Habe VIRUS, der nicht zu löschen ist

#0
16.11.2007, 17:37
...neu hier

Beiträge: 1
#1 ComboFix 07-11-08.1 - test 2007-11-16 17:18:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.189 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\test\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sys.txt
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((( Dateien erstellt von 2007-10-16 bis 2007-11-16 ))))))))))))))))))))))))))))))
.

2007-11-16 17:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 14:57 <DIR> d-------- C:\Dokumente und Einstellungen\test\DoctorWeb
2007-11-15 19:18 <DIR> d-------- C:\bases_x
2007-11-15 18:27 <DIR> d-------- C:\Temp
2007-11-15 18:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prevx
2007-11-14 18:39 <DIR> d-------- C:\Programme\Trend Micro
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-14 18:11 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-14 18:09 153,600 --a------ C:\WINDOWS\R.COM
2007-11-14 18:09 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-11-14 17:56 <DIR> d-------- C:\Programme\Trojancheck 6
2007-11-14 14:50 <DIR> d-------- C:\WINDOWS\pss
2007-11-12 17:27 <DIR> d-------- C:\Programme\ClearProg
2007-11-12 17:20 <DIR> d-------- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Lavasoft
2007-11-10 18:02 <DIR> d-------- C:\Programme\Fälscherwerkstatt2
2007-11-10 17:36 <DIR> d-------- C:\Programme\Fälscherwerkstatt 4
2007-11-10 16:58 <DIR> d-------- C:\Programme\Bluefish Games
2007-11-08 18:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2007-11-08 18:31 <DIR> d-------- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Blueberry
2007-11-08 18:31 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blueberry
2007-11-08 18:31 27,776 --a------ C:\WINDOWS\system32\bbcap.dll
2007-11-08 18:31 4,608 --a------ C:\WINDOWS\system32\bbchlp.dll
2007-11-08 18:31 2,944 --a------ C:\WINDOWS\system32\drivers\bbcap.sys
2007-11-03 17:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2007-11-03 16:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe Systems
2007-11-03 10:24 <DIR> d-------- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Steinberg
2007-11-03 10:19 <DIR> d-------- C:\Programme\Steinberg
2007-11-03 10:14 <DIR> d-------- C:\Programme\Syncrosoft
2007-11-03 10:14 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2007-11-03 10:14 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2007-11-03 10:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2007-11-03 10:14 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2007-11-03 10:14 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2007-10-27 10:55 <DIR> d-------- C:\Programme\Macromedia
2007-10-27 10:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macromedia
2007-10-26 21:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2007-10-21 18:18 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-17 16:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 16:20 --------- d-----w C:\Programme\Lavasoft
2007-11-10 21:21 --------- d-----w C:\Dokumente und Einstellungen\test\Anwendungsdaten\uTorrent
2007-11-09 13:20 --------- d-----w C:\Programme\OXXOGames
2007-11-08 17:47 --------- d-----w C:\Programme\BestLogic
2007-11-03 16:56 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2007-10-30 15:40 --------- d-----w C:\Programme\Google
2007-10-29 19:39 --------- d-----w C:\Programme\ICQToolbar
2007-10-26 19:48 --------- d-----w C:\Programme\Bonjour
2007-10-16 11:57 --------- d-----w C:\Programme\Java
2007-10-15 11:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-15 11:04 --------- d-----w C:\Programme\PayPerView Lessons Modulation Tips and Tricks Vol 1
2007-10-15 11:03 --------- d-----w C:\Programme\WINv7xSetup
2007-10-12 18:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven
2007-10-06 18:28 --------- d-----w C:\Dokumente und Einstellungen\test\Anwendungsdaten\BearShare
2007-10-04 14:23 --------- d-----w C:\Dokumente und Einstellungen\test\Anwendungsdaten\Image Zone Express
2007-09-28 08:46 --------- d-----w C:\Programme\MTA San Andreas
2007-09-24 17:16 --------- d-----w C:\Dokumente und Einstellungen\test\Anwendungsdaten\Apple Computer
2007-09-24 17:15 --------- d-----w C:\Programme\QuickTime
2007-09-24 17:15 --------- d-----w C:\Programme\iTunes
2007-09-24 17:15 --------- d-----w C:\Programme\iPod
2007-09-24 17:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2007-09-24 17:14 --------- d-----w C:\Programme\Gemeinsame Dateien\Apple
2007-09-24 17:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2007-09-24 16:45 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-09-24 09:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2007-09-22 11:37 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2002-12-31 12:00 4,153 ----a-r C:\Programme\Win_XP_SP2_INFO.txt
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trojancheck 6 Guard"="C:\Programme\Trojancheck 6\tcguard.exe" [2002-11-14 17:23]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2003-12-13 01:50]
"SiSPower"="SiSPower.dll" [2005-08-25 12:05 C:\WINDOWS\system32\SiSPower.dll]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"SiSRaid"="C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 13:44]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-13 16:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"Commandos2DESetup.exe"="C:\DOKUME~1\test\Desktop\COMMAN~1.exe" []

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Kodak EasyShare Software.lnk - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 03:29:26]
KODAK Software Updater.lnk - C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-07-10 12:40:27]

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys
R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2007-11-16 17:19:26
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

C:\WINDOWS\erdnt

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

_____________________________

"Silent Runners.vbs", revision 52, h**p://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Programme\MSN Messenger\msnmsgr.exe" /background" [MS]
"Commandos2DESetup.exe" = "C:\DOKUME~1\test\Desktop\COMMAN~1.EXE /r" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Trojancheck 6 Guard" = "C:\Programme\Trojancheck 6\tcguard.exe" [empty string]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SoundMAXPnP" = "C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"SiSRaid" = "C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" ["SiS"]
"HP Software Update" = "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{9999A076-A9E2-4C99-8A2B-632FC9429223}" = "Bonjour"
-> {HKLM...CLSID} = "Bonjour"
\InProcServer32\(Default) = "C:\Programme\Bonjour\ExplorerPlugin.dll" ["Apple Computer, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Roll Back Shell Extention\(Default) = "{A51DA762-BDD7-11D5-973D-C0539E56E216}"
-> {HKLM...CLSID} = "conmenu Class"
\InProcServer32\(Default) = "C:\Programme\Avira\UnErase\ciasvrue.dll" [empty string]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "test" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Kodak EasyShare Software" -> shortcut to: "C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data]
"KODAK Software Updater" -> shortcut to: "C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data]
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{9999A076-A9E2-4C99-8A2B-632FC9429223}\(Default) = "Bonjour"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Bonjour\ExplorerPlugin.dll" ["Apple Computer, Inc."]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{7F9DB11C-E358-4CA6-A83D-ACC663939424}\
"ButtonText" = "Bonjour"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=about:blank

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]
AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"]
AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
Apple Mobile Device, Apple Mobile Device, ""C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, ""C:\Programme\MSN Messenger\usnsvc.exe"" [MS]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzsnt12\Driver = "hpzsnt12.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2007-11-16 17:28:56)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 22 seconds, including 3 seconds for message boxes)

___________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:36, on 16.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\MSN Messenger\livecall.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiSRaid] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Commandos2DESetup.exe] C:\DOKUME~1\test\Desktop\COMMAN~1.EXE /r
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - ***://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - h**p://www.flatcast.com/obj/NpFp415.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - h**p://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - h**p://www.flatcast.com/obj/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - h**p://controls.flatcast-data.com/data/objects/NpFv41629.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7202 bytes

___________________

Datfindbat


Verzeichnis von C:\WINDOWS\system32

13.11.2007 17:46 2.206 wpa.dbl
08.11.2007 18:33 31 bbcap.err
08.11.2007 18:31 27.776 bbcap.dll
08.11.2007 18:31 4.608 bbchlp.dll
03.11.2007 18:03 168.304 FNTCACHE.DAT
28.10.2007 10:17 40.972 perfc009.dat
28.10.2007 10:17 314.644 perfh009.dat
28.10.2007 10:17 320.424 perfh007.dat
28.10.2007 10:17 49.378 perfc007.dat
28.10.2007 10:17 732.342 PerfStringBackup.INI
16.10.2007 12:57 5.686 jupdate-1.6.0_03-b05.log
27.09.2007 14:10 4.150 lvcoinst.log
24.09.2007 22:31 139.264 javaws.exe
24.09.2007 22:31 69.632 javacpl.cpl
24.09.2007 21:30 135.168 javaw.exe
24.09.2007 21:30 135.168 java.exe
08.09.2007 10:33 16.832 amcompat.tlb
08.09.2007 10:33 23.392 nscompat.tlb
30.08.2007 18:45 5.214 jupdate-1.6.0_02-b06.log
28.08.2007 16:38 34.064 lhacm.acm
22.07.2007 18:39 279.552 swreg.exe
10.07.2007 13:39 74.443 VGAunistlog.ini
09.07.2007 11:33 0 h323log.txt
09.07.2007 10:46 1.156 $winnt$.inf
09.07.2007 10:38 2.951 CONFIG.NT
09.07.2007 10:36 488 logonui.exe.manifest
09.07.2007 10:36 488 WindowsLogon.manifest
09.07.2007 10:36 749 wuaucpl.cpl.manifest
09.07.2007 10:36 749 sapi.cpl.manifest
09.07.2007 10:36 749 nwc.cpl.manifest
09.07.2007 10:36 749 cdplayer.exe.manifest
09.07.2007 10:36 749 ncpa.cpl.manifest
09.07.2007 10:34 21.740 emptyregdb.dat
29.06.2007 05:24 49.152 QuickTime.qts
29.06.2007 05:24 65.536 QuickTimeVR.qtx
--
erzeichnis von C:\WINDOWS

16.11.2007 16:48 54.156 QTFont.qfn
16.11.2007 15:39 26 Lic.xxx
16.11.2007 15:05 463.084 WindowsUpdate.log
16.11.2007 14:59 0 0.log
16.11.2007 14:59 159 wiadebug.log
16.11.2007 14:59 50 wiaservc.log
16.11.2007 14:59 2.048 bootstat.dat
16.11.2007 14:57 776.464 ntbtlog.txt
16.11.2007 14:49 32.630 SchedLgU.Txt
15.11.2007 20:30 116 NeroDigital.ini
14.11.2007 14:58 700 win.ini
14.11.2007 14:58 227 system.ini
14.11.2007 14:48 609.481 setupapi.log
10.11.2007 16:59 0 SwSys2.bmp
10.11.2007 16:59 0 SwSys1.bmp
04.11.2007 21:24 192 winamp.ini
04.11.2007 19:06 75.800 wmsetup.log
03.11.2007 15:58 316.640 WMSysPr9.prx
29.10.2007 18:56 136.192 catchme.exe
26.10.2007 20:37 54.990 iis6.log
26.10.2007 20:37 1.563 tabletoc.log
26.10.2007 20:37 1.393 imsins.log
26.10.2007 20:37 1.227 ocmsn.log
26.10.2007 20:37 13.073 tsoc.log
26.10.2007 20:37 9.305 ntdtcsetup.log
26.10.2007 20:37 18.190 comsetup.log
26.10.2007 20:37 10.749 KB893803v2.log
26.10.2007 20:37 1.083 msgsocm.log
26.10.2007 20:37 1.912 MedCtrOC.log
26.10.2007 20:37 17.512 ocgen.log
26.10.2007 20:37 3.873 netfxocm.log
26.10.2007 20:37 17.753 FaxSetup.log
26.10.2007 20:37 12.306 msmqinst.log
22.10.2007 15:51 120 Winchat.ini
15.10.2007 12:04 51.563 Modulation Tips and Tricks Vol. 1 Setup Log.txt
15.10.2007 12:04 737.280 iun6002.exe
13.10.2007 17:36 256 _delis32.ini
13.10.2007 17:36 1.087 _isenv31.ini
13.10.2007 17:36 633 _iserr31.ini
24.09.2007 18:16 1.409 QTFont.for
08.09.2007 10:33 459 wmsetup10.log
04.09.2007 13:58 400 ODBC.INI
03.09.2007 19:26 1.174 OEWABLog.txt
30.08.2007 18:45 1.261 mozver.dat
29.08.2007 20:26 0 nsreg.dat
28.08.2007 13:54 6.078 DPINST.LOG
25.08.2007 14:14 159 Directx.log
24.08.2007 19:54 190.411 setupact.log
24.08.2007 19:25 221 NCLogConfig.ini
24.08.2007 19:05 32 CD_Start.INI
22.08.2007 19:00 113.900 hpoins07.dat
--
Verzeichnis von C:\WINDOWS\Downloaded Program Files

10.10.2007 19:18 1.689.824 NpFp415.dll
10.10.2007 19:06 1.021.912 NpFv41629.dll
10.10.2007 19:03 719.064 NpFv415.dll
09.07.2007 10:36 65 desktop.ini
13.04.2007 14:27 367 LegitCheckControl.inf
--
Verzeichnis von C:\

16.11.2007 17:54 0 sys.txt
16.11.2007 17:54 719 down.txt
16.11.2007 17:54 123 tmp.txt
16.11.2007 17:53 6.111 system.txt
16.11.2007 17:52 544 systemtemp.txt
16.11.2007 17:52 116.801 system32.txt
16.11.2007 17:20 8.687 ComboFix.txt
16.11.2007 14:59 754.974.720 pagefile.sys
15.11.2007 18:30 1.370 avenger.txt
14.11.2007 14:58 211 boot.ini
10.11.2007 22:20 268 sqmdata17.sqm
10.11.2007 22:20 244 sqmnoopt17.sqm
08.11.2007 20:08 268 sqmdata15.sqm
08.11.2007 20:08 244 sqmnoopt15.sqm
26.10.2007 19:15 268 sqmdata16.sqm
26.10.2007 19:15 244 sqmnoopt16.sqm
26.10.2007 15:34 3.001.723 export.exp
13.10.2007 20:27 268 sqmdata14.sqm
13.10.2007 20:27 244 sqmnoopt14.sqm
13.10.2007 17:36 268 sqmdata13.sqm
13.10.2007 17:36 244 sqmnoopt13.sqm
13.10.2007 15:32 268 sqmdata12.sqm
13.10.2007 15:32 244 sqmnoopt12.sqm
14.09.2007 17:03 268 sqmdata11.sqm
14.09.2007 17:03 244 sqmnoopt11.sqm
13.09.2007 19:14 268 sqmdata10.sqm
13.09.2007 19:14 244 sqmnoopt10.sqm
13.09.2007 14:56 268 sqmdata09.sqm
13.09.2007 14:56 244 sqmnoopt09.sqm
13.09.2007 10:02 268 sqmdata08.sqm
13.09.2007 10:02 244 sqmnoopt08.sqm
12.09.2007 19:08 268 sqmdata07.sqm
12.09.2007 19:08 244 sqmnoopt07.sqm
11.09.2007 19:29 268 sqmdata06.sqm
11.09.2007 19:29 244 sqmnoopt06.sqm
08.09.2007 08:47 268 sqmdata05.sqm
08.09.2007 08:47 244 sqmnoopt05.sqm
08.09.2007 08:44 268 sqmdata04.sqm
08.09.2007 08:44 244 sqmnoopt04.sqm
07.09.2007 21:39 244 sqmnoopt03.sqm
07.09.2007 21:39 268 sqmdata03.sqm
06.09.2007 19:50 268 sqmdata02.sqm
06.09.2007 19:50 244 sqmnoopt02.sqm
06.09.2007 14:36 268 sqmdata01.sqm
06.09.2007 14:36 244 sqmnoopt01.sqm
28.08.2007 13:54 268 sqmdata00.sqm
28.08.2007 13:54 244 sqmnoopt00.sqm
25.08.2007 14:14 51.233 Installer.log
25.08.2007 14:12 90 LogiSetup.log
Dieser Beitrag wurde am 16.11.2007 um 17:55 Uhr von chabo editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: