Immernoch Trojaner

Michi_Hett · 05.09.2007, 10:13

05.09.2007 11:10 81.984 bdod.bin
05.09.2007 11:01 14 getfile.dat
04.09.2007 22:58 1.080 settingsbkup.sfm
04.09.2007 22:58 1.080 settings.sfm
04.09.2007 22:58 2.796 DVCState-{00000001-00000000-00000009-00001102-00000008-10011102}.rfx
04.09.2007 22:58 30.624 BMXState-{00000001-00000000-00000009-00001102-00000008-10011102}.rfx
04.09.2007 22:58 29.772 BMXCtrlState-{00000001-00000000-00000009-00001102-00000008-10011102}.rfx
04.09.2007 22:58 29.772 BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000008-10011102}.rfx
04.09.2007 22:58 30.624 BMXStateBkp-{00000001-00000000-00000009-00001102-00000008-10011102}.rfx
02.09.2007 09:21 421.358 perfh009.dat
02.09.2007 09:21 70.814 perfc009.dat
02.09.2007 09:21 441.260 perfh007.dat
02.09.2007 09:21 86.282 perfc007.dat
02.09.2007 09:21 975.094 PerfStringBackup.INI
01.09.2007 13:01 0 tmp.txt
01.09.2007 13:01 2.528 tmp.reg
18.08.2007 09:18 2.206 wpa.dbl
16.08.2007 20:01 239.944 FNTCACHE.DAT
16.08.2007 19:57 73.728 sockspy.dll
16.08.2007 19:57 77.824 xcomm.dll
16.08.2007 19:57 0 h323log.txt
16.08.2007 19:17 7.006 jupdate-1.5.0_06-b05.log
16.08.2007 19:05 261 $winnt$.inf
16.08.2007 19:03 2.951 CONFIG.NT
16.08.2007 19:02 16.832 amcompat.tlb
16.08.2007 19:02 23.392 nscompat.tlb
16.08.2007 19:02 488 logonui.exe.manifest
16.08.2007 19:02 488 WindowsLogon.manifest
16.08.2007 19:01 749 sapi.cpl.manifest
16.08.2007 19:01 749 cdplayer.exe.manifest
16.08.2007 19:01 749 wuaucpl.cpl.manifest
16.08.2007 19:01 749 nwc.cpl.manifest
16.08.2007 19:01 749 ncpa.cpl.manifest
16.08.2007 18:59 21.740 emptyregdb.dat
12.07.2007 09:12 81.920 frapsvid.dll

Michi_Hett · 05.09.2007, 10:15

05.09.2007 09:26 4.592 SIntfIcn.ani
05.09.2007 09:26 24.516 SIntfNT.dll
05.09.2007 09:26 19.924 SIntf32.dll
05.09.2007 09:26 12.067 SIntf16.dll
05.09.2007 09:04 6.380 jusched.log
04.09.2007 22:57 1.536 ~DFDEF0.tmp
04.09.2007 22:57 1.536 ~DFDF29.tmp
04.09.2007 22:57 1.536 ~DFDF62.tmp
04.09.2007 21:59 36.864 CmdLineExt02.dll
04.09.2007 21:55 16.384 ~DFE776.tmp
04.09.2007 21:55 16.384 ~DFD4AC.tmp
04.09.2007 21:55 16.384 ~DFD4E6.tmp
04.09.2007 19:57 12.557 vscan.tsi
04.09.2007 18:15 16.384 ~DF6C7A.tmp
04.09.2007 18:15 16.384 ~DF6325.tmp
04.09.2007 18:15 512 ~DF6307.tmp
04.09.2007 18:15 512 ~DF6340.tmp
04.09.2007 18:15 16.384 ~DF626B.tmp
04.09.2007 18:15 512 ~DF629E.tmp
04.09.2007 18:15 16.384 ~DF62D4.tmp
04.09.2007 18:15 16.384 ~DF59A7.tmp
04.09.2007 18:15 512 ~DF59C2.tmp
04.09.2007 18:15 512 ~DF5988.tmp
04.09.2007 18:15 16.384 ~DF596D.tmp
04.09.2007 18:15 0 sqlite_h8Du49ngEFR6jci
04.09.2007 18:15 0 sqlite_Ezvi9nhAUL4cKym
04.09.2007 18:15 0 sqlite_9mjmWkCwJ85GTbv
04.09.2007 18:15 2.048 sqlite_9naOctyDm7g4pDW
04.09.2007 16:10 1.536 ~DF739D.tmp
04.09.2007 16:10 1.536 ~DF7360.tmp
04.09.2007 16:10 1.536 ~DF7322.tmp
04.09.2007 15:24 16.384 ~DF7E46.tmp
04.09.2007 15:24 16.384 ~DF6548.tmp
04.09.2007 15:24 16.384 ~DF64FA.tmp
02.09.2007 21:58 1.536 ~DF925D.tmp
02.09.2007 21:58 1.536 ~DF9296.tmp
02.09.2007 21:58 1.536 ~DF921C.tmp
02.09.2007 17:50 16.384 ~DF9CEB.tmp
02.09.2007 17:50 16.384 ~DF8863.tmp
02.09.2007 17:50 16.384 ~DF8829.tmp
02.09.2007 09:24 701 TWAIN.LOG
02.09.2007 09:24 156 Twunk001.MTX
02.09.2007 09:24 0 Twunk002.MTX
02.09.2007 09:24 2 Twain001.Mtx
02.09.2007 09:21 1.479 redist.log
02.09.2007 09:07 2.471 dotNetFx.log
02.09.2007 09:06 6.394 ASPNETSetup.log
01.09.2007 14:17 0 rj89.tmp
01.06.2006 20:04 491 sfmsi.ini

05.09.2007 08:54 4.932.830 {00000001-00000000-00000009-00001102-00000008-10011102}.CDF
05.09.2007 08:54 0 0.log
05.09.2007 08:54 821.008 WindowsUpdate.log
05.09.2007 08:54 2.048 bootstat.dat
04.09.2007 22:57 12.460 SchedLgU.Txt
04.09.2007 18:14 69 NeroDigital.ini
04.09.2007 15:56 95 winamp.ini
02.09.2007 09:42 1.452 COM+.log
02.09.2007 09:42 216 wiadebug.log
02.09.2007 09:24 50 wiaservc.log
02.09.2007 09:21 3.720 dahotfix.log
02.09.2007 09:21 19.491 dasetup.log
02.09.2007 09:21 246.436 setupapi.log
01.09.2007 13:03 183.807 setupact.log
01.09.2007 13:02 353.528 ntbtlog.txt
30.08.2007 16:19 980 IE4 Error Log.txt
28.08.2007 19:31 75.879 War3Unin.dat
28.08.2007 15:01 2.829 War3Unin.pif
28.08.2007 15:01 139.264 War3Unin.exe
24.08.2007 22:35 1.174 OEWABLog.txt
24.08.2007 22:35 1.860 wmsetup.log
23.08.2007 16:13 3.386 pxinstall_log.txt
23.08.2007 16:12 77.312 ua2.dll
17.08.2007 11:31 0 nsreg.dat
16.08.2007 19:55 0 Sti_Trace.log
16.08.2007 19:55 3.294 KB896358.log
16.08.2007 19:53 1.348 regopt.log
16.08.2007 19:53 231 system.ini
16.08.2007 19:53 4.932.830 {00000001-00000000-00000009-00001102-00000008-10011102}.BAK
16.08.2007 19:48 2.938 Ascd_tmp.ini
16.08.2007 19:46 0 SBWIN.INI
16.08.2007 19:25 400 ODBC.INI
16.08.2007 19:25 703 win.ini
16.08.2007 19:20 2.775 mozver.dat
16.08.2007 19:07 811.657 setuplog.txt
16.08.2007 19:06 8.192 REGLOCS.OLD
16.08.2007 19:05 48.665 iis6.log
16.08.2007 19:05 7.930 ntdtcsetup.log
16.08.2007 19:05 15.904 comsetup.log
16.08.2007 19:05 10.187 tsoc.log
16.08.2007 19:05 1.252 tabletoc.log
16.08.2007 19:05 4.382 imsins.log
16.08.2007 19:05 885 ocmsn.log
16.08.2007 19:05 630 setuperr.log
16.08.2007 19:03 0 control.ini
16.08.2007 19:02 316.640 WMSysPr9.prx
16.08.2007 19:02 4.161 ODBCINST.INI
16.08.2007 19:01 749 WindowsShell.Manifest
16.08.2007 18:59 871 msgsocm.log
16.08.2007 18:59 1.487 MedCtrOC.log
16.08.2007 18:59 14.732 ocgen.log
16.08.2007 18:59 11.537 FaxSetup.log
16.08.2007 18:59 1.023 sessmgr.setup.log
16.08.2007 18:59 2.790 netfxocm.log
16.08.2007 18:59 37 vbaddin.ini
16.08.2007 18:59 36 vb.ini
16.08.2007 18:59 133 DtcInstall.log
16.08.2007 18:59 10.200 msmqinst.log
16.08.2007 18:57 200 cmsetacl.log

05.09.2007 08:55 0 Upd3.tmp
04.09.2007 20:58 0 Upd8.tmp
03.09.2007 20:59 0 Upd7.tmp
02.09.2007 20:59 0 Upd14.tmp
01.09.2007 20:59 0 Upd1E.tmp
31.08.2007 21:01 0 UpdD.tmp
30.08.2007 21:01 0 Upd17.tmp
29.08.2007 21:02 0 UpdB.tmp
28.08.2007 21:02 0 Upd4.tmp
27.08.2007 21:01 0 Upd6.tmp
27.08.2007 14:33 1.005 BitB.tmp.xml
27.08.2007 14:33 49.075 BitA.tmp.dmp
26.08.2007 21:02 0 UpdF.tmp
25.08.2007 21:03 0 UpdC.tmp
25.08.2007 20:42 0 UpdA.tmp
24.08.2007 21:03 0 Upd9.tmp
23.08.2007 21:03 0 Upd5.tmp

Michi_Hett · 05.09.2007, 10:17

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BitTorrent" = ""C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized" [file not found]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BDMCon" = "c:\progra~1\softwin\bitdef~1\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUpUtilities2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Hett" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Dienst-Manager" -> shortcut to: "C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
VNC Server Version 4, WinVNC4, ""C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service" ["RealVNC Ltd."]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

---------- (launch time: 2007-09-05 11:16:55)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 53 seconds, including 9 seconds for message boxes)

Chris4You · 05.09.2007, 14:22

Hmm,

das sieht auch recht gut aus.....
Ich finde leider nichts..

Chris

KarlKarl · 05.09.2007, 14:43

Hi Chris,

da wird auch schwer was zu finden sein, so wie einem Informationen vorenthalten werden. Der Anfang des HijackThis fehlt, von den 6 Verzeichnissen sind anscheinend nur 4 da, was und wo avir (?) meldet, wird einem nicht verraten

Dann arbeiten da zwei Virenscanner gegeneinander, wenn wir dann noch davon ausgehen, dass alle Software so veraltet ist wie die Javainstallation, dann kann sich bestimmt über RealVNC jeder auf dem System anmelden ohne nach irgendwas gefragt zu werden, da war doch mal so ein Superloch.

Den letzten Thread vor gerade mal zwei Wochen nicht zuende gearbeitet, das kann frustrieren

Gruß, Karl

GUA · 05.09.2007, 19:09

Zitat:

Zitat von KarlKarl

Den letzten Thread vor gerade mal zwei Wochen nicht zuende gearbeitet, das kann frustrieren...

ich denke auch, das michi in seinem alten beitrag bleiben sollte und erstmal dort alles abarbeitet...

hier gehts also weiter http://www.trojaner-board.de/42533-t...kleiste-3.html

GUA

Immernoch Trojaner

Mülltonne: Immernoch Trojaner