AOL Protection meldet 2o7 Trojaner - System arbeitet normal

#0
11.10.2006, 09:26
Member

Beiträge: 25
#1 Bitte um kurze Beurteilung ob der Rechner sauber ist - hier die logs:
Datentr„ger in Laufwerk C: ist Programmordner
Datentr„gernummer: 4C77-D072

Verzeichnis von C:\WINNT\Downloaded Program Files

24.05.2006 17:45 65 desktop.ini
11.04.2006 17:10 135.168 asinst.dll
03.04.2006 11:00 537 asinst.inf
27.03.2006 13:00 5.019 swflash.inf
29.04.2005 17:24 155.648 zylomgamesplayer.dll
16.03.2005 09:09 1.115.848 EPUWALcontrol.dll
15.03.2005 12:59 539 EPUWALcontrol.inf
09.02.2005 16:54 1.271 erma.inf
22.11.2004 21:52 87.240 IEAWSDC.DLL
16.11.2004 11:02 468 ieawsdc.inf
05.11.2004 16:58 119.496 MsnMessengerSetupDownloader.ocx
13.07.2004 12:41 227 MsnMessengerSetupDownloader.inf
19.12.2003 17:02 126.976 popcaploader.dll
19.12.2003 15:43 241 popcaploader.inf
25.08.2003 18:12 1.096 iuctl.inf
22.08.2003 22:10 226 opuc.inf
16 Datei(en) 1.750.065 Bytes
0 Verzeichnis(se), 14.658.031.616 Bytes frei


Datentr„ger in Laufwerk C: ist Programmordner
Datentr„gernummer: 4C77-D072

Verzeichnis von C:\

11.10.2006 09:21 0 sys.txt
11.10.2006 09:21 11.062 system.txt
11.10.2006 09:21 3.713 systemtemp.txt
11.10.2006 09:21 101.935 system32.txt
11.10.2006 07:54 805.306.368 pagefile.sys
09.10.2006 18:19 13.030 PDOXUSRS.NET
19.09.2006 14:43 489 ICSYSINF.log
16.09.2006 16:44 2.049 devicetable.log
16.07.2006 15:41 4.348 CLDMA.LOG
12.07.2006 08:38 2.436.476 debug.txt
11.06.2006 10:29 3.195 Krypto8.rtf
26.05.2006 09:29 0 aoltpspd.bin

21 Datei(en) 808.448.045 Bytes
0 Verzeichnis(se), 16.740.474.880 Bytes frei

Datentr„ger in Laufwerk C: ist Programmordner
Datentr„gernummer: 4C77-D072

Verzeichnis von C:\WINNT

11.10.2006 09:16 743.512 ShellIconCache
11.10.2006 09:10 155 winamp.ini
11.10.2006 07:54 1.726.428 WindowsUpdate.log
11.10.2006 00:26 32.626 SchedLgU.Txt
10.10.2006 17:33 160.038 setupapi.log
10.10.2006 11:31 54.156 QTFont.qfn
09.10.2006 16:53 139 ChssBase.ini
08.10.2006 10:42 675 Clean! presets.set
07.10.2006 15:59 114.358 comsetup.log
07.10.2006 15:59 287.662 iis5.log
07.10.2006 15:59 1.429 imsins.log
07.10.2006 15:59 7.535 KB925486-IE6SP1-20060918.120000.log
07.10.2006 15:59 117.046 ocgen.log
07.10.2006 15:59 9.202 ockodak.log
07.10.2006 15:59 82.725 KB920958.log
07.10.2006 15:59 50.452 updspapi.log
07.10.2006 15:59 1.429 imsins.BAK
07.10.2006 15:59 6.219 KB922582.log
06.10.2006 13:48 124.516 ntbtlog.txt
06.10.2006 08:13 1.409 QTFont.for
20.09.2006 12:58 2.975 spupdsvc.log
20.09.2006 12:55 62.416 KB918899-IE6SP1-20060725.123917.log
20.09.2006 12:55 66.040 KB920685.log
20.09.2006 12:55 66.034 KB922616.log
20.09.2006 12:55 65.588 KB921398.log
20.09.2006 12:55 62.604 KB920683.log
20.09.2006 12:55 60.781 KB920670.log
20.09.2006 12:54 61.652 KB917422.log
20.09.2006 12:54 52.204 KB917008.log
20.09.2006 12:54 283 setup.rpt
20.09.2006 12:54 957 setup.inf
20.09.2006 12:54 60.432 KB921883.log
20.09.2006 12:54 59.968 KB917159.log
20.09.2006 12:54 60.522 KB914388.log
20.09.2006 12:54 59.005 KB911280.log
20.09.2006 12:54 57.560 KB917953.log
20.09.2006 12:54 63.376 KB913580.log
20.09.2006 12:54 54.923 KB917736.log
20.09.2006 12:54 45.027 KB918439-IE6SP1-20060530.145346.log
20.09.2006 12:54 55.836 KB914389.log
20.09.2006 12:54 45.912 KB917734.log
20.09.2006 12:54 10.465 wmsetup.log
20.09.2006 12:53 75.654 MDAC25SP3-KB911562-x86-DEU.log
20.09.2006 12:53 47.086 KB911567-OE6SP1-20060316.165634.log
20.09.2006 12:53 45.594 KB911564.log
20.09.2006 12:53 46.572 KB908519.log
20.09.2006 12:53 55.337 KB912919.log
20.09.2006 12:53 54.845 KB896424.log
20.09.2006 12:53 44.059 KB905495-IE6SP1-20050805.184113.log
20.09.2006 12:53 53.286 KB905749.log
20.09.2006 12:53 54.627 KB900725.log
20.09.2006 12:53 52.717 KB896358.log
20.09.2006 12:53 52.594 KB890046.log
20.09.2006 12:53 50.737 KB896422.log
20.09.2006 12:52 41.935 KB904706.log
20.09.2006 12:52 50.417 KB901017.log
20.09.2006 12:52 50.724 KB899589.log
20.09.2006 12:52 50.725 KB905414.log
20.09.2006 12:52 71.174 UpdateRollupPack.log
20.09.2006 12:52 2.746 updcustom.dll.log
20.09.2006 12:51 17.983 KB896423.log
20.09.2006 12:51 15.522 KB899587.log
20.09.2006 12:51 13.928 KB893756.log
20.09.2006 12:51 12.933 KB901214.log
20.09.2006 12:51 2.561 KB329115.log
10.09.2006 08:16 112.542 DirectX.log
06.09.2006 23:15 4.906 KB893803v2.log
06.09.2006 23:15 0 setuperr.log
06.09.2006 23:15 0 setupact.log
21.08.2006 10:20 1.196.032 CISUnins.exe
21.08.2006 10:20 1.196.032 CICUnins.exe
19.08.2006 21:54 149.661 Secrets Protector Uninstaller.exe
24.07.2006 17:14 36.363 CSTBox.INI
24.07.2006 17:05 1.448 ODBC.INI
24.07.2006 17:03 617 maxlink.ini
20.07.2006 14:36 775 win.ini
20.07.2006 14:36 775 win.tmp

0 Verzeichnis(se), 16.743.493.632 Bytes frei
Datentr„ger in Laufwerk C: ist Programmordner
Datentr„gernummer: 4C77-D072

Verzeichnis von C:\WINNT\system32

11.10.2006 09:16 250.432 Status.MPF
06.10.2006 13:43 16.384 Perflib_Perfdata_484.dat
06.10.2006 13:26 16.384 Perflib_Perfdata_4a0.dat
06.10.2006 13:09 16.384 Perflib_Perfdata_478.dat
06.10.2006 12:56 16.384 Perflib_Perfdata_48c.dat
06.10.2006 12:46 16.384 Perflib_Perfdata_494.dat
06.10.2006 12:45 16.384 Perflib_Perfdata_4d0.dat
20.09.2006 12:57 129.296 FNTCACHE.DAT
19.09.2006 22:56 1.903 ikhcore.log
16.09.2006 15:28 49.152 cdrtc.dll
16.09.2006 15:28 45.056 cdral.dll
16.09.2006 13:09 2.076 ModemLog_AVM ISDN BTX.txt
16.09.2006 13:09 2.081 ModemLog_AVM ISDN FAX (G3).txt
16.09.2006 13:09 1.928 ModemLog_AVM ISDN Custom Config.txt
16.09.2006 13:09 2.101 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
16.09.2006 13:09 2.107 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
16.09.2006 13:09 2.087 ModemLog_AVM ISDN Mailbox (X.75).txt
16.09.2006 13:09 2.086 ModemLog_AVM ISDN - ISDN (X.75).txt
16.09.2006 13:09 2.092 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
16.09.2006 13:09 2.097 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
13.09.2006 08:31 1.693.120 NTOSKRNL.EXE
13.09.2006 08:31 1.715.776 NTKRNLPA.EXE
11.09.2006 10:37 8.960.936 MRT.exe
31.08.2006 07:56 463.360 URLMON.DLL
17.08.2006 09:20 286.720 tobit32.dll
07.08.2006 13:57 438.272 dvmsg.dll
24.07.2006 18:18 847.632 mmcndmgr.dll
24.07.2006 18:14 617.232 mmc.exe
21.07.2006 17:08 72.704 hlink.dll
14.07.2006 15:54 309.520 NETAPI32.DLL
14.07.2006 07:02 519.168 hhctrl.ocx
13.07.2006 09:09 2.387.216 SHELL32.DLL
06.07.2006 13:45 7.440 rasadhlp.dll
06.07.2006 13:45 137.488 dnsapi.dll
06.07.2006 13:45 96.528 dnsrslvr.dll

Logfile of HijackThis v1.99.1
Scan saved at 09:19:48, on 11.10.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\WINNT\Explorer.EXE
C:\WINNT\htpatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programme\Gemeinsame Dateien\AOL\1147854638\ee\AOLSoftware.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\FRITZ!\FriFax32.exe
C:\Programme\FRITZ!\FriFon32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\programme\gemeinsame dateien\aol\1147854638\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\programme\gemeinsame dateien\aol\1147854638\ee\aolsoftware.exe
C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1147854638\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe
O4 - Startup: FRITZ!fon.lnk = C:\Programme\FRITZ!\FriFon32.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\\aolserv.exe (file missing)
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 004 (ClipInc004) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 005 (ClipInc005) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 006 (ClipInc006) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 007 (ClipInc007) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 008 (ClipInc008) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - C:\Programme\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

--------------------
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"HTpatch" = "C:\WINNT\htpatch.exe" [null data]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"EPSON Stylus C86 Series" = "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"" ["SEIKO EPSON CORPORATION"]
"HostManager" = "C:\Programme\Gemeinsame Dateien\AOL\1147854638\ee\AOLSoftware.exe" ["America Online, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS]
"OpwareSE2" = ""C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"(Default)" = (empty string)

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{EF479680-EA35-4EA9-B093-7114F3E3E0DA}" = "Directory Lister"
-> {HKLM...CLSID} = "ShlMenu Class"
\InProcServer32\(Default) = "C:\Programme\Directory Lister\DirListerExt.dll" [empty string]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINNT\system32\erasext.dll" ["-"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "ACSBoot.exe autocheck autochk *" [file not found], [file not found], [MS], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! klogon\DLLName = "C:\WINNT\system32\klogon.dll" ["Kaspersky Lab"]
INFECTION WARNING! ScCertProp\DLLName = "wlnotify.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINNT\system32\erasext.dll" ["-"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
DirLister\(Default) = "{EF479680-EA35-4EA9-B093-7114F3E3E0DA}"
-> {HKLM...CLSID} = "ShlMenu Class"
\InProcServer32\(Default) = "C:\Programme\Directory Lister\DirListerExt.dll" [empty string]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINNT\system32\erasext.dll" ["-"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Manfred" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\Mandy\Startmenü\Programme\Autostart
"Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"FriFax32.exe" -> shortcut to: "C:\Programme\FRITZ!\FriFax32.exe" ["AVM Berlin"]
"FriFon32.exe" -> shortcut to: "C:\Programme\FRITZ!\FriFon32.exe" ["AVM Berlin"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINNT\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "F:\Partypoker\PartyPoker\RunApp.exe" [file not found]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
AOL Connectivity Service, AOL ACS, ""C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."]
COM+-Ereignissystem, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]}
ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" ["AVM Berlin GmbH"]
FRITZ!fax Port Monitor\Driver = "FritzPort.dll" ["AVM Berlin GmbH"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 118 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 158 seconds)
Dieser Beitrag wurde am 11.10.2006 um 13:34 Uhr von Zerberus editiert.
Seitenanfang Seitenende
11.10.2006, 15:34
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 wie ist der genaue pfad der Trojanermeldung ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: