Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   nach jedem Neustart immer ein Ordner Neuer Ordner auf dem Desktop (https://www.trojaner-board.de/79299-neustart-immer-ordner-neuer-ordner-desktop.html)

ibot 10.11.2009 16:04
nach jedem Neustart immer ein Ordner Neuer Ordner auf dem Desktop
 
Hallo

ich hab das selbe Problem http://www.trojaner-board.de/15615-neuer-ordner.html

hier mal mein Report

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:26, on 10.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\netfenceVPN\phionha.exe
C:\Programme\netfenceVPN\phions.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DkLog.exe
C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Programme\TOSHIBA\TME3\Tmesrv31.exe
C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Programme\TOSHIBA\TME3\TMEEJME.EXE
C:\Programme\netfenceVPN\phion.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Programme\TOSHIBA\TAudEffect\TAudEff.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Programme\TrueSuite Access Manager\FpNotifier.exe
C:\Programme\TrueSuite Access Manager\usbnotify.exe
C:\Programme\TrueSuite Access Manager\PwdBank.exe
C:\Programme\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\TrueSuite Access Manager\CssSvr.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programme\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Hardcopy\hardcopy.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Programme\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
O4 - HKLM\..\Run: [DDWMon] C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Programme\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Programme\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Programme\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Programme\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [DpUtil] C:\Programme\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Programme\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Programme\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [phion] C:\Programme\netfenceVPN\phion.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Programme\QIP\qip.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250068875046
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXX
O17 - HKLM\Software\..\Telephony: DomainName = DTV-Verkehrsconsult.de
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXX
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXX
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: entegra Health Agent (phionha) - phion AG - C:\Programme\netfenceVPN\phionha.exe
O23 - Service: entegra Client (phions) - phion AG - C:\Programme\netfenceVPN\phions.exe
O23 - Service: TOSHIBA Festplattenschutz (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 12089 bytes

cosinus 11.11.2009 15:11
Hallo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXX

Ist das ein Bürorechner? Wenn ja, lieber mit der EDV abklären!


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131