TR/Vundo.Gen - Trojan |
||
---|---|---|
#0
| ||
03.05.2007, 18:00
...neu hier
Beiträge: 1 |
||
|
||
03.05.2007, 18:04
Moderator
Beiträge: 7805 |
#2
Nutze bitte Vundo: http://virus-protect.org/artikel/tools/vundofixx.html
und danach Combofix: http://virus-protect.org/artikel/tools/combofix.html poste bitte beide erstellten Reporte. Und stell dein Antivir bitte so ein: http://board.protecus.de/t23979.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
04.05.2007, 12:50
...neu hier
Beiträge: 1 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 12:35:08, on 03.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\skeys.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Martin Ortner\Desktop\harakiri\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscover.at/trojeralm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nusurf.at R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscover.at/trojeralm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von NUsurf R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = x3 R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS,SKEYS /I O1 - Hosts: 66.199.231.172 www.go.com O1 - Hosts: 66.199.231.172 go.com O1 - Hosts: 66.199.231.171 astalavista.com O1 - Hosts: 66.199.231.171 www.astalavista.com O1 - Hosts: 66.199.231.171 astalavista.box.sk O1 - Hosts: 66.199.231.171 cracks.am O1 - Hosts: 66.199.231.171 www.cracks.am O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7CB53B95-F8A8-440B-9DA7-091C9616E391} - C:\WINDOWS\system32\hggecbx.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: (no name) - {B2018A8C-0ED4-4E77-A7A4-4E04A737D0BA} - C:\WINDOWS\system32\wsecfdit.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SeekmoToolbar] C:\Programme\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.nusurf.at O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131193305546 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131193290687 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: hggecbx - C:\WINDOWS\SYSTEM32\hggecbx.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe kann mir einer helfen wie das gehen soll mfg martin |
|
|
||
04.05.2007, 14:26
Member
Beiträge: 694 |
#4
Hi,
wo liegt das Problem, folge einfach den Links von Raman und führe die unter den Links angegebenen Aktionen durch... Chris --------------------------------------------------------- z.B.: Nutze bitte Vundo: http://virus-protect.org/artikel/tools/vundofixx.html Auf der Seite: VundoFix.exe Lade VundoFix.exe http://www.atribune.org/ http://www.atribune.org/con <<<<<<<<<<<<<< Bild klick 1 + 2 >>>>>>>>>>>>>>>>>>>>>> * Doppelklick VundoFix.exe * Klicke "Scan" --> Vundo button (1). * Nach dem Scannen, klicke den "Remove" Vundo button (2). * Man wird nun gefragt, ob man "remove" will --> klicke YES * Danach werden alle Desktop-Symbole verschwinden * Dann wird man gefragt, ob der PC neustarten soll --> klicke OK. C:\VundoFix Backups - löschen + Papierkorb leeren |
|
|
||
Ich hab den Trojaner leider auch
Hier die ganzen Daten die man braucht:
Logfile of HijackThis v1.99.1
Scan saved at 17:44:00, on 03.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\avnotify.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\DitExp.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\AntiVir PersonalEdition Classic\avscan.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Manuel\LOKALE~1\Temp\Rar$EX00.625\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.1automationwiz.com/app/aftrack.asp?AFID=156050
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A706DD72-1C7E-49BB-83F4-FC2C20367B02} - C:\WINDOWS\system32\yayvvtt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F862658-AC98-4428-B0D1-B58256764FD4}: NameServer = 192.168.1.253
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayvvtt - C:\WINDOWS\SYSTEM32\yayvvtt.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
VundoFix V6.3.21
Checking Java version...
Sun Java not detected
Scan started at 21:28:48 03.05.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
ComboFix:
Code
"Manuel" - 07-05-03 21:48:53 Service Pack 2ComboFix 07-04-25.4V - Running from: "C:\Dokumente und Einstellungen\Manuel\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))
2007-05-03 21:28 <DIR> d-------- C:\VundoFix Backups
2007-05-02 20:39 26,678 --------- C:\WINDOWS\system32\yayvvtt.dll
2007-05-02 17:32 <DIR> d-------- C:\DOKUME~1\HANSUN~1\ANWEND~1\ICQ Toolbar
2007-05-02 15:14 <DIR> d-------- C:\Programme\ICQToolbar
2007-05-01 12:39 302,592 --a------ C:\WINDOWS\unin0407.exe
2007-05-01 12:39 <DIR> d-------- C:\DOKUME~1\SEBAST~1\WINDOWS
2007-04-30 18:04 <DIR> d-------- C:\Programme\DivX
2007-04-29 17:48 <DIR> d-------- C:\Programme\Intelore
2007-04-23 18:21 <DIR> d-------- C:\DOKUME~1\SEBAST~1\ANWEND~1\ICQ
2007-04-22 23:07 <DIR> d-------- C:\DOKUME~1\HANSUN~1\ANWEND~1\ICQ
2007-04-22 19:45 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\ICQ
2007-04-22 19:44 61,440 -ra------ C:\WINDOWS\Scanusd.dll
2007-04-22 19:43 <DIR> d-------- C:\Programme\ICQ6
2007-04-22 19:36 66,560 --------- C:\WINDOWS\system32\WNASPI32.DLL
2007-04-22 19:36 53,248 --a------ C:\WINDOWS\stiaspi.dll
2007-04-22 19:36 172,032 -ra------ C:\WINDOWS\ScanUsdX.dll
2007-04-22 19:36 151,552 -r------- C:\WINDOWS\UnUSBDrv.exe
2007-04-22 19:36 147,456 -r------- C:\WINDOWS\CHECKING.DLL
2007-04-22 19:36 <DIR> d-------- C:\Programme\ScanButton 3.0
2007-04-22 19:36 <DIR> d-------- C:\Programme\MiraScan
2007-04-21 07:24 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-21 07:24 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-18 18:51 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Documents
2007-04-18 18:45 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\Toshiba
2007-04-10 15:41 <DIR> d-------- C:\DOKUME~1\HANSUN~1\ANWEND~1\TuneUp Software
2007-04-09 19:25 <DIR> d-------- C:\DOKUME~1\SEBAST~1\ANWEND~1\TuneUp Software
2007-04-09 14:20 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-09 14:20 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-04-09 14:20 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\TuneUp Software
2007-04-09 14:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-04-09 14:19 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-04-03 16:24 <DIR> d-------- C:\DOKUME~1\HANSUN~1\ANWEND~1\SecondLife
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-03 15:55 -------- d-------- C:\Programme\icqlite
2007-04-30 18:04 -------- d-------- C:\Programme\google
2007-04-29 17:50 -------- d-------- C:\Programme\passware
2007-04-26 20:49 2292 --a------ C:\DOKUME~1\Manuel\ANWEND~1\wklnhst.dat
2007-04-22 19:45 -------- d--h----- C:\Programme\installshield installation information
2007-04-18 19:14 48156 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-18 19:14 316594 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-09 14:32 -------- d-------- C:\Programme\ea games
2007-04-09 14:30 -------- d-------- C:\Programme\hamachi
2007-04-09 09:41 -------- d-------- C:\Programme\sony
2007-04-07 13:01 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\hamachi
2007-04-01 18:55 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\secondlife
2007-04-01 12:26 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\miranda im
2007-03-30 21:58 -------- d-------- C:\Programme\qip
2007-03-27 14:39 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\teleca
2007-03-27 14:39 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\sony ericsson
2007-03-27 09:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-03-27 09:55 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 09:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 09:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 09:55 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-27 09:55 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 09:55 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 09:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 09:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 09:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-03-27 09:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 09:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-03-27 09:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 09:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 09:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 09:48 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-26 21:24 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\teamspeak2
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:13 -------- d-------- C:\DOKUME~1\Manuel\ANWEND~1\otvreg
2007-03-12 17:05 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 20:36 -------- d-------- C:\Programme\partygaming
2007-03-02 18:55 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-07 15:28 28672 --a------ C:\WINDOWS\system32\f3pssavr.scr
2007-02-06 16:34 667 --a------ C:\WINDOWS\mozver.dat
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D} C:\Programme\ICQToolbar\toolbaru.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
{A706DD72-1C7E-49BB-83F4-FC2C20367B02} C:\WINDOWS\system32\yayvvtt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Dit"="Dit.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A706DD72-1C7E-49BB-83F4-FC2C20367B02}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvvtt
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 21:55:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-03 21:55:25
C:\ComboFix-quarantined-files.txt ... 07-05-03 21:55