Virus Msn , Photo.zip |
||
---|---|---|
#0
| ||
01.07.2007, 21:27
...neu hier
Beiträge: 10 |
||
|
||
01.07.2007, 21:49
Ehrenmitglied
Beiträge: 6028 |
#2
Download OTMoveIt zum Desktop
Oeffne:OTMoveIt.exe Kopiere (selektiere en klick Ctrl-C) alle unterstehende C:\DOCUME~1\thai\jepnif.exe C:\DOCUME~1\thai\dogspn.exe C:\DOCUME~1\thai\sgeber.exe C:\DOCUME~1\thai\dldxiu.exe C:\DOCUME~1\thai\hognhs.exe C:\install C:\WINDOWS\system32\sysprinters.dll C:\WINDOWS\myalbum2007.zip im linken Fenster ,wo steht "Paste List of Files/Folders to be moved" Klicke auf den Roten MoveIt! knopf Wenn das Tool fertig ist wird ein log erstellt (*******_******.log *steht fuer datum und zeit In Datei C:\_OTMoveIt\MovedFiles\ Mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O21 - SSODL: system32 - {1031B724-B6A3-42EB-911F-C560C2E9E330} - sysprinters.dll (file missing) klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst __________ MfG Argus |
|
|
||
01.07.2007, 22:11
...neu hier
Themenstarter Beiträge: 10 |
#3
hmm ich kann die dateien nicht reinkopieren!!!! funktioniert irgendwie nicht....
man kann nichts reinziehen in das programm |
|
|
||
01.07.2007, 22:17
Ehrenmitglied
Beiträge: 6028 |
#4
Wenn du die Linke Maustaste einklikst dan kannst du selektieren
und dan Rechtsklick kopieren dan in das linke Fenster von MoveIt rechtsklick einfügen __________ MfG Argus |
|
|
||
01.07.2007, 22:18
...neu hier
Themenstarter Beiträge: 10 |
#5
moveit:
C:\DOCUME~1\thai\jepnif.exe moved successfully. C:\DOCUME~1\thai\dogspn.exe moved successfully. C:\DOCUME~1\thai\sgeber.exe moved successfully. C:\DOCUME~1\thai\dldxiu.exe moved successfully. C:\DOCUME~1\thai\hognhs.exe moved successfully. C:\install moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\sysprinters.dll C:\WINDOWS\system32\sysprinters.dll NOT unregistered. C:\WINDOWS\system32\sysprinters.dll moved successfully. C:\WINDOWS\myalbum2007.zip moved successfully. Created on 07.01.2007 22:18:06 fix checked gemacht!!! danke schonmal im voraus... was wird nun gemacht? Dieser Beitrag wurde am 01.07.2007 um 22:22 Uhr von thaiton editiert.
|
|
|
||
01.07.2007, 22:25
Ehrenmitglied
Beiträge: 6028 |
#6
Entferne auf C:\_OTMoveIt\ Papierkorb leeren
Wenn C:\WINDOWS\system32\sysprinters.dll noch anwesend ist benenne sie um Und versuche sie nochmal mit OTMoveIt zu löschen __________ MfG Argus |
|
|
||
01.07.2007, 22:35
...neu hier
Themenstarter Beiträge: 10 |
#7
kann die datei nicht löschen , habe sie jetz umbenannt , da kommt immer
Access denied. Make sure... write.... |
|
|
||
01.07.2007, 22:49
Ehrenmitglied
Beiträge: 6028 |
||
|
||
01.07.2007, 22:50
...neu hier
Themenstarter Beiträge: 10 |
||
|
||
01.07.2007, 23:07
Ehrenmitglied
Beiträge: 6028 |
||
|
||
01.07.2007, 23:13
...neu hier
Themenstarter Beiträge: 10 |
#11
im C:\WINDOWS\system32\ ordner ist keien datei mehr mit namen "sysprinters.dll"!!!
da gibs nur noch eine andere die heißt "sysprint.sep" die sysprinters.dll datei habe ich ja schon mit OTMoveit verschoben , und dann in test.de umbenannt. also im windows ordner existiert sie nich mehr EDIT: Ordner gelöscht , ging doch , halt über papierkorb ! über datei löschen gings nich , sehr komisch. ich lass Antivir gerade nochmal drüber schauen! , danke arnold schonma! weißt du wie man erkennt ob der virus noch drauf ist ? also ob der noch drauf sein könnte? Dieser Beitrag wurde am 01.07.2007 um 23:29 Uhr von thaiton editiert.
|
|
|
||
01.07.2007, 23:30
Ehrenmitglied
Beiträge: 6028 |
#12
Dann nochmal Entferne auf C:\_OTMoveIt\ Papierkorb leeren
Stelle Antivir so ein wie hier beschrieben http://board.protecus.de/t23979.htm und scanne Download CleanUp Wenn man CleanUp weiter benutzen will das haeckchen bei “Delete Prefetch files”entfernen! Anleitung: unter Options so einstellen sehe Anhang Systemwiederherstellung Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Neu Starten Dann wieder aktivieren Die benutzten Tools wieder entfernen Anhang: CleanUp2.JPG __________ MfG Argus |
|
|
||
31.07.2007, 17:03
...neu hier
Beiträge: 2 |
#13
[nobackups]
avenger.zip <Avenger by Swandog46> Avenger avenger.txt bfu.zip <BFU by Merijn> BFU combofix.exe <ComboFix by sUBs> QooBox ComboFix*.txt catchme.exe nircmd.exe swreg.exe Swxcacls.exe Swsc.exe dss.exe <Deckard's System Scanner by Deckard> Deckard FindAWF.exe <FindAWF by noahdfear> AWF.txt fixwareout.exe <FixWareout by LonnyRJones> fixwareout fsbl.exe <F-Secure BlackLight> fsbl*.log gmer.exe <GMER by Gmer> gmer.dll gmer.ini gmer.log gmer_uninstall.cmd gmer.sys gmer <delete service> haxfix.exe <Haxfix by Markie> haxfix.txt killbox.exe <Killbox by Option^Explicit> !Killbox OTMoveIt.exe <OTMoveIt by OldTimer> _OTMoveIt rustbfix.exe <Rustbfix by Ejvindh> Rustbfix sdfix.exe <SDFix by Andy_Manchesta> SDFix SmitfraudFix.exe <SmitfraudFix by S!Ri> SmitfraudFix rapport.txt SysInsite <System Insite by Bobbi Flekman> VundoFix.exe <VundoFix by Atribune> VundoFix Backups vundofix.txt win32delfkil.exe <WinDelfKil by Markie> _backupD windelf.txt winpfind.exe <WinPfind by OldTimer> WinPfind winpfind3u.exe <WinPFind3 by OldTimer> WinPFind3u cleanup.txt [deleteself] |
|
|
||
31.07.2007, 17:47
Member
Beiträge: 694 |
||
|
||
31.07.2007, 18:43
...neu hier
Beiträge: 2 |
#15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:00, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.6.0\bin\jusched.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Azureus\Azureus.exe C:\Programme\Alwil Software\Avast4\ashSimpl.exe C:\Programme\Windows Media Player\wmplayer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\eMule\emule.exe C:\WINDOWS\system32\divxsm.exe E:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Dokumente und Einstellungen\User\731161650.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O21 - SSODL: printers - {89F62020-7463-4ACC-959C-633083F9A0F6} - libcintle2.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6206 bytes |
|
|
||
ComboFIx:
"thai" - 2007-07-01 21:17:38 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))
2007-07-01 21:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 19:18 124,756 --a------ C:\DOCUME~1\thai\jepnif.exe
2007-07-01 19:05 124,756 --a------ C:\DOCUME~1\thai\dogspn.exe
2007-07-01 18:53 124,756 --a------ C:\DOCUME~1\thai\sgeber.exe
2007-07-01 17:53 124,756 --a------ C:\DOCUME~1\thai\dldxiu.exe
2007-07-01 17:39 124,756 --a------ C:\DOCUME~1\thai\hognhs.exe
2007-07-01 17:39 <DIR> d-------- C:\install
2007-07-01 17:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-01 17:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-01 16:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-01 16:15 24,040 --a------ C:\WINDOWS\system32\sysprinters.dll
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-01 17:12:55 -------- d-----w C:\Program Files\Mario Forever
2007-07-01 16:56:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 16:55:25 -------- d-----w C:\Program Files\Samsung
2007-07-01 05:43:49 -------- d-----w C:\DOCUME~1\thai\APPLIC~1\Skype
2007-06-17 14:51:18 -------- d-----w C:\Program Files\ICQToolbar
2007-06-14 19:43:58 -------- d-----w C:\Program Files\ICQ6
2007-06-10 19:55:57 -------- d-----w C:\DOCUME~1\thai\APPLIC~1\ICQ Toolbar
2007-05-31 18:52:23 -------- d-----w C:\Program Files\EDraw Flowchart
2007-05-28 20:46:51 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 16:26:24 -------- d-----w C:\Program Files\PDFCreator
2007-05-09 21:02:27 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-04 20:40:50 -------- d-----w C:\Program Files\UGS
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-14 19:19:34 22 ----a-w C:\WINDOWS\clofghls.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-12 15:17 C:\WINDOWS\system32\bthprops.cpl]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 20:13]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 17:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 17:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 22:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-10 11:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 21:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 21:14]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 04:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 17:29]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-19 18:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 20:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15:18]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{1031B724-B6A3-42EB-911F-C560C2E9E330}"="sysprinters.dll" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b9c84bc-53be-11db-bd95-0010c656a611}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 21:22:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-07-01 21:23:33
--- E O F ---
Hijack txt:
Logfile of HijackThis v1.99.1
Scan saved at 21:28:07, on 01.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\thai\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149927563859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149928022109
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {1031B724-B6A3-42EB-911F-C560C2E9E330} - sysprinters.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe