(1) Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:50:45, on 12.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Acer\Empowering Technology\admServ.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\tibco\tibrv\bin\rvntsctl.exe C:\tibco\tibrv\bin\rvd.exe C:\tibco\tibrv\bin\rvrd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\utils\versioning\TortoiseSVN\bin\TSVNCache.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Programme\Acer\Acer Arcade\PCMService.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\utils\multimedia\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\utils\Spamihilator\spamihilator.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programme\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\Programme\Messenger\msmsgs.exe C:\apache2.2\bin\ApacheMonitor.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE c:\tibco\iprocess\utils\NobleNet Portmapper for TCP\portserv.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\mstsc.exe D:\backups\utils\antispy\spy-rm\HijackThis.exe C:\Programme\utils\editors\uedit10.10a\uedit32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [PCMService] "C:\Programme\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\utils\multimedia\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\utils\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programme\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\apache2.2\bin\ApacheMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Programme\utils\xml\Altova\XMLSpy2006\spy.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\utils\xml\Altova\XMLSpy2006\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\utils\xml\Altova\XMLSpy2006\spy.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted IP range: http://127.0.0.1C: O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comprendium.at O17 - HKLM\Software\..\Telephony: DomainName = comprendium.at O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comprendium.at O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comprendium.at O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = comprendium.at O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\utils\db\toad861\RNetPin.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Apache2.2 - Unknown owner - C:\apache2.2\bin\httpd.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: JavaEmailServer - Alexandria Software Consulting - C:\Programme\utils\network\jes-1.4\bin\JavaService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: NobleNet Portmapper for TCP - Rogue Wave Software - c:\tibco\iprocess\utils\NobleNet Portmapper for TCP\portserv.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TIBCO TIB/Rendezvous Communications Daemon (rvd) - Unknown owner - C:\tibco\tibrv\bin\rvntsctl.exe O23 - Service: TIBCO TIB/Rendezvous Routing Communications Daemon (rvrd) - Unknown owner - C:\tibco\tibrv\bin\rvntsctl.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Staffware ipe Server Manager - Alexandria Software Consulting - C:\tibco\iProcess\ipe\tomcat\bin\tomcat.exe O23 - Service: Staffware ipe Process Sentinels (StaffwareipeProcessSentinels) - Unknown owner - C:\tibco\iProcess\ipe\etc\pmsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TAdapter - Unknown owner - C:\tibco\utils\TAdapter\TAdapter.exe O23 - Service: TIBCO Administrator 5.3 (dev) (TIBCOAdmin-dev) - Unknown owner - C:/tibco/administrator/domain/dev/bin/tibcoadmin_dev.exe O23 - Service: TIBCO Hawk Agent (TIBHawkAgent) - Unknown owner - C:\tibco\hawk\bin\tibhawkagentnt.exe O23 - Service: TIBCO Hawk Agent (dev) (TIBHawkAgent-dev-shadow) - Unknown owner - C:/tibco/tra/domain/dev/hawkagent_dev.exe O23 - Service: TIBCO Hawk Event (TIBHawkEvent) - Unknown owner - C:\tibco\hawk\bin\tibhawkeventnt.exe O23 - Service: TIBCO Hawk HMA (TIBHawkHMA) - Unknown owner - C:\tibco\hawk\bin\tibhawkhma.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\tomcat55\bin\tomcat5.exe (2) Cleanup gelaufen und reboot (3) datfind.bat system32.txt: -------------------------------------- Datentr„ger in Laufwerk D: ist ACERDATA Volumeseriennummer: C4B5-BA0C Verzeichnis von D:\ 12.07.2006 16:34 210 boot.ini 04.08.2004 12:00 47.564 NTDETECT.COM 04.08.2004 12:00 251.184 ntldr 04.08.2004 12:00 4.952 bootfont.bin 4 Datei(en) 303.910 Bytes 0 Verzeichnis(se), 33.510.653.952 Bytes frei systemtemp.txt -------------------------------------- Datentr„ger in Laufwerk D: ist ACERDATA Volumeseriennummer: C4B5-BA0C Verzeichnis von D:\ 12.07.2006 16:34 210 boot.ini 04.08.2004 12:00 47.564 NTDETECT.COM 04.08.2004 12:00 251.184 ntldr 04.08.2004 12:00 4.952 bootfont.bin 4 Datei(en) 303.910 Bytes 0 Verzeichnis(se), 33.510.653.952 Bytes frei system.txt: -------------------------------------- Datentr„ger in Laufwerk D: ist ACERDATA Volumeseriennummer: C4B5-BA0C Verzeichnis von D:\ 12.07.2006 16:34 210 boot.ini 04.08.2004 12:00 47.564 NTDETECT.COM 04.08.2004 12:00 251.184 ntldr 04.08.2004 12:00 4.952 bootfont.bin 4 Datei(en) 303.910 Bytes 0 Verzeichnis(se), 33.510.653.952 Bytes frei sys.txt: -------------------------------------- Datentr„ger in Laufwerk D: ist ACERDATA Volumeseriennummer: C4B5-BA0C Verzeichnis von D:\ 12.07.2006 16:34 210 boot.ini 04.08.2004 12:00 47.564 NTDETECT.COM 04.08.2004 12:00 251.184 ntldr 04.08.2004 12:00 4.952 bootfont.bin 4 Datei(en) 303.910 Bytes 0 Verzeichnis(se), 33.510.653.952 Bytes frei (4) Problembeschreibung Liegt bereits vor, allerdings ist es sicher wichtig anzumerken, daß der Port 80 Redirect auch passiert wenn ich telnet www.someserver.domain 80 verwende. Port 443 funktioniert ohne Probleme.