Trojan-Spy.Win32.VBStat.h lässt sich nicht entfernen

#0
16.04.2007, 18:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 poste noch mal:

1.) das log vom HijackTHis
2.) das log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.04.2007, 11:16
...neu hier

Themenstarter

Beiträge: 9
#17 Logfile of HijackThis v1.99.1
Scan saved at 11:14:42, on 21.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Free Commander\freeCommander.exe
C:\Programme\Opera\Opera.exe
D:\Transfer\backups\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Programme\Hauppauge MediaMVP\mvp.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\Software\..\Telephony: DomainName = LP.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CFE5FB-396B-42C3-AEC6-7C4532A0019D}: NameServer = 217.203.103.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LP.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lup.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lup.local
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\DHCP Turbo\dhcpt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MVPMedia - Hauppauge Computer Works - C:\PROGRA~1\HAUPPA~1\MVPStart.exe
O23 - Service: MVPMediaSvc - Hauppauge Computer Works, Inc. - C:\PROGRA~1\HAUPPA~1\Hardware\DglSvcMain.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TFTP Turbo - Weird Solutions, Inc. - C:\Programme\Hauppauge MediaMVP\TFTP Turbo\tftpt.exe



"hausler" - 07-04-21 11:07:43 Service Pack 2
ComboFix 07-04-05 - Running from: "D:\Transfer\backups"


((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 ))))))))))))))))))))))))))))))))))


2007-04-17 10:54 57,344 --a------ C:\WINDOWS\WNMHINDR.EXE
2007-04-17 10:54 24,576 --a------ C:\WINDOWS\SYSTEM32\NMH040A.DLL
2007-04-16 21:03 <DIR> d-------- C:\Programme\devnz
2007-04-14 18:12 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Acronis
2007-04-14 18:06 <DIR> d-------- C:\Programme\Acronis
2007-04-11 16:39 <DIR> d-------- C:\Programme\Lavasoft
2007-04-11 16:39 <DIR> d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\Lavasoft
2007-04-10 21:08 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-09 17:35 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rkhdrv10.sys
2007-04-09 12:55 1,035,264 --------- C:\WINDOWS\explorer.exe
2007-04-09 01:24 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\{F453DE2E-C9BF-4518-A350-C1631FF343C3}
2007-04-08 22:00 <DIR> d-------- C:\WINDOWS\TFTP Turbo
2007-03-21 22:27 9,927,712 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-03-21 22:27 75,932 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-03-21 22:27 74,396 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-03-21 22:26 224,544 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-21 11:06 -------- d-------- C:\Programme\free commander
2007-04-18 17:28 -------- d-------- C:\Programme\hauppauge mediamvp
2007-04-18 17:22 105976 --a------ C:\WINDOWS\SYSTEM32\gdipfontcachev1.dat
2007-04-18 12:09 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\thunderbird
2007-04-18 12:00 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-17 22:14 -------- d-------- C:\Programme\sat
2007-04-17 11:04 -------- d-------- C:\Programme\divx
2007-04-17 10:53 724992 --a------ C:\WINDOWS\iun6002.exe
2007-04-14 18:07 392320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys
2007-04-14 18:07 32768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys
2007-04-14 18:06 114048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys
2007-04-13 22:12 -------- d-------- C:\Programme\psp
2007-04-13 21:54 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-13 16:36 95508 --a------ C:\WINDOWS\SYSTEM32\perfc007.dat
2007-04-13 16:36 460866 --a------ C:\WINDOWS\SYSTEM32\perfh007.dat
2007-04-13 12:08 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\cyberlink
2007-04-11 09:22 -------- d-------- C:\Programme\opera
2007-03-23 21:00 -------- d-------- C:\Programme\tv-browser
2007-03-22 13:37 -------- d--h----- C:\Programme\installshield installation information
2007-03-21 23:30 65536 --a------ C:\WINDOWS\ifinst27.exe
2007-03-20 16:16 -------- d-------- C:\Programme\pda
2007-03-20 16:12 -------- d-------- C:\Programme\truecrypt
2007-03-18 18:25 -------- d-------- C:\Programme\hewlett-packard
2007-03-18 18:20 -------- d-------- C:\Programme\microsoft activesync
2007-03-18 18:20 -------- d-------- C:\Programme\avantgo
2007-03-18 12:00 -------- d-------- C:\Programme\oo software
2007-03-17 23:14 -------- d-------- C:\Programme\itunes
2007-03-17 23:14 -------- d-------- C:\Programme\ipod
2007-03-17 15:44 293376 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2007-03-16 21:09 -------- d-------- C:\Programme\foxit pdf reader
2007-03-11 21:32 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\sony
2007-03-09 20:52 200768 --a------ C:\WINDOWS\SYSTEM32\klogon.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\SYSTEM32\win32k.sys
2007-03-07 21:11 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\opera
2007-03-07 17:27 -------- d-------- C:\Programme\intel
2007-03-06 15:24 -------- d-------- C:\Programme\quicktime
2007-03-06 13:31 -------- d-------- C:\Programme\avisynth 2.5
2007-03-04 18:33 59117 --a------ C:\WINDOWS\SYSTEM32\nvmodes.dat
2007-03-03 21:39 110360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys
2007-03-02 18:18 -------- d-------- C:\Programme\tuneup utilities 2006
2007-03-02 15:34 4098 --a------ C:\WINDOWS\mozver.dat
2007-02-25 19:41 -------- d-------- C:\Programme\freepdf_xp
2007-02-23 16:02 12288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nhcDriver.sys
2007-02-22 15:16 -------- d-------- C:\DOKUME~1\HAUSLE~1.BGH\ANWEND~1\installshield
2007-02-21 13:47 31744 -r-hs---- C:\WINDOWS\SYSTEM32\msfdx.dll
2007-02-16 18:50 14368 --a------ C:\WINDOWS\SYSTEM32\relog_ap.dll
2007-02-15 14:45 707344 --a------ C:\WINDOWS\SYSTEM32\oodag.exe
2007-02-15 14:34 217360 --a------ C:\WINDOWS\SYSTEM32\oodbs.exe
2007-02-15 14:25 11536 --a------ C:\WINDOWS\SYSTEM32\oodbsrs.dll
2007-02-15 14:24 18192 --a------ C:\WINDOWS\SYSTEM32\oodagmg.dll
2007-02-15 14:24 17168 --a------ C:\WINDOWS\SYSTEM32\oodagrs.dll
2007-02-15 10:44 16656 --a------ C:\WINDOWS\SYSTEM32\ootmapi.dll
2007-02-14 19:14 17440 --a------ C:\WINDOWS\SYSTEM32\acrotls.dll
2007-02-14 19:01 206368 --a------ C:\WINDOWS\SYSTEM32\snapapi.dll
2007-02-05 22:18 185856 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2007-02-04 22:04 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-24 16:27 255848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Mobipocket Reader Notifications"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe"
"nwiz"="nwiz.exe /installquiet"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0\\bin\\jusched.exe\""
"NotebookHardwareControl"="\"C:\\Programme\\Notebook Hardware Control\\nhc.exe\" -quiet"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirPlusCFG"
"hkey"="HKLM"
"command"="C:\\Programme\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Quickset"
"hkey"="HKLM"
"command"="C:\\Programme\\Dell\\QuickSet\\Quickset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector PE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetectPE"
"hkey"="HKLM"
"command"="DevDetectPE.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readernotify"
"hkey"="HKCU"
"command"="C:\\Programme\\PDA\\MobiPocket Reader\\readernotify.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PuXpMan"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PuXpMan.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PUXPTWKS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PUXPTWKS.EXE /TWEAK"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpriteService"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Sprite Software\\Sprite Backup\\SpriteService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooCentral"
"hkey"="HKLM"
"command"="c:\\progra~1\\widget\\YCentral\\YahooCentral.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=dword:00000003
"BAsfIpM"=dword:00000003
"UFDSVC"=dword:00000003
"WMPNetworkSvc"=dword:00000003
"TUWinStylerThemeSvc"=dword:00000003
"ose"=dword:00000003
"OOD2000"=dword:00000003
"MVPMediaSvc"=dword:00000003
"MVPMedia"=dword:00000003
"MDM"=dword:00000003
"IDriverT"=dword:00000003
"SBCSSvc"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{342FA63F-E5F7-4ACE-A31F-E8BDB1EE9A9D}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoFind"=dword:00000000
"NoRecentDocsNetHood"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{791827fe-a213-11db-8705-000f1f28b958}]
Shell\AutoRun\command explorer.exe /n,/e,\


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-21 11:09:51
C:\ComboFix-quarantined-files.txt ... 07-04-21 11:09
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: