Bitte um Analyse

Freund_1 · 21.04.2009, 12:01

StartupList report, 21.04.2009, 12:57:58
StartupList version: 1.52.2
Started from : C:\DOKUME~1\*******\LOKALE~1\Temp\Rar$EX00.422\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ONLINE~3\ocontrol.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
D:\OPEL\BIN\TbMux32.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Utimaco\SafeGuard Easy\SGECRYPT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnsrvnt.exe
D:\OPEL\APACHE~1\APACHE\ApchT2kW.exe
D:\OPEL\APACHE~1\APACHE\ApchT2kW.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\JAVA\JRE15~1.0_0\bin\java.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\*******\LOKALE~1\Temp\Rar$EX00.422\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart]
SGECRYPT.lnk = C:\Programme\Utimaco\SafeGuard Easy\SGECRYPT.exe

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
CTFMON.lnk = C:\WINDOWS\system32\ctfmon.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
Picture Package Menu.lnk = C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk = C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Dit = Dit.exe
CHotkey = mHotkey.exe
ledpointer = CNYHKey.exe
ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
SgeEcView = C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe
EdWizard = C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as
Omnipage = C:\Programme\ScanSoft\OmniPageSE\opware32.exe
avgnt = "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE
HPHUPD08 = C:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
T-DSL SpeedMgr = "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
TrueImageMonitor.exe = C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
AcronisTimounterMonitor = C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
Acronis Scheduler2 Service = "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
QuickTime Task = "C:\Programme\QuickTime\QTTask.exe" -atboottime
FreePDF Assistant = C:\Programme\FreePDF_XP\fpassist.exe
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Ad-Watch = C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
Windows Defender = "C:\Programme\Windows Defender\MSASCui.exe" -hide
ISTray = "C:\Programme\Spyware Doctor\pctsTray.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=C:\PROGRA~1\ONLINE~3\ocontrol.exe
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\DEUTZE~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware Update (Weekly).job

--------------------------------------------------

Enumerating Download Program Files:

[{0427F569-3D57-4F10-B9FB-8D71A6A7BE24}]
CODEBASE = file://C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\VTYVD1\frmeditor.ocx

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsu...?1134154939125

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsof...?1135022767578

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/get...nt/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\WINDOWS\system32\wshbth.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 10.410 bytes
Report generated in 0,093 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Bitte um Analyse

Log-Analyse und Auswertung: Bitte um Analyse

Bitte um Analyse

Ähnliche Themen: Bitte um Analyse