Trojaner "TR/Spy.Agent.42496" |
||
---|---|---|
#0
| ||
20.11.2007, 15:43
...neu hier
Beiträge: 5 |
||
|
||
20.11.2007, 16:28
Ehrenmitglied
Beiträge: 6028 |
#2
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsx1B9.dll O4 - HKLM\..\Run: [{13-31-15-5F-ZN}] E:\Dokumente und Einstellungen\podssuwe\Lokale Einstellungen\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u O4 - Startup: TA_Start.lnk = E:\Dokumente und Einstellungen\podssuwe\Lokale Einstellungen\Temp\TIP2D002.exe klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Download: RVAXO by Smeenk,zum Desktop Danach doppelklicken Öffne die Datei RVAXO und doppelklick “RVAXO.cmd” Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun Dein Rechner wird neu gestartet,wenn nicht Rechner neu starten und nochmals “RVAXO.cmd” doppelklicken Poste nachher den logfile C:\ RVAXO-results.login dein folgender Bericht SDFix Download SDFix zum Desktop Starte im abgesicherten Modus: http://www.bsi.bund.de/av/texte/wiederher.htm SDFix.zip entpacken unter C:\ findet man nun den SDFix-Ordner Doppelklick RunThis.bat Schreibe: Y folge allen Anweisungen Dann wird der Rechner neustarten SDFix entfernt jetzt die gefundene Objekte Kopiere den Inhalt des Berichts SophosReport.txt ” der jetzt auf dein Desktop steht in diesen Thread Und ein log von Hijack This NoteEs werden zwei Virenscanner benutzt,einer zuviel! __________ MfG Argus |
|
|
||
20.11.2007, 16:42
...neu hier
Themenstarter Beiträge: 5 |
#3
----------------RVAXO.exe first run-------------
Files found: C:\WINDOWS\system32\rightonadz-uninst.exe C:\WINDOWS\system32\ninjaext.dll C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\gzmrot-uninst.exe C:\WINDOWS\system32\gzmrotate.dll Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: C:\WINDOWS\system32\ntos.exe Folders Found: C:\WINDOWS\system32\wsnpoem --------------RVAXO.exe finished---------------- Dieser Beitrag wurde am 20.11.2007 um 16:55 Uhr von nextnexus editiert.
|
|
|
||
20.11.2007, 17:00
Ehrenmitglied
Beiträge: 6028 |
#4
Oeffne die Datei RVAXO auf dein Desktop
Doppleklick Uninstall.cmd um alles von RVAXO zu entfernen __________ MfG Argus |
|
|
||
20.11.2007, 17:20
...neu hier
Themenstarter Beiträge: 5 |
#5
SDFix wie beschreiben ausgeführt. Nach Reboot konnte er Pfade nicht finden. Die Trojaner Meldung kommt aber nicht mehr.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20, on 2007-11-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programme\Gemeinsame Dateien\NMSAccessU.exe C:\WINDOWS\system32\oodag.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Fingerprint Sensor\ATSwpNav.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Tools\Blasc\BLASC.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe C:\PROGRA~1\MICROS~3\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programme\Last.fm\LastFMHelper.exe C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe C:\Programme\Miranda IM\miranda32.exe C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE C:\Programme\Secunia\PSI (BETA)\PSI.exe C:\Programme\Microsoft ActiveSync\WCESMgr.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Opera\Opera.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-raiders.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [BLASC] "D:\Tools\Blasc\BLASC.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [plazes.plazer.2.0] "C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe" /winstart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\podssuwe\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Miranda IM.lnk = C:\Programme\Miranda IM\miranda32.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: plazes launcher (.NET version).lnk = D:\Tools\Plazes\PlazesLauncher.exe O4 - Startup: Secunia PSI (BETA).lnk = C:\Programme\Secunia\PSI (BETA)\PSI.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe O4 - Global Startup: PDF-Capture.lnk = C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Gemeinsame Dateien\NMSAccessU.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13018 bytes |
|
|
||
20.11.2007, 19:55
Ehrenmitglied
Beiträge: 6028 |
#6
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Download Avenger zum Desktop Alle Fenster muessen geschlossen sein Starte Avenger Anhaken “ Input script manually Die "Lupe" rechts anklicken - View/edit script (wird sich öffnen) kopiere rein: Files to delete: C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\ntos.exe Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten nach dem Neustart erscheint ein Log vom Avenger, kopiere es ab - mit rechtem Mausklick - kopieren - einfügen __________ MfG Argus |
|
|
||
20.11.2007, 22:55
...neu hier
Themenstarter Beiträge: 5 |
#7
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uxcnj^bq ******************* Script file located at: \??\C:\sidufumw.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\wsnpoem not found! Deletion of file C:\WINDOWS\system32\wsnpoem failed! Could not process line: C:\WINDOWS\system32\wsnpoem Status: 0xc0000034 File C:\WINDOWS\system32\ntos.exe not found! Deletion of file C:\WINDOWS\system32\ntos.exe failed! Could not process line: C:\WINDOWS\system32\ntos.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
21.11.2007, 13:02
Ehrenmitglied
Beiträge: 6028 |
||
|
||
21.11.2007, 14:12
...neu hier
Themenstarter Beiträge: 5 |
#9
Deckard's System Scanner v20071014.68
Run by podssuwe on 2007-11-21 14:07:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; System Restore is disabled (service is not running). Backed up registry hives. Performed disk cleanup. -- HijackThis (run as podssuwe.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09, on 2007-11-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programme\Gemeinsame Dateien\NMSAccessU.exe C:\WINDOWS\system32\oodag.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Fingerprint Sensor\ATSwpNav.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Tools\Blasc\BLASC.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe C:\PROGRA~1\MICROS~3\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Last.fm\LastFMHelper.exe C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe C:\Programme\Miranda IM\miranda32.exe C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE C:\Programme\Secunia\PSI (BETA)\PSI.exe C:\Programme\Microsoft ActiveSync\WCESMgr.exe C:\WINDOWS\system32\msiexec.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe E:\Dokumente und Einstellungen\podssuwe\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\podssuwe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-raiders.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [BLASC] "D:\Tools\Blasc\BLASC.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [plazes.plazer.2.0] "C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe" /winstart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\podssuwe\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Miranda IM.lnk = C:\Programme\Miranda IM\miranda32.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: plazes launcher (.NET version).lnk = D:\Tools\Plazes\PlazesLauncher.exe O4 - Startup: Secunia PSI (BETA).lnk = C:\Programme\Secunia\PSI (BETA)\PSI.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe O4 - Global Startup: PDF-Capture.lnk = C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Gemeinsame Dateien\NMSAccessU.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12963 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071120-160054-198 F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe, backup-20071120-160208-739 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, backup-20071120-164837-274 O4 - HKLM\..\Run: [{13-31-15-5F-ZN}] E:\Dokumente und Einstellungen\podssuwe\Lokale Einstellungen\Temp\TIP2D002.exe P2D002 backup-20071120-164837-419 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, backup-20071120-164837-449 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u backup-20071120-224808-936 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\programme\gemeinsame dateien\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Workstation> R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector> S3 BDFsDrv - c:\programme\softwin\bitdefender8\bdfsdrv.sys (file missing) S3 BDRsDrv - c:\programme\softwin\bitdefender8\bdrsdrv.sys (file missing) S3 catchme - e:\dokume~1\podssuwe\lokale~1\temp\catchme.sys (file missing) S3 FILESpy - c:\programme\softwin\bitdefender8\filespy.sys (file missing) S3 REGSpy - c:\programme\softwin\bitdefender8\regspy.sys (file missing) S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys <Not Verified; VMware, Inc.; VMware virtual network adapter driver (32-bit)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programme\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour> R2 NMSAccessU - c:\programme\gemeinsame dateien\nmsaccessu.exe R2 vmount2 (VMware Virtual Mount Manager Extended) - "c:\programme\gemeinsame dateien\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Workstation> R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-11-21 14:00:00 234 --a------ C:\WINDOWS\Tasks\Erweiterte Garantie.job -- Files created between 2007-10-21 and 2007-11-21 ----------------------------- 2007-11-21 14:01:20 0 d-------- E:\Deckard 2007-11-20 17:13:04 1582 --a------ E:\Dokumente und Einstellungen\podssuwe\clean.reg 2007-11-20 17:03:50 0 d-------- C:\WINDOWS\ERUNT 2007-11-20 15:19:12 0 d-------- C:\Programme\Trend Micro 2007-11-15 20:24:34 0 d-------- C:\Programme\Avira 2007-11-14 13:21:10 0 d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2007-11-13 16:57:04 0 d-------- C:\Programme\MSECache 2007-11-13 16:12:45 0 d-------- C:\Programme\Microsoft Works 2007-11-09 22:40:04 0 d-------- C:\Programme\JKDefrag 2007-11-09 22:37:36 0 d-------- C:\Programme\NT Registry Optimizer 2007-11-06 19:49:01 0 d-------- C:\Programme\Last.fm 2007-11-06 19:17:22 0 d-------- C:\Programme\Citrix 2007-11-05 17:40:54 0 d-------- C:\Programme\Windows Media Connect 2 2007-11-05 17:39:30 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-11-05 16:15:38 0 d-------- C:\Programme\Gemeinsame Dateien\Acronis 2007-11-05 16:15:38 0 d-------- C:\Programme\Acronis 2007-10-29 13:48:43 0 d-------- C:\Programme\Secunia 2007-10-23 16:52:42 0 --a------ C:\WINDOWS\ativpsrm.bin -- Find3M Report --------------------------------------------------------------- 2007-11-21 14:06:43 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\Skype 2007-11-21 13:42:33 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\uTorrent 2007-11-06 19:38:51 0 d--h----- C:\Programme\InstallShield Installation Information 2007-11-06 19:17:27 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\ICAClient 2007-11-05 16:15:38 0 d-------- C:\Programme\Gemeinsame Dateien 2007-10-28 20:29:56 418914 --a------ C:\WINDOWS\system32\perfh007.dat 2007-10-28 20:29:56 75968 --a------ C:\WINDOWS\system32\perfc007.dat 2007-10-23 11:36:13 0 d-------- C:\Programme\Java 2007-10-20 14:00:43 0 d-------- C:\Programme\Opera 2007-10-20 13:52:23 0 d--h----- C:\Programme\Zero G Registry 2007-10-20 13:52:14 0 d-------- C:\Programme\steam application launcher 2007-10-18 10:06:18 0 d-------- C:\Programme\Microsoft ActiveSync 2007-10-18 09:53:42 0 d-------- C:\Programme\Octoshape Streaming Services 2007-10-18 09:52:26 0 d-------- C:\Programme\FrostWire 2007-10-18 09:52:09 0 d-------- C:\Programme\East West 2007-10-08 14:40:07 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\Propellerhead Software 2007-10-08 14:39:48 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK> 2007-10-08 14:39:48 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-10-04 12:04:15 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\Miranda IM 2007-10-04 12:04:09 0 d-------- C:\Programme\Miranda IM 2007-10-02 12:35:57 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\Megaupload 2007-10-02 12:25:44 0 d-------- C:\Programme\Megaupload 2007-10-02 12:25:11 0 d-------- E:\Dokumente und Einstellungen\podssuwe\Anwendungsdaten\InstallShield 2007-09-28 20:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-09-22 13:46:41 0 d-------- C:\Programme\PDF-XChange SDK EndUser 2007-09-04 14:31:32 3936 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34] "NECHotkey"="mHotkey.exe" [2006-01-11 10:29 C:\WINDOWS\mHotkey.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "AzMixerSel"="C:\Programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 15:55] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 12:25 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ATSwpNav"="C:\Programme\Fingerprint Sensor\ATSwpNav -run" [] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-03-10 01:47] "StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-03-10 01:43] "TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 02:52] "AcronisTimounterMonitor"="C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 03:02] "Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2007-09-14 02:55] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-15 20:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BLASC"="D:\Tools\Blasc\BLASC.exe" [2007-10-26 16:08] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-08-17 02:45] "Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe" [] "plazes.plazer.2.0"="C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe" [2007-09-05 13:41] "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-06-26 20:09] "Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\podssuwe\OctoshapeClient.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00] E:\Dokumente und Einstellungen\podssuwe\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Miranda IM.lnk - C:\Programme\Miranda IM\miranda32.exe [2007-10-18 03:27:14] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Apps\Softex\OmniPass\opxpgina.dll 2005-08-12 17:01 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SharpReader.lnk] path=E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SharpReader.lnk backup=C:\WINDOWS\pss\SharpReader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Programme\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys] C:\APPS\SMP\SmpSys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] D:\Tools\Spybot - Search & Destroy\TeaTimer.exe -- End of Deckard's System Scanner: finished at 2007-11-21 14:10:24 ------------ |
|
|
||
21.11.2007, 14:37
Ehrenmitglied
Beiträge: 6028 |
#10
Entferne die Backups von Hijack This
C:\PROGRA~1\TRENDM~1\HIJACK~1\backups Kein ntos.exe mehr zu sehen Systemwiederherstellung Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Neu Starten Dann wieder aktivieren (Häkchen entfernen) Benutze mal ein Onlinescanner http://www.kaspersky.com/de/virusscanner Solltest deine passwoerter aendern! __________ MfG Argus |
|
|
||
2. ComboFix im Edit, keine aktuelle Version :/
3. HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:23, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Tools\Blasc\BLASC.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe
C:\Programme\Miranda IM\miranda32.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programme\Secunia\PSI (BETA)\PSI.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programme\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Opera\Opera.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-raiders.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsx1B9.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [{13-31-15-5F-ZN}] E:\Dokumente und Einstellungen\podssuwe\Lokale Einstellungen\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BLASC] "D:\Tools\Blasc\BLASC.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [plazes.plazer.2.0] "C:\Programme\plazes.com\Plazer 2.0\plazes.plazer.2.0.exe" /winstart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\podssuwe\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Miranda IM.lnk = C:\Programme\Miranda IM\miranda32.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: plazes launcher (.NET version).lnk = D:\Tools\Plazes\PlazesLauncher.exe
O4 - Startup: Secunia PSI (BETA).lnk = C:\Programme\Secunia\PSI (BETA)\PSI.exe
O4 - Startup: TA_Start.lnk = E:\Dokumente und Einstellungen\podssuwe\Lokale Einstellungen\Temp\TIP2D002.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Programme\PDF-XChange SDK EndUser\PDFSaver.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 14397 bytes
4. datfind
Verzeichnis von C:\WINDOWS\system32
20.11.2007 12:21 1.158 wpa.dbl
20.11.2007 12:18 227.271 OODBS.lor
13.11.2007 16:20 1.683.256 FNTCACHE.DAT
12.11.2007 18:12 17 msnav32.ax
05.11.2007 20:18 16.832 amcompat.tlb
05.11.2007 20:18 23.392 nscompat.tlb
02.11.2007 08:12 18.238.072 MRT.exe
30.10.2007 23:57 40.733 rightonadz-uninst.exe
30.10.2007 20:03 79.875 adssite-remove.exe
30.10.2007 19:15 139.264 nsx1B9.dll
30.10.2007 17:31 75.776 gzmrotate.dll
29.10.2007 16:07 373.760 xpsp3res.dll
28.10.2007 20:29 418.914 perfh007.dat
28.10.2007 20:29 75.968 perfc007.dat
28.10.2007 20:29 63.188 perfc009.dat
28.10.2007 20:29 403.968 perfh009.dat
28.10.2007 20:29 974.566 PerfStringBackup.INI
25.10.2007 17:42 8.501.248 shell32.dll
23.10.2007 11:36 5.628 jupdate-1.6.0_03-b05.log
08.10.2007 14:39 233.472 REX Shared Library.dll
08.10.2007 14:39 368.640 ReWire.dll
29.09.2007 04:21 9.854.976 atioglx2.dll
29.09.2007 04:07 356.352 ATIDEMGX.dll
29.09.2007 04:06 268.800 ati2dvag.dll
29.09.2007 03:58 143.360 atipdlxx.dll
29.09.2007 03:58 122.880 Oemdspif.dll
29.09.2007 03:58 26.112 Ati2mdxx.exe
29.09.2007 03:58 43.520 ati2edxx.dll
29.09.2007 03:57 122.880 ati2evxx.dll
29.09.2007 03:56 483.328 ati2evxx.exe
29.09.2007 03:55 53.248 ATIDDC.DLL
29.09.2007 03:49 307.200 atiiiexx.dll
29.09.2007 03:47 172.032 atiok3x2.dll
29.09.2007 03:47 3.130.720 ati3duag.dll
29.09.2007 03:36 1.593.600 ativvaxx.dll
29.09.2007 03:23 5.435.392 atioglxx.dll
29.09.2007 03:22 376.832 atikvmag.dll
29.09.2007 03:20 17.408 atitvo32.dll
29.09.2007 03:14 499.712 ati2cqag.dll
28.09.2007 20:05 593.920 ati2sgag.exe
24.09.2007 22:31 139.264 javaws.exe
24.09.2007 22:31 69.632 javacpl.cpl
24.09.2007 21:30 135.168 javaw.exe
24.09.2007 21:30 135.168 java.exe
16.09.2007 01:00 40.315 gzmrot-uninst.exe
10.09.2007 08:23 2.776 psi.inf
31.08.2007 14:04 222.488 snapapi.dll
29.08.2007 10:51 249.852 TZLog.log
21.08.2007 07:16 683.520 inetcomm.dll
20.08.2007 18:58 75.264 ninjaext.dll
20.08.2007 10:55 102.400 occache.dll
20.08.2007 10:55 105.984 url.dll
20.08.2007 10:55 1.152.000 urlmon.dll
20.08.2007 10:55 824.832 wininet.dll
20.08.2007 10:55 671.232 mstime.dll
20.08.2007 10:55 232.960 webcheck.dll
20.08.2007 10:55 3.584.512 mshtml.dll
20.08.2007 10:55 193.024 msrating.dll
20.08.2007 10:55 477.696 mshtmled.dll
20.08.2007 10:55 52.224 msfeedsbs.dll
20.08.2007 10:55 459.264 msfeeds.dll
20.08.2007 10:55 6.058.496 ieframe.dll
20.08.2007 10:55 1.824.768 inetcpl.cpl
20.08.2007 10:55 44.544 iernonce.dll
20.08.2007 10:55 267.776 iertutil.dll
20.08.2007 10:55 27.648 jsproxy.dll
20.08.2007 10:55 383.488 ieapfltr.dll
20.08.2007 10:55 230.400 ieaksie.dll
20.08.2007 10:55 384.512 iedkcs32.dll
20.08.2007 10:55 214.528 dxtrans.dll
20.08.2007 10:55 132.608 extmgr.dll
20.08.2007 10:55 63.488 icardie.dll
20.08.2007 10:55 153.088 ieakeng.dll
20.08.2007 10:55 124.928 advpack.dll
17.08.2007 11:19 13.824 ieudinit.exe
17.08.2007 11:19 63.488 ie4uinit.exe
17.08.2007 08:34 161.792 ieakui.dll
16.08.2007 00:55 139 iiSetup.log
14.08.2007 22:11 156.671 atiicdxx.dat
5. Pfad: C:\\WINDOWS\system32\ntos.exe