| |
| |||||||
Log-Analyse und Auswertung: TR/Dldr.ConHook.Gen treibt mich in den WahnsinnWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.06.2007, 21:29
| #1 |
| |  TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn Guten Abend, habe mir anscheinend bei einer inoffiziellen software einen Trojaner eingefangen, den mir AntiVir als TR/Dldr.ConHook.Gen identifiziert. Bin für jede Hilfe dankbar. Hier meine Logs: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 20:51:10, on 20.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SLEE503.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\D-Link\AirPlus G\AirGCFG.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\PeerGuardian2\pg2.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Dominik\Desktop\HJT1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Aktuell informiert mit T-Online onNachrichten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\awtsqpm.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {FC1E6610-A16F-4F77-84B8-BA3E5E5F60D3} - C:\WINDOWS\system32\awvvt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19b215c2...dxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124101079593 O18 - Protocol: bw+0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: awtsqpm - C:\WINDOWS\SYSTEM32\awtsqpm.dll O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe Verzeichnis von C:\WINDOWS\system32 20.06.2007 20:51 12.264 tvvwa.ini 20.06.2007 20:12 3.284 ANIWZCS{93DE43EE-39BE-4884-8C60-6DE5094B90A5} 20.06.2007 20:11 28.930 nvapps.xml 20.06.2007 20:11 1.158 wpa.dbl 20.06.2007 16:32 6.530 tvvwa.bak1 20.06.2007 16:31 266.336 awvvt.dll 20.06.2007 16:26 332.280 FNTCACHE.DAT 20.06.2007 15:56 31.254 awtsqpm.dll 12.06.2007 19:31 426.516 perfh007.dat 12.06.2007 19:31 412.608 perfh009.dat 12.06.2007 19:31 67.796 perfc009.dat 12.06.2007 19:31 80.196 perfc007.dat 12.06.2007 19:31 948.896 PerfStringBackup.INI 06.06.2007 09:53 407.152 pr2agqwb.exe 06.06.2007 08:38 15.747.032 MRT.exe 31.05.2007 08:45 4.816 divxsm.tlb 31.05.2007 08:45 524.288 DivXsm.exe 31.05.2007 08:44 823.296 divx_xx07.dll 31.05.2007 08:44 823.296 divx_xx0c.dll 31.05.2007 08:44 802.816 divx_xx11.dll 31.05.2007 08:44 740.442 DivX.dll 31.05.2007 08:44 638.976 divxdec.ax 19.05.2007 22:08 86.016 ElbyCDIO.dll 16.05.2007 19:55 407.152 pr2agqwc.exe 16.05.2007 17:11 683.520 inetcomm.dll 14.05.2007 22:35 173 TEMPSCP.SCP 14.05.2007 22:35 173 USER.SCP Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp 20.06.2007 20:51 16.384 ~DF7F79.tmp 20.06.2007 20:42 289 datFind.zip 20.06.2007 20:12 0 JET32CE.tmp 13.07.2006 19:18 24.613 IadHide5.dll Verzeichnis von C:\WINDOWS 20.06.2007 20:10 315 wiadebug.log 20.06.2007 20:10 1.349.593 WindowsUpdate.log 20.06.2007 20:10 50 wiaservc.log 20.06.2007 20:10 0 0.log 20.06.2007 20:10 2.048 bootstat.dat 20.06.2007 20:09 32.640 SchedLgU.Txt 20.06.2007 17:40 693.705 setupapi.log 20.06.2007 17:26 276 _delis32.ini 20.06.2007 15:03 7.779 mozver.dat 18.06.2007 21:08 116 NeroDigital.ini Verzeichnis von C:\WINDOWS\Temp Verzeichnis von C:\WINDOWS\Downloaded Program Files 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 25.07.2002 17:05 172.032 isusweb.dll Verzeichnis von C:\ 20.06.2007 20:54 0 sys.txt 20.06.2007 20:54 392 down.txt 20.06.2007 20:53 113 tmp.txt 20.06.2007 20:53 16.937 system.txt 20.06.2007 20:52 438 systemtemp.txt 20.06.2007 20:51 114.088 system32.txt 20.06.2007 20:10 1.073.270.784 hiberfil.sys 20.06.2007 20:10 402.653.184 pagefile.sys 16.06.2007 15:14 45 TEST.XML 18.11.2006 15:50 47.564 NTDETECT.COM 18.11.2006 15:50 251.184 ntldr 18.11.2006 15:12 192 boot.ini 18.11.2005 14:23 0 temp.ch 28.02.2005 16:49 112 sphjfix.log 20.05.2004 23:50 86.016 SpHjfix.exe 20.05.2004 15:28 138 SND.reg 05.04.2003 14:22 11.504 contact.dat Vielen Dank fürs durchlesen! 13.06.2007 15:47 255.012 comsetup.log 13.06.2007 15:47 155.615 ntdtcsetup.log 13.06.2007 15:47 175.260 iis6.log 13.06.2007 15:47 34.111 ocmsn.log 13.06.2007 15:47 1.374 imsins.log 13.06.2007 15:47 419.365 tsoc.log 13.06.2007 15:47 22.045 KB929123.log 13.06.2007 15:47 536.039 ocgen.log 13.06.2007 15:47 54.427 msgsocm.log 13.06.2007 15:47 1.093.072 FaxSetup.log 13.06.2007 15:47 110.392 updspapi.log 13.06.2007 15:46 1.374 imsins.BAK 13.06.2007 15:46 18.864 KB935840.log 13.06.2007 15:44 18.516 KB935839.log 13.06.2007 15:44 24.057 KB933566-IE7.log 12.06.2007 19:31 3.723 dahotfix.log 12.06.2007 19:31 19.544 dasetup.log 08.06.2007 21:02 5.270 setupact.log 05.06.2007 18:32 321.824 DirectX.log 26.05.2007 12:42 10 popcinfo.dat 26.05.2007 12:33 1.041 win.ini 23.05.2007 17:33 7.694 KB927891.log 14.05.2007 21:30 74 YNNHOJED.DLL 09.05.2007 20:53 2.359.350 IrfanView_Wallpaper.bmp |
|
20.06.2007, 21:30
| #2 |
| | TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn Habe nun einmal VundoFix laufen lassen, der auch prompt was gefunden hat. Da aber immer noch eine Datei als Trojaner identifiziert wird, hier mein Combofix-Log:
__________________Code:
ATTFilter ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe
"Dominik" - 2007-06-20 22:03:28 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))
2007-06-20 21:47 2,097,152 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2007-06-20 21:47 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-06-20 21:47 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen
2007-06-20 21:47 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten
2007-06-20 21:47 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien
2007-06-20 21:47 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen
2007-06-20 21:47 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-06-20 21:47 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-06-20 21:47 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-06-20 21:47 <DIR> d-------- C:\DOKUME~1\ADMINI~1\WINDOWS
2007-06-20 21:47 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\InterTrust
2007-06-20 21:47 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Help
2007-06-20 21:47 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\CyberLink
2007-06-20 21:26 <DIR> d-------- C:\VundoFix Backups
2007-06-20 21:05 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 17:40 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 15:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-06-20 15:56 31,254 --------- C:\WINDOWS\system32\awtsqpm.dll
2007-06-20 15:55 <DIR> d-------- C:\Programme\DriverGenius
2007-06-16 16:53 <DIR> d-------- C:\CloneDVDTemp
2007-06-16 16:41 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ahead
2007-06-15 11:33 <DIR> d-------- C:\Programme\FreePDF_XP
2007-06-15 11:33 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\FreePDF
2007-06-12 19:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\ENotebook 10.0
2007-06-12 19:38 <DIR> d-------- C:\Programme\ProWorks
2007-06-12 19:37 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CambridgeSoft
2007-06-12 19:31 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-06-12 19:31 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-06-12 19:30 <DIR> d-------- C:\Programme\Microsoft SQL Server
2007-06-12 14:21 <DIR> d-------- C:\Programme\CambridgeSoft
2007-06-12 13:48 <DIR> d-------- C:\Programme\PeerGuardian2
2007-06-06 09:53 64,880 --a------ C:\WINDOWS\system32\drivers\pe3agqwb.sys
2007-06-06 09:53 407,152 --a------ C:\WINDOWS\system32\pr2agqwb.exe
2007-06-06 09:52 55,160 --a------ C:\WINDOWS\system32\drivers\ps6agqwb.sys
2007-06-05 19:13 <DIR> d-------- C:\Programme\DAEMON Tools
2007-06-05 18:35 49,536 --a------ C:\WINDOWS\system32\drivers\ahtuezr3.sys
2007-06-01 17:39 <DIR> d-------- C:\Programme\Skype
2007-06-01 17:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-05-31 23:24 <DIR> d-------- C:\Programme\iPod
2007-05-31 08:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-20 18:09:14 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\uTorrent
2007-06-20 17:26:24 -------- d-----w C:\Programme\Tunebite
2007-06-20 15:41:03 -------- d--h--w C:\Programme\WindowsUpdate
2007-06-20 14:33:13 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-20 13:03:50 7,779 ----a-w C:\WINDOWS\mozver.dat
2007-06-16 14:27:32 -------- d-----w C:\Programme\Elaborate Bytes
2007-06-14 14:32:44 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\Skype
2007-06-13 05:27:09 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\ICQ
2007-06-12 17:31:44 80,196 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-06-12 17:31:44 426,516 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-08 16:32:30 -------- d-----w C:\Programme\DivX
2007-06-06 18:10:48 -------- d-----w C:\Programme\Gemeinsame Dateien\Sony Shared
2007-06-06 18:10:13 -------- d-----w C:\Programme\Video Store
2007-06-06 18:09:31 -------- d-----w C:\Programme\Gemeinsame Dateien\Ulead Systems
2007-06-05 16:59:39 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-02 11:05:55 -------- d-----w C:\Programme\PartyGaming.Net
2007-06-01 15:20:58 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\MyPhoneExplorer
2007-05-31 21:24:36 -------- d-----w C:\Programme\iTunes
2007-05-26 10:42:34 10 ----a-w C:\WINDOWS\popcinfo.dat
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 17:55:20 407,152 ----a-w C:\WINDOWS\system32\pr2agqwc.exe
2007-05-16 17:55:02 64,880 ----a-w C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-05-16 17:54:44 55,160 ----a-w C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 18:07:55 -------- d-----w C:\Programme\Ulead CD & DVD PictureShow 4
2007-05-14 21:37:47 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\Ulead Systems
2007-05-14 21:35:55 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-05-14 19:56:38 -------- d-----w C:\Programme\Shareaza
2007-05-14 19:56:33 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\Shareaza
2007-05-14 19:30:02 74 ---ha-w C:\WINDOWS\YNNHOJED.DLL
2007-05-14 18:32:17 -------- d-----w C:\Programme\Gemeinsame Dateien\InterVideo
2007-05-14 18:31:12 -------- d-----w C:\Programme\Windows Media Components
2007-05-14 14:22:59 -------- d-----w C:\Programme\MyPhoneExplorer
2007-05-14 14:21:50 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-05-14 14:21:46 -------- d-----w C:\Programme\Mobile Master
2007-05-14 13:54:07 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\Mobile Master
2007-05-10 09:59:55 -------- d-----w C:\Programme\QuickTime
2007-05-09 18:16:32 -------- d-----w C:\Programme\Trillian
2007-05-08 17:40:53 -------- d-----w C:\Programme\rlw32
2007-05-07 12:45:59 -------- d-----w C:\Programme\ICQ6
2007-05-02 16:01:12 -------- d-----w C:\DOKUME~1\Dominik\ANWEND~1\tunebite
2007-04-26 14:12:15 -------- d-----w C:\Programme\Radiograbber
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 18:11:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2004-12-13 12:08:48 56 --sh--r C:\WINDOWS\system32\F5904193E3.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{066A2CDC-319E-4460-BA45-C24562CD51AA}=C:\WINDOWS\system32\awtsqpm.dll [2007-06-20 15:56]
{6A7E5524-010E-4773-B916-E7E5B8445336}=C:\WINDOWS\system32\awvvt.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 21:20 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 18:06]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-02-27 21:08]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-13 19:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-04-25 12:29]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SSS6_Suite"="C:\Programme\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Programme\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Programme\Steganos Security Suite 6\spm.exe" /booting
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{066A2CDC-319E-4460-BA45-C24562CD51AA}"="C:\WINDOWS\system32\awtsqpm.dll" [2007-06-20 15:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpm]
awtsqpm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APITRAP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OpenMG Jukebox Startup.lnk]
backup=C:\WINDOWS\pss\OpenMG Jukebox Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLMIcon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
C:\Programme\Classic PhoneTools\CapFax.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Inet Xp..]
teekids.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MJStarter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Programme\Registry Clean Expert\RCScheduler.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"mmtask"="C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
Contents of the 'Scheduled Tasks' folder
2007-06-08 15:17:43 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-04-15 09:41:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 22:07:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-20 22:09:51
C:\ComboFix-quarantined-files.txt ... 2007-06-20 22:09
C:\ComboFix2.txt ... 2007-06-20 21:19
--- E O F ---
|
|
22.06.2007, 15:22
| #3 |
| | TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn Hat sich erledigt:
__________________http://www.hijackthis-forum.de/showthread.php?t=23490 |
|
| Themen zu TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn |
| adobe, antivir, avira, bho, desktop, drivers, einstellungen, explorer, firefox, hier meine logs, hijack, hijackthis, icq, internet, internet explorer, microsoft, mozilla, mozilla firefox, nvidia, pdf, programme, rundll, software, system, trojaner, trojaner eingefangen, tuneup utilities, windows, windows xp |
Linear-Darstellung
