| |
| |||||||
Log-Analyse und Auswertung: System Ruckelt in skype bzw in Internet!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.11.2007, 09:37
| #1 |
| |  System Ruckelt in skype bzw in Internet! Guten Morgen, Also mein Problem: Mein PC Ruckel in skype also die gegen seite versteht mich nicht wirklich. Dazu kommt das ich zb. bei WC3 im Battlenet totale ruckler habe. Da es mit sicherheit nciht am inet liegt muss es was sein was meinen PC langsamer macht. Also meine Daten! DELL M1710 --> 1024 MB AS --> 120GB FS --> Intel Core 2 Duo 2.66 --> Inet: 16000 DSL Und hier meine Log's hoffe ihr findet was! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:29:12, on 10.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Programme\Intel\Wireless\Bin\S24EvMon.exe E:\WINDOWS\system32\spoolsv.exe E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe E:\Programme\Intel\Wireless\Bin\EvtEng.exe E:\WINDOWS\system32\inetsrv\inetinfo.exe E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\Programme\Intel\Wireless\Bin\RegSrvc.exe E:\Programme\Intel\Wireless\Bin\WLKeeper.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe E:\WINDOWS\Explorer.EXE E:\Programme\Dell\QuickSet\quickset.exe E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe E:\Programme\Synaptics\SynTP\SynTPEnh.exe E:\Programme\Java\jre1.6.0_03\bin\jusched.exe E:\WINDOWS\stsystra.exe E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe E:\Programme\DAEMON Tools Pro\DTProAgent.exe E:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe E:\Programme\Mozilla Firefox\firefox.exe E:\Programme\Microsoft Virtual PC\Virtual PC.exe E:\WINDOWS\system32\svchost.exe E:\Programme\ScreenshotCaptor\ScreenshotCaptor.exe E:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE E:\WINDOWS\System32\svchost.exe E:\Programme\Skype\Phone\Skype.exe E:\Programme\Skype\Plugin Manager\skypePM.exe E:\Programme\ICQ6\ICQ.exe E:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everestpoker.com/rules/?l=de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Dell QuickSet] E:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [DWPersistentQueuedReporting] E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a O4 - HKLM\..\Run: [74351e6e] rundll32.exe "E:\WINDOWS\system32\gjufhmdj.dll",b O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ICQ] "E:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Programme\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1476116351-3504499707-2315442071-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-21-1757981266-329068152-682003330-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - E:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5154/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cp-pro.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cp-pro.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cp-pro.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: E:\WINDOWS\system32\__c00B1E4.dat O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\maknnvuj.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - E:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Programme\F-Secure Internet Security\Common\FSMA32.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lmab_device - Unknown owner - E:\WINDOWS\system32\LMabcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMIndexingService - Nero AG - E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Programme\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - E:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9742 bytes |
|
11.11.2007, 00:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System Ruckelt in skype bzw in Internet! Hallo.
__________________Code:
ATTFilter E:\WINDOWS\system32\gjufhmdj.dll
E:\WINDOWS\system32\__c00B1E4.dat
E:\WINDOWS\system32\maknnvuj.exe
Führ für weitere Analysezwecke auch mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles: - eScan
__________________ |
|
12.11.2007, 11:29
| #3 |
| | System Ruckelt in skype bzw in Internet! Also erst mal die Logs der 3 Datein!
__________________Code:
ATTFilter E:\WINDOWS\system32\gjufhmdj.dll
0 bytes size received
E:\WINDOWS\system32\__c00B1E4.dat
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.11.12.0 2007.11.12 -
AntiVir 7.6.0.34 2007.11.12 TR/Dldr.Agen.ZV.1.B
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 Downloader.Small.AVQ
BitDefender 7.2 2007.11.12 Trojan.Generic.70968
CAT-QuickHeal 9.00 2007.11.10 TrojanDownloader.ConHook.hl
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 suspicious Trojan/Worm
eTrust-Vet 31.2.5289 2007.11.12 Win32/Darksma.FR
Ewido 4.0 2007.11.11 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 W32/Downldr2.AILP
F-Secure 6.70.13030.0 2007.11.12 Trojan-Downloader.Win32.ConHook.hl
Ikarus T3.1.1.12 2007.11.12 Trojan-Downloader.Win32.ConHook.hl
Kaspersky 7.0.0.125 2007.11.12 Trojan-Downloader.Win32.ConHook.hl
McAfee 5160 2007.11.09 Vundo
Microsoft 1.3007 2007.11.12 -
NOD32v2 2652 2007.11.11 -
Norman 5.80.02 2007.11.09 W32/ConHook.GT
Panda 9.0.0.4 2007.11.11 Adware/PurityScan
Prevx1 V2 2007.11.12 Trojan.Zlob
Rising 20.18.00.00 2007.11.12 -
Sophos 4.23.0 2007.11.12 Mal/Behav-010
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 Downloader
TheHacker 6.2.9.124 2007.11.12 -
VBA32 3.12.2.4 2007.11.11 Trojan-Downloader.Win32.ConHook.hl
VirusBuster 4.3.26:9 2007.11.11 Trojan.DL.ConHook.CN
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Dldr.Agen.ZV.1.B
weitere Informationen
File size: 10816 bytes
MD5: de842974bf20f8a8d59522410574ce72
SHA1: 0fc0484776bbd3185b836156b8377072360b261e
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=BD036893407CBFFB2A53002BB9C23C006CD5F7C3
E:\WINDOWS\system32\maknnvuj.exe
0 bytes size received
|
|
12.11.2007, 12:09
| #4 |
| | System Ruckelt in skype bzw in Internet! ESCAN Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01
Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NETWORK
eScan Version: 9.5.4
Sprache: German
E:\DOKUME~1\Psike\LOKALE~1\Temp\MWAV.LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Object "smitfraud Browser Hijacker" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with savingbot shopper Spyware/Adware (foxuser.dbf)! Action taken: Keine Aktion vorgenommen.
System found infected with precisionpop Spyware/Adware (starter.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with desktop scam Trojan-Downloader (main.exe)! Action taken: Keine Aktion vorgenommen.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Datei C:\dell\drivers\R122161\HDAQFE\win2k3\jpn\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\dell\drivers\R122161\HDAQFE\win2k3\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\dell\drivers\R122161\HDAQFE\win2k_xp\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei C:\Destinator\Desti_Pack\centrafuse.exe infiziert von "NULL.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: E:\WINDOWS\system32\swreg.exe
Offending file found: E:\WINDOWS\system32\swsc.exe
Offending file found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\microsoft\visual foxpro 9\foxuser.dbf
Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\eclipse\plugins\org.eclipse.cdt.core.win32_4.0.0.200709241202\os\win32\x86\starter.exe
Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\travianbotv2.2\main.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Offending Folder found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\icq\bart\1024
~~~~~~~~~~~
Registry
~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
E:\Dokumente und Einstellungen\Psike\Desktop\TimeShift_HD_Int_Trailer.zip nicht gescannt. Wahrscheinlich durch Passwort geschützt...
C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Specherüberprüfung: Aktiviert
Registry Überprüfung: Aktiviert
System-Ordner Überprüfung: Aktiviert
Überprüfung der Systembereiche: Deaktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Festplatten: Deaktiviert
Überprüfung aller Festplatten :Aktiviert
Batchstart: 12:07:33,78
Batchende: 12:07:38,06
|
|
12.11.2007, 12:11
| #5 |
| | System Ruckelt in skype bzw in Internet! Und nun die ScanLogs! Silent Runners: Code:
ATTFilter "Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ICQ" = ""E:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"Skype" = ""E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"DAEMON Tools Pro Agent" = ""E:\Programme\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]
"Steam" = ""C:\Program Files (x86)\Steam\Steam.exe" -silent" ["Valve Corporation"]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]
"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Dell QuickSet" = "E:\Programme\Dell\QuickSet\quickset.exe" ["Dell Inc"]
"IntelZeroConfig" = ""E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]
"IntelWireless" = ""E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"SynTPEnh" = "E:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SunJavaUpdateSched" = ""E:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"NBKeyScan" = ""E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"Adobe Reader Speed Launcher" = ""E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""E:\Programme\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"F-Secure Manager" = ""E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" [file not found]
"F-Secure TNB" = ""E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" [file not found]
"AVP" = ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]
"DWPersistentQueuedReporting" = "E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a" [MS]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"74351e6e" = "rundll32.exe "E:\WINDOWS\system32\hijvfaes.dll",b" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00"
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{20fdcbd4-adf0-4225-9558-36413481fbfa}\(Default) = "{afbf1843-1463-8559-5224-0fda4dbcdf02}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\laaqvywd.dll" [null data]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "E:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Bluetooth-Umgebung"
\InProcServer32\(Default) = "E:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"
-> {HKLM...CLSID} = "SmartFTP Copy Hook"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]
"{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" = "SmartFTP ContextMenu"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" = "SmartFTP ShellDropHandler"
-> {HKLM...CLSID} = "SmartFTP ShellDropHandler Class"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" = "SmartFTP Drop ShellIconOverlayHandler"
-> {HKLM...CLSID} = "SmartFTP Drop ShellIconOverlayHandler"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus"
-> {HKLM...CLSID} = "Statistik für Web-Anti-Virus"
\InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"
-> {HKLM...CLSID} = "VPCHostCopyHook"
\InProcServer32\(Default) = "E:\Programme\Microsoft Virtual PC\VPCShExH.DLL" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "E:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"
-> {HKLM...CLSID} = "Notepad++"
\InProcServer32\(Default) = "E:\Programme\Notepad++\nppcm.dll" ["Burgaud.com"]
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Dokumente und Einstellungen\Psike\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Startup items in "Psike" & "All Users" startup folders:
-------------------------------------------------------
E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"BTTray" -> shortcut to: "E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "E:\Programme\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000005\LibraryPath = "E:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 39
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "E:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]
Bluetooth Service, btwdins, "E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
FTP-Publishing, MSFtpsvc, "E:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS]
Intel(R) PROSet/Wireless Event Log, EvtEng, "E:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "E:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "E:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "E:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"]
IPv6-Hilfsdienst, 6to4, "E:\WINDOWS\system32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\6to4svc.dll" [MS]}
Kaspersky Anti-Virus 7.0, AVP, ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r" ["Kaspersky Lab"]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NICCONFIGSVC, NICCONFIGSVC, "E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe" ["Dell Inc."]
NMIndexingService, NMIndexingService, ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "E:\WINDOWS\system32\PnkBstrA.exe" [null data]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["Broadcom Corporation."]
HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
Lexmark Enhanced TCP/IP Port\Driver = "lmablmpm.dll" [empty string]
---------- (launch time: 2007-11-12 11:05:55)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 276 seconds.
---------- (total run time: 314 seconds)
|
|
12.11.2007, 12:12
| #6 |
| | System Ruckelt in skype bzw in Internet! ComboFix Code:
ATTFilter ComboFix 07-11-08.1 - Psike 2007-11-12 10:45:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.366 [GMT 1:00]
ausgeführt von:: E:\Dokumente und Einstellungen\Psike\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
Nicht in der Lage Systemrechte zu erhalten
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Programme\SecCenter
E:\Programme\SecCenter\scprot4.exe.bak
E:\WINDOWS\system32\__c0052BD0.dat
E:\WINDOWS\system32\__c00878F6.dat
E:\WINDOWS\system32\__c00B1E4.dat
E:\WINDOWS\system32\__c00CC31B.dat
E:\WINDOWS\system32\__c00DDC58.dat
E:\WINDOWS\system32\__c00E1C7A.dat
E:\WINDOWS\system32\aqwnsyvn.dll
E:\WINDOWS\system32\Cache
E:\WINDOWS\system32\dchadevf.dll
E:\WINDOWS\system32\efqfvuck.dll
E:\WINDOWS\system32\fkmdvbtn
E:\WINDOWS\system32\fkmdvbtn\bg1.gif
E:\WINDOWS\system32\fkmdvbtn\bgtop.gif
E:\WINDOWS\system32\fkmdvbtn\bottom1.gif
E:\WINDOWS\system32\fkmdvbtn\essentials.gif
E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
E:\WINDOWS\system32\fkmdvbtn\icon1.ico
E:\WINDOWS\system32\fkmdvbtn\install1.gif
E:\WINDOWS\system32\fkmdvbtn\left1.gif
E:\WINDOWS\system32\fkmdvbtn\li.gif
E:\WINDOWS\system32\fkmdvbtn\logo.gif
E:\WINDOWS\system32\fkmdvbtn\main.htm
E:\WINDOWS\system32\fkmdvbtn\mainframe.htm
E:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
E:\WINDOWS\system32\fkmdvbtn\right1.gif
E:\WINDOWS\system32\fkmdvbtn\s1.htm
E:\WINDOWS\system32\fkmdvbtn\s2.htm
E:\WINDOWS\system32\fkmdvbtn\s3.htm
E:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
E:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
E:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
E:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
E:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
E:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
E:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
E:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
E:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
E:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
E:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
E:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
E:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
E:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
E:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
E:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
E:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
E:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
E:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
E:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
E:\WINDOWS\system32\fkmdvbtn\top1.gif
E:\WINDOWS\system32\fkmdvbtn\top2.gif
E:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
E:\WINDOWS\system32\fkmdvbtn\turnon1.gif
E:\WINDOWS\system32\fsolburw.dll
E:\WINDOWS\system32\igykyvva.dll
E:\WINDOWS\system32\jknnolhi.dll
E:\WINDOWS\system32\kvvxrvvx.dll
E:\WINDOWS\system32\lumikhxo.dll
E:\WINDOWS\system32\madxylnk.dll
E:\WINDOWS\system32\nyjudwil.dll
E:\WINDOWS\system32\oalacemo.dll
E:\WINDOWS\system32\qmjkgbrm.dll
E:\WINDOWS\system32\ssttt.dll
E:\WINDOWS\system32\tttss.bak1
E:\WINDOWS\system32\tttss.bak2
E:\WINDOWS\system32\tttss.ini
E:\WINDOWS\system32\tttss.ini2
E:\WINDOWS\system32\tttss.tmp
E:\WINDOWS\system32\votdpqkw.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((( Dateien erstellt von 2007-10-12 bis 2007-11-12 ))))))))))))))))))))))))))))))
.
2007-11-12 10:42 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-11-11 23:37 88,128 --a------ E:\WINDOWS\system32\hijvfaes.dll
2007-11-11 23:34 79,936 --a------ E:\WINDOWS\system32\laaqvywd.dll
2007-11-11 23:25 71,232 --a------ E:\WINDOWS\system32\acmudrsa.exe
2007-11-11 16:51 16,288 --------- E:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-11 16:50 <DIR> d-------- E:\Programme\DVD Complete
2007-11-11 16:49 <DIR> d-------- E:\Programme\directx
2007-11-11 16:48 <DIR> d-------- E:\Programme\DAZZLE
2007-11-11 16:41 15,360 --a------ E:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-11 16:41 15,360 --a--c--- E:\WINDOWS\system32\dllcache\streamip.sys
2007-11-11 16:41 10,880 --a------ E:\WINDOWS\system32\drivers\NdisIP.sys
2007-11-11 16:41 10,880 --a--c--- E:\WINDOWS\system32\dllcache\ndisip.sys
2007-11-11 16:41 5,504 --a------ E:\WINDOWS\system32\drivers\MSTEE.sys
2007-11-11 16:41 5,504 --a--c--- E:\WINDOWS\system32\dllcache\mstee.sys
2007-11-11 16:40 85,376 --a------ E:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-11-11 16:40 85,376 --a--c--- E:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-11-11 16:40 19,328 --a------ E:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-11 16:40 19,328 --a--c--- E:\WINDOWS\system32\dllcache\wstcodec.sys
2007-11-11 16:40 17,024 --a------ E:\WINDOWS\system32\drivers\CCDECODE.sys
2007-11-11 16:40 17,024 --a--c--- E:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-11 16:40 11,136 --a------ E:\WINDOWS\system32\drivers\SLIP.sys
2007-11-11 16:40 11,136 --a--c--- E:\WINDOWS\system32\dllcache\slip.sys
2007-11-11 16:39 25,024 -ra------ E:\WINDOWS\system32\drivers\nuvaud2.sys
2007-11-11 16:38 <DIR> E:\WINDOWS\LastGood.Tmp
2007-11-11 16:38 153,760 -ra------ E:\WINDOWS\system32\drivers\nuvvid2.sys
2007-11-11 16:38 139,264 -ra------ E:\WINDOWS\system32\NUVTwain.dll
2007-11-11 16:38 81,920 -ra------ E:\WINDOWS\system32\nuvyuv.dll
2007-11-11 16:38 54,272 --a------ E:\WINDOWS\system32\vfwwdm32.dll
2007-11-11 16:38 54,272 --a--c--- E:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-10 15:28 81,472 --a------ E:\WINDOWS\system32\cpvoisik.dll
2007-11-10 14:45 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2007-11-10 14:45 45,768 --a------ E:\WINDOWS\system32\drivers\MiniIcpt.sys
2007-11-10 14:45 41,928 --a------ E:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-11-10 14:45 32,072 --a------ E:\WINDOWS\system32\drivers\HookCentre.sys
2007-11-10 14:40 <DIR> d-------- E:\Programme\Gemeinsame Dateien\G DATA
2007-11-10 14:40 <DIR> d-------- E:\Programme\G DATA AntiVirus Trial
2007-11-10 14:23 81,472 --a------ E:\WINDOWS\system32\vcgmthtk.dll
2007-11-10 14:08 71,232 --a------ E:\WINDOWS\system32\vuxssivx.exe
2007-11-10 09:19 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\.housecall6.6
2007-11-10 09:19 102,664 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-10 09:15 <DIR> d-------- E:\Programme\Trend Micro
2007-11-09 13:31 81,472 --a------ E:\WINDOWS\system32\mffmmoxw.dll
2007-11-09 13:29 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Nero
2007-11-09 13:28 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Eigene Dateien
2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Vorlagen
2007-11-09 13:26 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Startmen
2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Netzwerkumgebung
2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Lokale Einstellungen
2007-11-09 13:26 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Favoriten
2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Druckumgebung
2007-11-09 13:26 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Intel
2007-11-09 13:26 <DIR> dr-h----- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten
2007-11-09 13:06 71,232 --a------ E:\WINDOWS\system32\schbgpak.exe
2007-11-09 05:43 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Bluetooth Software
2007-11-09 05:26 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero
2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Vorlagen
2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Startmen
2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Favoriten
2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Druckumgebung
2007-11-09 05:25 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
2007-11-09 05:25 <DIR> dr-h----- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2007-11-08 11:23 81,472 --a------ E:\WINDOWS\system32\vxlejjqp.dll
2007-11-08 11:14 167,936 --a------ E:\WINDOWS\system32\nvwrszht.dll
2007-11-08 11:14 126,976 --a------ E:\WINDOWS\system32\nvrszht.dll
2007-11-08 10:55 81,472 --a------ E:\WINDOWS\system32\ciqwwxfj.dll
2007-11-08 09:43 81,472 --a------ E:\WINDOWS\system32\cuklxcfv.dll
2007-11-07 09:40 81,472 --a------ E:\WINDOWS\system32\ulxqvtwv.dll
2007-11-07 07:34 71,232 --a------ E:\WINDOWS\system32\edpvfsdj.exe
2007-11-06 19:01 <DIR> d-------- E:\Programme\ElcomSoft
2007-11-06 10:44 81,472 --a------ E:\WINDOWS\system32\qnajhawf.dll
2007-11-06 10:27 <DIR> d-------- E:\VundoFix Backups
2007-11-06 10:04 <DIR> d---s---- E:\Dokumente und Einstellungen\Psike\UserData
2007-11-06 09:50 <DIR> d-------- E:\Programme\Gemeinsame Dateien\Merge Modules
2007-11-06 09:49 <DIR> d-------- E:\Programme\Microsoft Visual FoxPro 9
2007-11-06 09:49 <DIR> d-------- E:\Programme\Microsoft UDDI SDK
2007-11-06 09:45 <DIR> d-------- E:\Programme\MSSOAP
2007-11-05 15:38 <DIR> d-------- E:\Programme\ScreenshotCaptor
2007-11-05 15:38 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\DonationCoder
2007-11-05 15:38 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
2007-11-05 15:38 58 --a------ E:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2007-11-05 10:30 <DIR> d-------- E:\Programme\Microsoft Virtual PC
2007-11-05 09:42 <DIR> d-------- E:\Programme\Microsoft Virtual Server
2007-11-05 09:23 <DIR> d-------- E:\WINDOWS\IIS Temporary Compressed Files
2007-11-05 09:19 <DIR> d-------- E:\Inetpub
2007-11-04 22:47 82,061 --a------ E:\WINDOWS\system32\drivers\klick.dat
2007-11-04 22:47 81,549 --a------ E:\WINDOWS\system32\drivers\klin.dat
2007-11-04 22:45 <DIR> d-------- E:\Programme\Kaspersky Lab
2007-11-04 22:45 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2007-11-04 22:45 17,834,016 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat
2007-11-04 22:45 140,320 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-04 07:54 <DIR> d-------- E:\Programme\Microsoft CAPICOM 2.1.0.2
2007-11-03 13:33 <DIR> d-------- E:\Programme\CannaPower-Tool
2007-11-03 13:33 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower
2007-11-02 15:21 <DIR> dr------- E:\Dokumente und Einstellungen\LocalService\Favoriten
2007-11-02 15:15 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor
2007-11-02 15:03 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2007-11-02 14:51 <DIR> d-------- E:\WINDOWS\McAfee.com
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 09:56 90,044 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx
2007-11-12 09:56 15,356 --sha-w E:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-12 09:55 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\uTorrent
2007-11-11 15:55 --------- d--h--w E:\Programme\InstallShield Installation Information
2007-11-10 18:22 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Skype
2007-11-08 09:49 --------- d-----w E:\Programme\DAEMON Tools Pro
2007-11-06 09:45 --------- d-----w E:\Programme\ICQ6
2007-11-06 08:38 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2007-11-03 12:33 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower
2007-10-20 17:46 --------- d-----w E:\Programme\Allok AVI to DVD SVCD VCD Converter
2007-10-19 13:23 4,194 ----a-w E:\WINDOWS\system32\drivers\sthdae.log
2007-10-15 19:04 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-15 19:04 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2007-10-15 14:16 --------- d-----w E:\Programme\Gemeinsame Dateien\InstallShield
2007-10-11 17:01 --------- d-----w E:\Programme\Lexmark_HostCD
2007-10-11 17:01 --------- d-----w E:\Programme\Lexmark
2007-10-11 08:50 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\gtk-2.0
2007-10-10 08:00 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALM
2007-10-10 07:57 --------- d-----w E:\Programme\Gemeinsame Dateien\Adobe
2007-10-10 06:36 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2007-10-10 06:22 --------- d-----w E:\Programme\Bonjour
2007-10-10 06:17 --------- d-----w E:\Programme\Gemeinsame Dateien\Macrovision Shared
2007-10-09 11:13 --------- d-----w E:\Programme\QuickTime
2007-10-09 11:13 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2007-10-09 11:12 --------- d-----w E:\Programme\Apple Software Update
2007-10-09 11:12 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2007-10-08 17:43 --------- d-----w E:\Programme\Xvid
2007-10-08 17:41 --------- d-----w E:\Programme\Philips
2007-10-08 09:37 --------- d-----w E:\Programme\GIMP-2.0
2007-10-08 09:37 --------- d-----w E:\Programme\Gemeinsame Dateien\GTK
2007-10-08 09:31 --------- d-----w E:\Programme\dFotoCut
2007-10-08 08:56 --------- d-----w E:\Programme\Samsung
2007-10-08 07:36 --------- d-----w E:\Programme\HBX6
2007-10-07 07:31 --------- d-----w E:\Programme\MSXML 4.0
2007-10-06 09:42 --------- d---a-w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2007-10-06 09:42 --------- d-----w E:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2007-10-06 09:05 --------- d-----w E:\Programme\rK's DemoWatcher
2007-10-05 11:31 --------- d-----w E:\Programme\Xilisoft
2007-10-05 11:29 --------- d-----w E:\Programme\EO Video
2007-10-05 11:27 724,992 ----a-w E:\WINDOWS\iun6002.exe
2007-10-05 08:30 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Nero
2007-10-05 08:29 --------- d-----w E:\Programme\Gemeinsame Dateien\Nero
2007-10-05 08:26 --------- d-----w E:\Programme\Real Alternative
2007-10-05 08:26 --------- d-----w E:\Programme\Nero
2007-10-05 08:26 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Media Player Classic
2007-10-05 08:26 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2007-10-05 07:24 --------- d-----w E:\Programme\Windows Media Connect 2
2007-10-05 02:25 81,920 ----a-w E:\WINDOWS\system32\nvwddi.dll
2007-10-05 02:25 81,920 ----a-w E:\WINDOWS\system32\nvmctray.dll
2007-10-05 02:25 8,491,008 ----a-w E:\WINDOWS\system32\nvcpl.dll
2007-10-05 02:25 6,854,368 ----a-w E:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-05 02:25 6,750,208 ----a-w E:\WINDOWS\system32\nvoglnt.dll
2007-10-05 02:25 6,344,704 ----a-w E:\WINDOWS\system32\nvdisps.dll
2007-10-05 02:25 5,755,520 ----a-w E:\WINDOWS\system32\nv4_disp.dll
2007-10-05 02:25 5,509,120 ----a-w E:\WINDOWS\system32\nvdispsr.dll
2007-10-05 02:25 466,944 ----a-w E:\WINDOWS\system32\nvshell.dll
2007-10-05 02:25 458,752 ----a-w E:\WINDOWS\system32\nvmccssr.dll
2007-10-05 02:25 45,056 ----a-w E:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 02:25 442,368 ----a-w E:\WINDOWS\system32\nvappbar.exe
2007-10-05 02:25 425,984 ----a-w E:\WINDOWS\system32\keystone.exe
2007-10-05 02:25 364,544 ----a-w E:\WINDOWS\system32\nvapi.dll
2007-10-05 02:25 36,864 ----a-w E:\WINDOWS\system32\nvcodins.dll
2007-10-05 02:25 36,864 ----a-w E:\WINDOWS\system32\nvcod.dll
2007-10-05 02:25 335,872 ----a-w E:\WINDOWS\system32\nvwrses.dll
2007-10-05 02:25 335,872 ----a-w E:\WINDOWS\system32\nvwrsel.dll
2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvwrsfr.dll
2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvwrsesm.dll
2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvrshe.dll
2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvrsar.dll
2007-10-05 02:25 323,584 ----a-w E:\WINDOWS\system32\nvwrspt.dll
2007-10-05 02:25 319,488 ----a-w E:\WINDOWS\system32\nvwrsptb.dll
2007-10-05 02:25 319,488 ----a-w E:\WINDOWS\system32\nvwrsnl.dll
2007-10-05 02:25 315,392 ----a-w E:\WINDOWS\system32\nvwrsru.dll
2007-10-05 02:25 311,296 ----a-w E:\WINDOWS\system32\nvwrsde.dll
2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrstr.dll
2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrssl.dll
2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrsfi.dll
2007-10-05 02:25 3,629,056 ----a-w E:\WINDOWS\system32\nvvitvsr.dll
2007-10-05 02:25 3,551,232 ----a-w E:\WINDOWS\system32\nvvitvs.dll
2007-10-05 02:25 3,334,144 ----a-w E:\WINDOWS\system32\nvgames.dll
2007-10-05 02:25 3,166,208 ----a-w E:\WINDOWS\system32\nvgamesr.dll
2007-10-05 02:25 299,008 ----a-w E:\WINDOWS\system32\nvwrssk.dll
2007-10-05 02:25 299,008 ----a-w E:\WINDOWS\system32\nvwrsno.dll
2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrssv.dll
2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrspl.dll
2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrsda.dll
2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvwrseng.dll
2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvwrscs.dll
2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvnt4cpl.dll
2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvwrsar.dll
2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrsfr.dll
2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrses.dll
2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrsel.dll
2007-10-05 02:25 278,528 ----a-w E:\WINDOWS\system32\nvwrshe.dll
2007-10-05 02:25 278,528 ----a-w E:\WINDOWS\system32\nvrsde.dll
2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrspt.dll
2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrsnl.dll
2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrsesm.dll
2007-10-05 02:25 270,336 ----a-w E:\WINDOWS\system32\nvrsru.dll
2007-10-05 02:25 266,240 ----a-w E:\WINDOWS\system32\nvrsptb.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20fdcbd4-adf0-4225-9558-36413481fbfa}]
2007-11-11 23:34 79936 --a------ E:\WINDOWS\system32\laaqvywd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="E:\Programme\Dell\QuickSet\quickset.exe" [2007-05-14 13:23]
"IntelZeroConfig"="E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 15:32]
"IntelWireless"="E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 15:30]
"SynTPEnh"="E:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-10-05 03:25]
"nwiz"="nwiz.exe" [2007-10-05 03:25 E:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="E:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"Adobe Reader Speed Launcher"="E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="E:\Programme\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 E:\WINDOWS\stsystra.exe]
"F-Secure Manager"="E:\Programme\F-Secure Internet Security\Common\FSM32.exe" []
"F-Secure TNB"="E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" []
"AVP"="E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"DWPersistentQueuedReporting"="E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.exe" [2007-02-26 09:01]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 03:25]
"74351e6e"="E:\WINDOWS\system32\hijvfaes.dll" [2007-11-11 23:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="E:\Programme\ICQ6\ICQ.exe" [2007-08-08 16:03]
"Skype"="E:\Programme\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"DAEMON Tools Pro Agent"="E:\Programme\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2007-10-05 08:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjigh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\WINDOWS\system32\ssttt.dll
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 guardian2;guardian2;E:\WINDOWS\system32\Drivers\oz776.sys
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
S3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys
S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys
S3 NUVision;NUVision II Video Service;E:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 vmh;Virtual Machine-Hilfsdienst;"E:\Programme\Microsoft Virtual Server\vmh.exe" -service
S4 F-Secure Filter;F-Secure File System Filter;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys
S4 Virtual Server;Virtual Server;"E:\Programme\Microsoft Virtual Server\vssrvc.exe"
.
Inhalt des "geplante Tasks" Ordners
"2007-11-05 13:24:03 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 10:57:57
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2007-11-12 11:04:23 - machine was rebooted
.
--- E O F ---
|
|
13.11.2007, 00:24
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Ruckelt in skype bzw in Internet! Boah!  Dein System ist ja echt derbe zugemüllt mit offensichtlichen Schädlingsdateien. Beachte, dass eine Bereinigung niemals für Sicherheit steht und die oft langwierige Prozedur quasi für nichts sein und wieder nichts sein kann. Entscheide dich entweder für die sichere oder aber die unsichere Lösung.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.11.2007, 09:20
| #8 |
| | System Ruckelt in skype bzw in Internet! Ich kann immo leider nicht Neu installieren da mein Laptop auch mein Firmen PC ist und ich dann sehr viel sichern muss und jede gesicherte datei kann ja Potentiell auch wieder Gefährlich sein.. Denke ich mal! Also muss ich jetzt wohl erst mal den Langen (unsicheren) prozess wähln würde mich freuen wenn du mir genauer aufzeigen kannst welcher Virus wo ist? Danke schon mal!  mfg Lars |
|
13.11.2007, 12:59
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Ruckelt in skype bzw in Internet!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Ruckelt in skype bzw in Internet! |
| adobe, appinit_dlls, bho, bonjour, computer, drivers, excel, explorer, f-secure, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, log's, logfile, mozilla, mozilla firefox, problem, registry, rundll, s-1-5-18, security, senden, sicherheit, software, system, trend micro, unknown file in winsock lsp, urlsearchhook, windows, windows xp |
Linear-Darstellung
