnk" - "Sysinternals" - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\Bginfo.exe (Shortcut exists | File exists)
"Verknüpfung mit FTPStatus.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\FTP Aktivitäten abfragen\FTPStatus\FTPStatus\bin\Release\FTPStatus.exe (Shortcut exists | File exists)
"Verknüpfung mit Zeitsteuerung alt.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\Zeitsteuerung VB2008\Zeitsteuerung\Zeitsteuerung\bin\Release\Zeitsteuerung alt.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NVIDIA nTune" - ? - "E:\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (File not found)
"Remote Control Editor" - "Elgato Systems" - "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
"studNET-Autologin" - "Dossin-Brade GbR" - C:\WINDOWS\system32\studnet\studnet.exe /auto
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.miniclip.com/games/down-hill-chill/de/"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - ? - nwiz.exe /installquiet (File not found)
"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe (File found, but it contains no detailed information)
"OutpostMonitor" - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
"QuickTime Task" - "Apple Computer, Inc." - "E:\QuickTime\qttask.exe" -atboottime
"RivaTuner" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /T
"RivaTunerStartupDaemon" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /S
"RTSS" - ? - "E:\RivaTuner v2.24\Tools\RTSS\RTSS.exe" /s
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - E:\Acronis\TrueImageHome\TrueImageMonitor.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"GMX MediaCenter" - "GMX GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\acs.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Backbone Service" (BBDemon) - "Dassault Systemes" - E:\CATIA\intel_a\code\bin\CATSysDemon.exe
"CesarFTP FTP Server" (CesarFTP) - ? - E:\CesarFTP\server.exe (File found, but it contains no detailed information)
"DynDNS Updater" (DynDNS Updater) - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynUpSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HDD & SSD access service" (HDD & SSD access service) - ? - "C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe" (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - E:\Alcohol 120\StarWind\StarWindService.exe
"StyleXPService" (StyleXPService) - ? - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (File not found)
"Symantec Core LC" (Symantec Core LC) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - E:\TeamViewer\Version4\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
"uvnc_service" (uvnc_service) - "UltraVNC" - E:\UltraVNC\winvnc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

cosinus · 31.03.2010, 18:59

Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

tkder1 · 01.04.2010, 04:24

Guten Morgen,
hört sich ja gut an

Anbei schonmal der Scan von Malware den ich gestern mal vorsorglich gemacht hatte...
Der hatte natürlich noch was gefunden, habs aber löschen lassen, hoffe ich ^^
SuperAntiSpyware folgt im Laufe des Tages...

Zitat:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3937

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.03.2010 16:54:53
mbam-log-2010-03-31 (16-54-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115556
Laufzeit: 12 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

tkder1 · 01.04.2010, 10:10

sooo...nach 5 mühsamen Stunden ist der Scan beendet...
hier die Log:

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/01/2010 at 10:55 AM

Application Version : 4.35.1000

Core Rules Database Version : 4756
Trace Rules Database Version: 2568

Scan type : Complete Scan
Total Scan Time : 05:10:42

Memory items scanned : 583
Memory threats detected : 0
Registry items scanned : 7713
Registry threats detected : 0
File items scanned : 514040
File threats detected : 4

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Tobi\Cookies\tobi@atwola[3].txt
C:\Dokumente und Einstellungen\Tobi\Cookies\tobi@hlstatsx[2].txt

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\MSCC2DE.DLL

Unclassified.Monitor/ActualSpy
J:\SIKO EXTERN250GB 18.02.2008\APPZ\WINXP PLUS SPECIAL

PROGRAMS\PROGRAMME\MG11PRO\SUPPORT\MGGSTR32.DLL

Werde dann jetzt mal neustarten, damit alle Geschichten auch wirklich weg sind ...
Hab ich sonst noch was zu beachten? Ansonsten schonmal Vielen Dank!

cosinus · 01.04.2010, 10:46

Ok. Berichte dann ob noch weitere Meldungen oder Probleme da sind, wenn nicht bist Du entlassen und kannst mal Deine Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

31.03.2010, 18:59	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard$ Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden

Plagegeister aller Art und deren Bekämpfung: Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden