Trojan-Spy.Win32.VBStat.h lässt sich nicht entfernen |
||
---|---|---|
#0
| ||
16.04.2007, 18:07
Ehrenmitglied
Beiträge: 29434 |
||
|
||
21.04.2007, 11:16
...neu hier
Themenstarter Beiträge: 9 |
#17
Logfile of HijackThis v1.99.1
Scan saved at 11:14:42, on 21.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\Free Commander\freeCommander.exe C:\Programme\Opera\Opera.exe D:\Transfer\backups\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\Software\..\Telephony: DomainName = LP.local O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MVPMedia - Hauppauge Computer Works - C:\PROGRA~1\HAUPPA~1\MVPStart.exe O23 - Service: MVPMediaSvc - Hauppauge Computer Works, Inc. - C:\PROGRA~1\HAUPPA~1\Hardware\DglSvcMain.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe "hausler" - 07-04-21 11:07:43 Service Pack 2 ComboFix 07-04-05 - Running from: "D:\Transfer\backups" ((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 )))))))))))))))))))))))))))))))))) 2007-04-17 10:54 57,344 --a------ C:\WINDOWS\WNMHINDR.EXE 2007-04-17 10:54 24,576 --a------ C:\WINDOWS\SYSTEM32\NMH040A.DLL 2007-04-16 21:03 <DIR> d-------- C:\Programme\devnz 2007-04-14 18:12 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Acronis 2007-04-14 18:06 <DIR> d-------- C:\Programme\Acronis 2007-04-11 16:39 <DIR> d-------- C:\Programme\Lavasoft 2007-04-11 16:39 <DIR> d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\Lavasoft 2007-04-10 21:08 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-04-09 17:35 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rkhdrv10.sys 2007-04-09 12:55 1,035,264 --------- C:\WINDOWS\explorer.exe 2007-04-09 01:24 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\{F453DE2E-C9BF-4518-A350-C1631FF343C3} 2007-04-08 22:00 <DIR> d-------- C:\WINDOWS\TFTP Turbo 2007-03-21 22:27 9,927,712 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat 2007-03-21 22:27 75,932 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat 2007-03-21 22:27 74,396 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat 2007-03-21 22:26 224,544 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-21 11:06 -------- d-------- C:\Programme\free commander 2007-04-18 17:28 -------- d-------- C:\Programme\hauppauge mediamvp 2007-04-18 17:22 105976 --a------ C:\WINDOWS\SYSTEM32\gdipfontcachev1.dat 2007-04-18 12:09 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\thunderbird 2007-04-18 12:00 -------- d-------- C:\Programme\mozilla thunderbird 2007-04-17 22:14 -------- d-------- C:\Programme\sat 2007-04-17 11:04 -------- d-------- C:\Programme\divx 2007-04-17 10:53 724992 --a------ C:\WINDOWS\iun6002.exe 2007-04-14 18:07 392320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys 2007-04-14 18:07 32768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys 2007-04-14 18:06 114048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys 2007-04-13 22:12 -------- d-------- C:\Programme\psp 2007-04-13 21:54 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard 2007-04-13 16:36 95508 --a------ C:\WINDOWS\SYSTEM32\perfc007.dat 2007-04-13 16:36 460866 --a------ C:\WINDOWS\SYSTEM32\perfh007.dat 2007-04-13 12:08 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\cyberlink 2007-04-11 09:22 -------- d-------- C:\Programme\opera 2007-03-23 21:00 -------- d-------- C:\Programme\tv-browser 2007-03-22 13:37 -------- d--h----- C:\Programme\installshield installation information 2007-03-21 23:30 65536 --a------ C:\WINDOWS\ifinst27.exe 2007-03-20 16:16 -------- d-------- C:\Programme\pda 2007-03-20 16:12 -------- d-------- C:\Programme\truecrypt 2007-03-18 18:25 -------- d-------- C:\Programme\hewlett-packard 2007-03-18 18:20 -------- d-------- C:\Programme\microsoft activesync 2007-03-18 18:20 -------- d-------- C:\Programme\avantgo 2007-03-18 12:00 -------- d-------- C:\Programme\oo software 2007-03-17 23:14 -------- d-------- C:\Programme\itunes 2007-03-17 23:14 -------- d-------- C:\Programme\ipod 2007-03-17 15:44 293376 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll 2007-03-16 21:09 -------- d-------- C:\Programme\foxit pdf reader 2007-03-11 21:32 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\sony 2007-03-09 20:52 200768 --a------ C:\WINDOWS\SYSTEM32\klogon.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\SYSTEM32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\SYSTEM32\win32k.sys 2007-03-07 21:11 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\opera 2007-03-07 17:27 -------- d-------- C:\Programme\intel 2007-03-06 15:24 -------- d-------- C:\Programme\quicktime 2007-03-06 13:31 -------- d-------- C:\Programme\avisynth 2.5 2007-03-04 18:33 59117 --a------ C:\WINDOWS\SYSTEM32\nvmodes.dat 2007-03-03 21:39 110360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys 2007-03-02 18:18 -------- d-------- C:\Programme\tuneup utilities 2006 2007-03-02 15:34 4098 --a------ C:\WINDOWS\mozver.dat 2007-02-25 19:41 -------- d-------- C:\Programme\freepdf_xp 2007-02-23 16:02 12288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nhcDriver.sys 2007-02-22 15:16 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\installshield 2007-02-21 13:47 31744 -r-hs---- C:\WINDOWS\SYSTEM32\msfdx.dll 2007-02-16 18:50 14368 --a------ C:\WINDOWS\SYSTEM32\relog_ap.dll 2007-02-15 14:45 707344 --a------ C:\WINDOWS\SYSTEM32\oodag.exe 2007-02-15 14:34 217360 --a------ C:\WINDOWS\SYSTEM32\oodbs.exe 2007-02-15 14:25 11536 --a------ C:\WINDOWS\SYSTEM32\oodbsrs.dll 2007-02-15 14:24 18192 --a------ C:\WINDOWS\SYSTEM32\oodagmg.dll 2007-02-15 14:24 17168 --a------ C:\WINDOWS\SYSTEM32\oodagrs.dll 2007-02-15 10:44 16656 --a------ C:\WINDOWS\SYSTEM32\ootmapi.dll 2007-02-14 19:14 17440 --a------ C:\WINDOWS\SYSTEM32\acrotls.dll 2007-02-14 19:01 206368 --a------ C:\WINDOWS\SYSTEM32\snapapi.dll 2007-02-05 22:18 185856 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll 2007-02-04 22:04 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat 2007-01-24 16:27 255848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active] "Mobipocket Reader Notifications"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe" "nwiz"="nwiz.exe /installquiet" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0\\bin\\jusched.exe\"" "NotebookHardwareControl"="\"C:\\Programme\\Notebook Hardware Control\\nhc.exe\" -quiet" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe" "Apoint"="C:\\Programme\\Apoint\\Apoint.exe" "Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\"" "TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" "AcronisTimounterMonitor"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Programme\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AirPlusCFG" "hkey"="HKLM" "command"="C:\\Programme\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Quickset" "hkey"="HKLM" "command"="C:\\Programme\\Dell\\QuickSet\\Quickset.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector PE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DevDetectPE" "hkey"="HKLM" "command"="DevDetectPE.exe -autorun" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WCESCOMM" "hkey"="HKCU" "command"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="readernotify" "hkey"="HKCU" "command"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PuXpMan" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\PuXpMan.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /installquiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PUXPTWKS" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\PUXPTWKS.EXE /TWEAK" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpgs2wnd" "hkey"="HKLM" "command"="c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpriteService" "hkey"="HKCU" "command"="\"C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TeaTimer" "hkey"="HKCU" "command"="C:\\Programme\\Spybot\\TeaTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooCentral" "hkey"="HKLM" "command"="c:\\progra~1\\widget\\YCentral\\YahooCentral.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=dword:00000003 "BAsfIpM"=dword:00000003 "UFDSVC"=dword:00000003 "WMPNetworkSvc"=dword:00000003 "TUWinStylerThemeSvc"=dword:00000003 "ose"=dword:00000003 "OOD2000"=dword:00000003 "MVPMediaSvc"=dword:00000003 "MVPMedia"=dword:00000003 "MDM"=dword:00000003 "IDriverT"=dword:00000003 "SBCSSvc"=dword:00000003 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"=hex:00,00,00,00 "NoSMMyDocs"=dword:00000000 "NoRecentDocsMenu"=dword:00000000 "NoSMMyPictures"=dword:00000000 "NoFind"=dword:00000000 "NoRecentDocsNetHood"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{791827fe-a213-11db-8705-000f1f28b958}] Shell\AutoRun\command explorer.exe /n,/e,\ ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-21 11:09:51 C:\ComboFix-quarantined-files.txt ... 07-04-21 11:09 |
|
|
||
1.) das log vom HijackTHis
2.) das log von Combofix
__________
MfG Sabina
rund um die PC-Sicherheit