#1
Nochmals Hallo, ich habe neuerdings ein neues Problem, mein ganzes System spiel verrückt, ich weiss garnet was alles aber was mir bekannt ist: Ich hatte mir escan runtergeladen gehabt und zur gleichen Zeit muss wieder irgendwas auf meinen Computer gekommen sein weil die Uhrzeit und das Datum identisch sind. nämlich 08.09.2006 00.31Uhr. Ich hatte plötzlich neue Dateien auf meinem Computer einmal was mit Bootini, AVP Callback was sich zuerst immer selbst rekonstruiert hatte was ich aber im abgesicherten Modus entfernen konnte. Dann hatte ich unter Gemeinsame Dateien plötzlich einen neuen Benutzer gefunden der Keys angelegt hatte wozu ich ein Supervisorkennwort bräuchte, konnte auch das löschen, Aber mein Problem ist nach dem Neustart ist mein ganzes System wie nach einem Backup erschienen einige dateien fehlen auch...... dazu kommt das auch sämtliche Outlookeinstellungen weg sind ich muss alles neu einstellen...Zudem kann ich die suche nicht verwenden und die Benutzerkonten kann ich auch nicht öffnen weil nur ein weisses Bild erscheint, auch mein Virenprogramm lässt sich nicht starten auch bitdefender online scan... Dann kam die Meldung das er das Laufwerk e nicht finden kann.. habe escan wieder entfernt aber die Probleme bleiben... Bitte kann mir jemand helfen, ich weiss nicht mehr weiter und ein Backup möchte ich nicht machen weil es vom Anfang war... mein Fehler ich weiss..
Hier mein Logfile... Logfile of HijackThis v1.99.1 Scan saved at 12:57:26, on 09.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Jetzt das interessanteste Hijackfreeanalyse findet das hier.... Name: MSMSGS Good: 2 Bad: 18
Status Name Command Description $statusbad$ X csrss msmsgs.exe Added by the CHODE-J WORM! $statusbad$ X Messenger Service msmsgs.exe Added by the SDBOT-ZB WORM! $statusnotsure$ U MSMSGS msmsgs.exe Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts" $statusbad$ X MSMsgs msmessgs.exe Added by the SMALL-EW TROJAN! $statusbad$ X MSN Messenger msmsgs.exe Added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X MSN Messenger msmsgs.exe Added by the ZHOPA TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X Msn Update Manager (Sp2) MSMSGS.EXE Added by the AGOBOT-NL WORM! $statusbad$ X notepad.exe msmsgs.exe Added by a variant of the FAKESPY-B TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I TROJAN! Note - not be mistaken for the MSN Messenger file of the same name! $statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I and ZLOB-H TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! $statusbad$ X csrss msmsgs.exe Added by the CHODE-J WORM! $statusbad$ X Messenger Service msmsgs.exe Added by the SDBOT-ZB WORM! $statusnotsure$ U MSMSGS msmsgs.exe Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts" $statusbad$ X MSMsgs msmessgs.exe Added by the SMALL-EW TROJAN! $statusbad$ X MSN Messenger msmsgs.exe Added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X MSN Messenger msmsgs.exe Added by the ZHOPA TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X Msn Update Manager (Sp2) MSMSGS.EXE Added by the AGOBOT-NL WORM! $statusbad$ X notepad.exe msmsgs.exe Added by a variant of the FAKESPY-B TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name! $statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I TROJAN! Note - not be mistaken for the MSN Messenger file of the same name! $statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I and ZLOB-H TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Port: 1025 Good: 1 Bad: 1
Status Port Protocol Description $statusgood$ 1025 TCP/UDP Windows RPC, Scheduled Tasks $statusbad$ 1025 TCP/UDP NetSpy, Maverick's Matrix, RemoteStorm
Name: SVCHOST.EXE Good: 1 Bad: 1
Status Filename Path Description $statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. $statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: SMSS.EXE Good: 1 Bad: 2
Status Filename Path Description $statusgood$ smss.exe %systempath%\ This process is responsible for handling user sessions on your system. $statusbad$ smss.exe %winpath%\connection wizard\status\ Email-Worm.Win32.Sober.o $statusbad$ smss.exe %winpath%\help\help\ Email-Worm.Win32.Sober.p
Name: CSRSS.EXE Good: 1 Bad: 2
Status Filename Path Description $statusgood$ csrss.exe %systempath%\ csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows. $statusbad$ csrss.exe %winpath%\ This worm is transmitted via e-mail and attempts to install itself on your computer. $statusbad$ csrss.exe %winpath%\winsecurity\ Email-Worm.Win32.Sober.z
Name: WINLOGON.EXE Good: 1 Bad: 1
Status Filename Path Description $statusgood$ winlogon.exe %systempath%\ Winlogon.exe handles the login and logout procedures on your system. $statusbad$ winlogon.exe %winpath%\ Win32.Netsky.d
Name: SERVICES.EXE Good: 1 Bad: 1
Status Filename Path Description $statusgood$ services.exe %systempath%\ Services.exe manages the operation of starting and stopping services. $statusbad$ services.exe %winpath%\winsecurity\ Email-Worm.Win32.Sober.z
Name: SVCHOST.EXE Good: 1 Bad: 1
Status Filename Path Description $statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. $statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: SVCHOST.EXE Good: 1 Bad: 1
Status Filename Path Description $statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. $statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: EXPLORER.EXE Good: 2 Bad: 1
Status Filename Path Description $statusbad$ explorer.exe %systempath%\ Trojan.Zapchas.ac $statusgood$ explorer.exe %winpath%\ The Windows explorer manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager. $statusgood$ explorer.exe %winpath%\shim\ RunAsAdmin Explorer Shim is a tool that lets administrators keep and easily use their administrative rights but still enjoy safety of using least privileged accounts.
Das waren alle die das Programm erkennen konnte... Bitte helft mir ...
So das ist alles mögliche und ich hoffe jemand kann mir helfen...
Dieser Beitrag wurde am 09.09.2006 um 16:34 Uhr von Juana2004 editiert.
Um auf dieses Thema zu ANTWORTEN bitte erst » hier kostenlos registrieren!!
Hier mein Logfile...
Logfile of HijackThis v1.99.1
Scan saved at 12:57:26, on 09.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Christina\Eigene Dateien\Unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148070640593
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Hoffe ich könnt mir helfen weiss nichts mehr..
Christina
Hier Combofix
Christina - 06-09-09 13:07:19,59
ComboFix 06.09.07 - Running from: C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Desktop
Microsoft Windows XP [Version 5.1.2600]
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 ))))))))))))))))))))))))))))))))))
2006-09-08 22:04 126,976 --a------ C:\WINDOWS\system32\UAService7.exe
2006-09-08 00:31 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2006-09-08 00:31 9,488 --a------ C:\WINDOWS\sporder.dll
2006-09-08 00:31 82,176 --a------ C:\WINDOWS\winsbak2.reg
2006-09-08 00:31 7,680 --a------ C:\WINDOWS\sporder.exe
2006-09-08 00:31 41,984 --a------ C:\WINDOWS\killproc.exe
2006-09-08 00:31 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2006-09-08 00:31 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2006-09-08 00:31 153,600 --a------ C:\WINDOWS\REGEDIT.COM
2006-09-08 00:31 153,600 --a------ C:\WINDOWS\R.COM
2006-09-08 00:31 140,800 --a------ C:\WINDOWS\system32\T.COM
2006-09-08 00:31 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2006-09-08 00:31 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2006-09-08 00:31 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2006-09-08 00:31 11,026 --a------ C:\WINDOWS\winsbak.reg
2006-09-08 00:31 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2006-09-06 21:12 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-09-05 02:10 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-04 00:10 42,920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2006-08-25 14:51 3,051,520 --------- C:\WINDOWS\UNNMP.exe
2006-08-25 14:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-08-25 14:48 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2006-08-25 14:48 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-08-25 14:47 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-08-25 14:47 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-08-25 14:47 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-08-25 14:47 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-08-25 14:47 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-08-25 14:47 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-08-25 14:47 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-08-21 02:44 117,760 --------- C:\WINDOWS\system32\xmllite.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
[COLOR=RED]Rootkit driver lzx32 is present. A rootkit scan is required[/COLOR]
2006-09-09 12:28 -------- d-------- C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Anwendungsdaten\Macromedia
2006-09-09 03:45 -------- d-------- C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Anwendungsdaten\Talkback
2006-09-09 03:45 -------- d-------- C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Anwendungsdaten\Mozilla
2006-09-09 03:44 -------- d-------- C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Anwendungsdaten\T-Online
2006-09-09 03:35 -------- d-------- C:\Dokumente und Einstellungen\Christina.ACER-59DE6FF88D\Anwendungsdaten\T-DSL SpeedManager
2006-09-08 00:31 -------- d-------- C:\Programme\Gemeinsame Dateien\MicroWorld
2006-09-06 21:11 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-09-06 20:53 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-09-06 16:23 -------- d-------- C:\Programme\Sunbelt Software
2006-09-04 00:09 -------- d-------- C:\Programme\Zone Labs
2006-08-25 14:50 -------- d-------- C:\Programme\Gemeinsame Dateien\Nero
2006-08-25 14:47 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-08-25 14:47 -------- d-------- C:\Programme\Ahead
2006-08-21 00:05 13155120 --a------ C:\Programme\IE7BETA3-WindowsXP-x86-deu.exe
2006-08-18 02:18 -------- d-------- C:\Programme\Gemeinsame Dateien\aolshare
2006-08-17 22:52 -------- d-------- C:\Programme\Common Files
2006-08-17 22:40 -------- d-------- C:\Programme\Viewpoint
2006-08-12 21:12 -------- d-------- C:\Programme\eicheljagd
2006-08-12 21:11 -------- d-------- C:\Programme\wmsr
2006-08-12 20:53 -------- d-------- C:\Programme\eBay
2006-08-08 02:25 -------- d-------- C:\Programme\3D Darts Professional Demo
2006-08-06 16:46 9109584 --a------ C:\Programme\TU2006TrialDE.exe
2006-08-04 20:07 -------- d-------- C:\Programme\WinZip
2006-08-03 17:36 -------- d-------- C:\Programme\EA GAMES
2006-07-30 17:14 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-23 16:30 -------- d-------- C:\Programme\Mozilla Firefox
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-29 09:10 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-06-28 11:58 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-06-28 11:58 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"ntiMUI"="C:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"T-DSL SpeedMgr"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\""
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"IPHSend"="C:\\Programme\\Gemeinsame Dateien\\AOL\\IPHSend\\IPHSend.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,71,01,00,00,00,00,00,00,62,03,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash"
"Spyware Doctor"=""
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash"
"Spyware Doctor"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"navapsvc"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1155860317\\ee\\AOLSoftware.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"spywarefighterguard"="C:\\Programme\\SPYWAREfighter\\spfprc.exe"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
Completion time: 09.09.2006 13:08:52.07
ComboFix.txt
hIER NOCH DATFINDBAT
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 320D-180E
Verzeichnis von C:\WINDOWS\system32
09.09.2006 12:35 682 eRLog.ini
09.09.2006 12:33 1.158 wpa.dbl
09.09.2006 12:32 54.112 vsconfig.xml
08.09.2006 22:05 126.976 UAService7.exe
05.09.2006 15:47 24.072 uxtuneup.dll
04.09.2006 00:13 4.212 zllictbl.dat
11.08.2006 21:56 16.832 amcompat.tlb
11.08.2006 21:56 23.392 nscompat.tlb
04.08.2006 22:17 1.869 ikhcore.log
03.08.2006 03:22 8.255.912 MRT.exe
31.07.2006 04:12 950.272 contfilt.dll
31.07.2006 03:52 339.968 mwtsp.dll
31.07.2006 03:48 118.784 mwnsp.dll
30.07.2006 17:14 1.024 NTIMPEG2.dll
27.07.2006 15:25 679.424 inetcomm.dll
27.07.2006 01:20 5.632 Thumbs.db
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
13.07.2006 12:38 64.452 perfc007.dat
13.07.2006 12:38 902.476 PerfStringBackup.INI
13.07.2006 12:38 381.692 perfh009.dat
13.07.2006 12:38 53.436 perfc009.dat
13.07.2006 12:38 392.512 perfh007.dat
09.07.2006 13:42 42.920 vsutil_loc0407.dll
09.07.2006 13:42 392.824 vsdatant.sys
09.07.2006 13:42 71.672 zlcommdb.dll
09.07.2006 13:42 83.960 zlcomm.dll
09.07.2006 13:42 100.344 vsxml.dll
09.07.2006 13:42 59.384 vswmi.dll
09.07.2006 13:42 71.672 vsregexp.dll
09.07.2006 13:42 440.312 vsutil.dll
09.07.2006 13:42 104.440 vsmonapi.dll
09.07.2006 13:42 157.688 vsinit.dll
09.07.2006 13:42 268.280 vspubapi.dll
09.07.2006 13:42 83.960 vsdata.dll
09.07.2006 13:41 796.584 libeay32_0.9.6l.dll
05.07.2006 12:55 1.057.792 kernel32.dll
29.06.2006 09:10 15.584 spmsg.dll
29.06.2006 09:10 22.752 spupdsvc.exe
29.06.2006 09:10 113.522 IE7Eula.rtf
28.06.2006 11:58 49.152 inetwh32.dll
28.06.2006 11:58 1.044.480 roboex32.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
23.06.2006 13:25 474.624 shlwapi.dll
23.06.2006 13:25 1.497.088 shdocvw.dll
23.06.2006 13:25 152.064 cdfview.dll
23.06.2006 13:25 1.022.976 browseui.dll
23.06.2006 13:25 1.056.256 danim.dll
23.06.2006 11:09 104.960 xpsp3res.dll
23.06.2006 09:28 473.088 mshtmled.dll
23.06.2006 09:28 179.200 ieui.dll
23.06.2006 09:28 155.648 msls31.dll
23.06.2006 09:28 454.144 msfeeds.dll
23.06.2006 09:28 761.344 wininet.dll
23.06.2006 09:28 47.616 msfeedsbs.dll
23.06.2006 09:28 3.388.416 mshtml.dll
23.06.2006 09:28 675.840 mstime.dll
23.06.2006 09:28 172.544 iepeers.dll
23.06.2006 09:28 5.512.704 ieframe.dll
23.06.2006 09:28 223.744 webcheck.dll
23.06.2006 09:28 26.624 jsproxy.dll
23.06.2006 09:28 835.072 urlmon.dll
23.06.2006 09:28 413.696 vbscript.dll
23.06.2006 09:28 130.048 extmgr.dll
23.06.2006 05:41 172.544 WinFXDocObj.exe
23.06.2006 05:41 425.472 html.iec
23.06.2006 05:41 1.402.368 inetcpl.cpl
23.06.2006 05:40 78.848 ieencode.dll
23.06.2006 05:40 40.960 url.dll
23.06.2006 05:39 183.296 msrating.dll
23.06.2006 05:39 39.424 licmgr10.dll
23.06.2006 05:39 99.328 occache.dll
23.06.2006 05:37 14.336 corpol.dll
23.06.2006 05:34 228.864 ieaksie.dll
23.06.2006 05:34 167.936 ieakeng.dll
23.06.2006 05:34 81.920 admparse.dll
23.06.2006 05:34 50.688 ie4uinit.exe
23.06.2006 05:34 372.736 iedkcs32.dll
23.06.2006 05:33 54.272 iesetup.dll
23.06.2006 05:33 91.648 inseng.dll
23.06.2006 05:33 41.984 iernonce.dll
23.06.2006 05:33 121.856 advpack.dll
23.06.2006 05:32 487.424 jscript.dll
23.06.2006 05:30 11.776 msfeedssync.exe
23.06.2006 05:29 55.296 icardie.dll
23.06.2006 05:29 346.112 dxtmsft.dll
23.06.2006 05:29 44.032 pngfilt.dll
23.06.2006 05:29 35.328 imgutil.dll
23.06.2006 05:29 213.504 dxtrans.dll
23.06.2006 05:27 251.392 iertutil.dll
23.06.2006 05:26 45.568 mshta.exe
23.06.2006 05:26 66.048 tdc.ocx
23.06.2006 04:48 55.976 ieuinit.inf
23.06.2006 04:46 377.856 ieapfltr.dll
23.06.2006 04:45 48.640 mshtmler.dll
23.06.2006 04:41 172.032 ieakui.dll
23.06.2006 04:31 1.383.936 mshtml.tlb
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 571.184 SET13F.tmp
19.06.2006 16:19 304.944 WgaTray.exe
19.06.2006 15:36 2.450.712 ieapfltr.dat
19.06.2006 15:36 8.798 icrav03.rat
19.06.2006 15:18 23.552 idndl.dll
19.06.2006 15:18 63.176 normnfkc.nls
19.06.2006 15:18 20.480 normaliz.dll
19.06.2006 15:18 42.918 normnfc.nls
19.06.2006 15:18 59.342 normidna.nls
19.06.2006 15:18 57.150 normnfkd.nls
19.06.2006 15:18 36.644 normnfd.nls
02.06.2006 11:04 57.384 avsda.dll
01.06.2006 20:47 27.648 jgpl400.dl
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 320D-180E
Verzeichnis von C:\DOKUME~1\CHRIST~1.ACE\LOKALE~1\Temp
09.09.2006 13:18 240 datFind.zip
09.09.2006 12:33 16.384 ~DFC2CD.tmp
09.09.2006 12:33 16.384 ~DF7232.tmp
09.09.2006 12:33 49.152 ~DF548C.tmp
09.09.2006 12:33 32.768 ~DFA8C7.tmp
09.09.2006 12:33 16.384 ~DFCADA.tmp
6 Datei(en) 131.312 Bytes
0 Verzeichnis(se), 37.603.311.616 Bytes frei
Volumeseriennummer: 320D-180E
Verzeichnis von C:\WINDOWS
09.09.2006 12:32 0 0.log
09.09.2006 12:31 159 wiadebug.log
09.09.2006 12:30 2.048 bootstat.dat
09.09.2006 12:30 50 wiaservc.log
09.09.2006 12:30 32.612 SchedLgU.Txt
09.09.2006 12:30 82.006 WindowsUpdate.log
09.09.2006 04:11 70.326 ESCAN.LOG
09.09.2006 04:11 2.978 general.log
09.09.2006 04:11 575 win.ini
09.09.2006 04:11 227 system.ini
09.09.2006 04:11 5.070 mailremv.log
09.09.2006 04:11 217 INST_TSP.LOG
09.09.2006 03:39 792 frights.log
09.09.2006 03:33 1.519 OEWABLog.txt
09.09.2006 03:33 550 wmsetup.log
09.09.2006 03:28 346.640 ntbtlog.txt
08.09.2006 00:56 1.180 MAILINST.LOG
08.09.2006 00:40 0 Sti_Trace.log
08.09.2006 00:36 4.121.839 REGBK00.ZIP
08.09.2006 00:31 82.176 winsbak2.reg
08.09.2006 00:31 11.026 winsbak.reg
07.09.2006 01:37 116 NeroDigital.ini
06.09.2006 00:33 54.156 QTFont.qfn
03.09.2006 01:23 1.409 QTFont.for
02.09.2006 15:47 36.343 CSTBox.INI
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 320D-180E
Verzeichnis von C:\
09.09.2006 13:24 0 sys.txt
09.09.2006 13:23 6.051 system.txt
09.09.2006 13:22 535 systemtemp.txt
09.09.2006 13:20 103.045 system32.txt
09.09.2006 13:08 12.508 ComboFix.txt
09.09.2006 12:30 805.306.368 pagefile.sys
09.09.2006 04:11 205 boot.ini
09.09.2006 03:43 2.932 TDSLCheck.txt
06.09.2006 13:18 7.626 avenger.txt
Jetzt das interessanteste Hijackfreeanalyse findet das hier....
Name: MSMSGS
Good: 2
Bad: 18
Status Name Command Description
$statusbad$ X csrss msmsgs.exe Added by the CHODE-J WORM!
$statusbad$ X Messenger Service msmsgs.exe Added by the SDBOT-ZB WORM!
$statusnotsure$ U MSMSGS msmsgs.exe Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
$statusbad$ X MSMsgs msmessgs.exe Added by the SMALL-EW TROJAN!
$statusbad$ X MSN Messenger msmsgs.exe Added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X MSN Messenger msmsgs.exe Added by the ZHOPA TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X Msn Update Manager (Sp2) MSMSGS.EXE Added by the AGOBOT-NL WORM!
$statusbad$ X notepad.exe msmsgs.exe Added by a variant of the FAKESPY-B TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I TROJAN! Note - not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I and ZLOB-H TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
$statusbad$ X csrss msmsgs.exe Added by the CHODE-J WORM!
$statusbad$ X Messenger Service msmsgs.exe Added by the SDBOT-ZB WORM!
$statusnotsure$ U MSMSGS msmsgs.exe Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
$statusbad$ X MSMsgs msmessgs.exe Added by the SMALL-EW TROJAN!
$statusbad$ X MSN Messenger msmsgs.exe Added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X MSN Messenger msmsgs.exe Added by the ZHOPA TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X Msn Update Manager (Sp2) MSMSGS.EXE Added by the AGOBOT-NL WORM!
$statusbad$ X notepad.exe msmsgs.exe Added by a variant of the FAKESPY-B TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I TROJAN! Note - not be mistaken for the MSN Messenger file of the same name!
$statusbad$ X notepad.exe msmsgs.exe Added by the ZLOB-I and ZLOB-H TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
Port: 1025
Good: 1
Bad: 1
Status Port Protocol Description
$statusgood$ 1025 TCP/UDP Windows RPC, Scheduled Tasks
$statusbad$ 1025 TCP/UDP NetSpy, Maverick's Matrix, RemoteStorm
Name: SVCHOST.EXE
Good: 1
Bad: 1
Status Filename Path Description
$statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs.
$statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: SMSS.EXE
Good: 1
Bad: 2
Status Filename Path Description
$statusgood$ smss.exe %systempath%\ This process is responsible for handling user sessions on your system.
$statusbad$ smss.exe %winpath%\connection wizard\status\ Email-Worm.Win32.Sober.o
$statusbad$ smss.exe %winpath%\help\help\ Email-Worm.Win32.Sober.p
Name: CSRSS.EXE
Good: 1
Bad: 2
Status Filename Path Description
$statusgood$ csrss.exe %systempath%\ csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows.
$statusbad$ csrss.exe %winpath%\ This worm is transmitted via e-mail and attempts to install itself on your computer.
$statusbad$ csrss.exe %winpath%\winsecurity\ Email-Worm.Win32.Sober.z
Name: WINLOGON.EXE
Good: 1
Bad: 1
Status Filename Path Description
$statusgood$ winlogon.exe %systempath%\ Winlogon.exe handles the login and logout procedures on your system.
$statusbad$ winlogon.exe %winpath%\ Win32.Netsky.d
Name: SERVICES.EXE
Good: 1
Bad: 1
Status Filename Path Description
$statusgood$ services.exe %systempath%\ Services.exe manages the operation of starting and stopping services.
$statusbad$ services.exe %winpath%\winsecurity\ Email-Worm.Win32.Sober.z
Name: SVCHOST.EXE
Good: 1
Bad: 1
Status Filename Path Description
$statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs.
$statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: SVCHOST.EXE
Good: 1
Bad: 1
Status Filename Path Description
$statusgood$ svchost.exe %systempath%\ svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs.
$statusbad$ svchost.exe %winpath%\ Win32.Jeefo.a
Name: EXPLORER.EXE
Good: 2
Bad: 1
Status Filename Path Description
$statusbad$ explorer.exe %systempath%\ Trojan.Zapchas.ac
$statusgood$ explorer.exe %winpath%\ The Windows explorer manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager.
$statusgood$ explorer.exe %winpath%\shim\ RunAsAdmin Explorer Shim is a tool that lets administrators keep and easily use their administrative rights but still enjoy safety of using least privileged accounts.
Das waren alle die das Programm erkennen konnte... Bitte helft mir ...
So das ist alles mögliche und ich hoffe jemand kann mir helfen...