Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn (https://www.trojaner-board.de/40173-tr-dldr-conhook-gen-treibt-mich-wahnsinn.html)

Dr.Phoenix 20.06.2007 21:29
TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn
 
Guten Abend,
habe mir anscheinend bei einer inoffiziellen software einen Trojaner eingefangen, den mir AntiVir als TR/Dldr.ConHook.Gen identifiziert.
Bin für jede Hilfe dankbar. Hier meine Logs:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 20:51:10, on 20.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SLEE503.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\PeerGuardian2\pg2.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Dominik\Desktop\HJT1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Aktuell informiert mit T-Online onNachrichten
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\awtsqpm.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FC1E6610-A16F-4F77-84B8-BA3E5E5F60D3} - C:\WINDOWS\system32\awvvt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19b215c2...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124101079593
O18 - Protocol: bw+0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtsqpm - C:\WINDOWS\SYSTEM32\awtsqpm.dll
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Verzeichnis von C:\WINDOWS\system32

20.06.2007  20:51            12.264 tvvwa.ini
20.06.2007  20:12            3.284 ANIWZCS{93DE43EE-39BE-4884-8C60-6DE5094B90A5}
20.06.2007  20:11            28.930 nvapps.xml
20.06.2007  20:11            1.158 wpa.dbl
20.06.2007  16:32            6.530 tvvwa.bak1
20.06.2007  16:31          266.336 awvvt.dll
20.06.2007  16:26          332.280 FNTCACHE.DAT
20.06.2007  15:56            31.254 awtsqpm.dll
12.06.2007  19:31          426.516 perfh007.dat
12.06.2007  19:31          412.608 perfh009.dat
12.06.2007  19:31            67.796 perfc009.dat
12.06.2007  19:31            80.196 perfc007.dat
12.06.2007  19:31          948.896 PerfStringBackup.INI
06.06.2007  09:53          407.152 pr2agqwb.exe
06.06.2007  08:38        15.747.032 MRT.exe
31.05.2007  08:45            4.816 divxsm.tlb
31.05.2007  08:45          524.288 DivXsm.exe
31.05.2007  08:44          823.296 divx_xx07.dll
31.05.2007  08:44          823.296 divx_xx0c.dll
31.05.2007  08:44          802.816 divx_xx11.dll
31.05.2007  08:44          740.442 DivX.dll
31.05.2007  08:44          638.976 divxdec.ax
19.05.2007  22:08            86.016 ElbyCDIO.dll
16.05.2007  19:55          407.152 pr2agqwc.exe
16.05.2007  17:11          683.520 inetcomm.dll
14.05.2007  22:35              173 TEMPSCP.SCP
14.05.2007  22:35              173 USER.SCP


Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp

20.06.2007  20:51            16.384 ~DF7F79.tmp
20.06.2007  20:42              289 datFind.zip
20.06.2007  20:12                0 JET32CE.tmp
13.07.2006  19:18            24.613 IadHide5.dll


Verzeichnis von C:\WINDOWS

20.06.2007  20:10              315 wiadebug.log
20.06.2007  20:10        1.349.593 WindowsUpdate.log
20.06.2007  20:10                50 wiaservc.log
20.06.2007  20:10                0 0.log
20.06.2007  20:10            2.048 bootstat.dat
20.06.2007  20:09            32.640 SchedLgU.Txt
20.06.2007  17:40          693.705 setupapi.log
20.06.2007  17:26              276 _delis32.ini
20.06.2007  15:03            7.779 mozver.dat
18.06.2007  21:08              116 NeroDigital.ini

Verzeichnis von C:\WINDOWS\Temp

 Verzeichnis von C:\WINDOWS\Downloaded Program Files

25.07.2002  17:13            24.576 dwusplay.dll
25.07.2002  17:13          196.608 dwusplay.exe
25.07.2002  17:05          172.032 isusweb.dll


Verzeichnis von C:\

20.06.2007  20:54                0 sys.txt
20.06.2007  20:54              392 down.txt
20.06.2007  20:53              113 tmp.txt
20.06.2007  20:53            16.937 system.txt
20.06.2007  20:52              438 systemtemp.txt
20.06.2007  20:51          114.088 system32.txt
20.06.2007  20:10    1.073.270.784 hiberfil.sys
20.06.2007  20:10      402.653.184 pagefile.sys
16.06.2007  15:14                45 TEST.XML
18.11.2006  15:50            47.564 NTDETECT.COM
18.11.2006  15:50          251.184 ntldr
18.11.2006  15:12              192 boot.ini
18.11.2005  14:23                0 temp.ch
28.02.2005  16:49              112 sphjfix.log
20.05.2004  23:50            86.016 SpHjfix.exe
20.05.2004  15:28              138 SND.reg
05.04.2003  14:22            11.504 contact.dat

Vielen Dank fürs durchlesen!
13.06.2007  15:47          255.012 comsetup.log
13.06.2007  15:47          155.615 ntdtcsetup.log
13.06.2007  15:47          175.260 iis6.log
13.06.2007  15:47            34.111 ocmsn.log
13.06.2007  15:47            1.374 imsins.log
13.06.2007  15:47          419.365 tsoc.log
13.06.2007  15:47            22.045 KB929123.log
13.06.2007  15:47          536.039 ocgen.log
13.06.2007  15:47            54.427 msgsocm.log
13.06.2007  15:47        1.093.072 FaxSetup.log
13.06.2007  15:47          110.392 updspapi.log
13.06.2007  15:46            1.374 imsins.BAK
13.06.2007  15:46            18.864 KB935840.log
13.06.2007  15:44            18.516 KB935839.log
13.06.2007  15:44            24.057 KB933566-IE7.log
12.06.2007  19:31            3.723 dahotfix.log
12.06.2007  19:31            19.544 dasetup.log
08.06.2007  21:02            5.270 setupact.log
05.06.2007  18:32          321.824 DirectX.log
26.05.2007  12:42                10 popcinfo.dat
26.05.2007  12:33            1.041 win.ini
23.05.2007  17:33            7.694 KB927891.log
14.05.2007  21:30                74 YNNHOJED.DLL
09.05.2007  20:53        2.359.350 IrfanView_Wallpaper.bmp

Dr.Phoenix 20.06.2007 21:30
Habe nun einmal VundoFix laufen lassen, der auch prompt was gefunden hat. Da aber immer noch eine Datei als Trojaner identifiziert wird, hier mein Combofix-Log:
Code:
ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe
"Dominik" - 2007-06-20 22:03:28 - Service Pack 2  NTFS 


(((((((((((((((((((((((((  Files Created from 2007-05-20 to 2007-06-20  )))))))))))))))))))))))))))))))


2007-06-20 21:47        2,097,152        --ah-----        C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2007-06-20 21:47        <DIR>        dr-h-----        C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Startmen
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Favoriten
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Eigene Dateien
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Vorlagen
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\WINDOWS
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\InterTrust
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\Help
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\CyberLink
2007-06-20 21:26        <DIR>        d--------        C:\VundoFix Backups
2007-06-20 21:05        49,152        --a------        C:\WINDOWS\nircmd.exe
2007-06-20 17:40        <DIR>        d--------        C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 15:56        427,864        --a------        C:\WINDOWS\system32\XceedZip.dll
2007-06-20 15:56        31,254        ---------        C:\WINDOWS\system32\awtsqpm.dll
2007-06-20 15:55        <DIR>        d--------        C:\Programme\DriverGenius
2007-06-16 16:53        <DIR>        d--------        C:\CloneDVDTemp
2007-06-16 16:41        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ahead
2007-06-15 11:33        <DIR>        d--------        C:\Programme\FreePDF_XP
2007-06-15 11:33        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\FreePDF
2007-06-12 19:40        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\ENotebook 10.0
2007-06-12 19:38        <DIR>        d--------        C:\Programme\ProWorks
2007-06-12 19:37        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\CambridgeSoft
2007-06-12 19:31        33,340        ---------        C:\WINDOWS\system32\dbmsqlgc.dll
2007-06-12 19:31        24,576        ---------        C:\WINDOWS\system32\dbmsgnet.dll
2007-06-12 19:30        <DIR>        d--------        C:\Programme\Microsoft SQL Server
2007-06-12 14:21        <DIR>        d--------        C:\Programme\CambridgeSoft
2007-06-12 13:48        <DIR>        d--------        C:\Programme\PeerGuardian2
2007-06-06 09:53        64,880        --a------        C:\WINDOWS\system32\drivers\pe3agqwb.sys
2007-06-06 09:53        407,152        --a------        C:\WINDOWS\system32\pr2agqwb.exe
2007-06-06 09:52        55,160        --a------        C:\WINDOWS\system32\drivers\ps6agqwb.sys
2007-06-05 19:13        <DIR>        d--------        C:\Programme\DAEMON Tools
2007-06-05 18:35        49,536        --a------        C:\WINDOWS\system32\drivers\ahtuezr3.sys
2007-06-01 17:39        <DIR>        d--------        C:\Programme\Skype
2007-06-01 17:39        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Skype
2007-05-31 23:24        <DIR>        d--------        C:\Programme\iPod
2007-05-31 08:45        524,288        --a------        C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44        823,296        --a------        C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44        823,296        --a------        C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44        802,816        --a------        C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44        740,442        --a------        C:\WINDOWS\system32\DivX.dll


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 18:09:14        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\uTorrent
2007-06-20 17:26:24        --------        d-----w        C:\Programme\Tunebite
2007-06-20 15:41:03        --------        d--h--w        C:\Programme\WindowsUpdate
2007-06-20 14:33:13        --------        d--h--w        C:\Programme\InstallShield Installation Information
2007-06-20 13:03:50        7,779        ----a-w        C:\WINDOWS\mozver.dat
2007-06-16 14:27:32        --------        d-----w        C:\Programme\Elaborate Bytes
2007-06-14 14:32:44        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Skype
2007-06-13 05:27:09        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\ICQ
2007-06-12 17:31:44        80,196        ----a-w        C:\WINDOWS\system32\perfc007.dat
2007-06-12 17:31:44        426,516        ----a-w        C:\WINDOWS\system32\perfh007.dat
2007-06-08 16:32:30        --------        d-----w        C:\Programme\DivX
2007-06-06 18:10:48        --------        d-----w        C:\Programme\Gemeinsame Dateien\Sony Shared
2007-06-06 18:10:13        --------        d-----w        C:\Programme\Video Store
2007-06-06 18:09:31        --------        d-----w        C:\Programme\Gemeinsame Dateien\Ulead Systems
2007-06-05 16:59:39        685,816        ----a-w        C:\WINDOWS\system32\drivers\sptd.sys
2007-06-02 11:05:55        --------        d-----w        C:\Programme\PartyGaming.Net
2007-06-01 15:20:58        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\MyPhoneExplorer
2007-05-31 21:24:36        --------        d-----w        C:\Programme\iTunes
2007-05-26 10:42:34        10        ----a-w        C:\WINDOWS\popcinfo.dat
2007-05-19 20:08:25        86,016        ----a-w        C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 17:55:20        407,152        ----a-w        C:\WINDOWS\system32\pr2agqwc.exe
2007-05-16 17:55:02        64,880        ----a-w        C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-05-16 17:54:44        55,160        ----a-w        C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-05-16 15:11:44        683,520        ----a-w        C:\WINDOWS\system32\inetcomm.dll
2007-05-15 18:07:55        --------        d-----w        C:\Programme\Ulead CD & DVD PictureShow 4
2007-05-14 21:37:47        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Ulead Systems
2007-05-14 21:35:55        --------        d-----w        C:\Programme\Gemeinsame Dateien\InstallShield
2007-05-14 19:56:38        --------        d-----w        C:\Programme\Shareaza
2007-05-14 19:56:33        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Shareaza
2007-05-14 19:30:02        74        ---ha-w        C:\WINDOWS\YNNHOJED.DLL
2007-05-14 18:32:17        --------        d-----w        C:\Programme\Gemeinsame Dateien\InterVideo
2007-05-14 18:31:12        --------        d-----w        C:\Programme\Windows Media Components
2007-05-14 14:22:59        --------        d-----w        C:\Programme\MyPhoneExplorer
2007-05-14 14:21:50        --------        d-----w        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-05-14 14:21:46        --------        d-----w        C:\Programme\Mobile Master
2007-05-14 13:54:07        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Mobile Master
2007-05-10 09:59:55        --------        d-----w        C:\Programme\QuickTime
2007-05-09 18:16:32        --------        d-----w        C:\Programme\Trillian
2007-05-08 17:40:53        --------        d-----w        C:\Programme\rlw32
2007-05-07 12:45:59        --------        d-----w        C:\Programme\ICQ6
2007-05-02 16:01:12        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\tunebite
2007-04-26 14:12:15        --------        d-----w        C:\Programme\Radiograbber
2007-04-25 14:22:27        144,896        ----a-w        C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29        3,596,288        ----a-w        C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18        200,704        ----a-w        C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18        1,044,480        ----a-w        C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34        73,728        ----a-w        C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34        196,608        ----a-w        C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33        53,248        ----a-w        C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31        593,920        ----a-w        C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31        57,344        ----a-w        C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31        344,064        ----a-w        C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31        294,912        ----a-w        C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31        294,912        ----a-w        C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47        12,288        ----a-w        C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46        124,472        ----a-w        C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:13:24        2,854,400        ----a-w        C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36        33,624        ----a-w        C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54        1,710,936        ----a-w        C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48        549,720        ----a-w        C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42        325,976        ----a-w        C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36        203,096        ----a-w        C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28        92,504        ----a-w        C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20        53,080        ----a-w        C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20        43,352        ----a-w        C:\WINDOWS\system32\wups2.dll
2007-04-15 18:11:56        43,520        ----a-w        C:\WINDOWS\system32\CmdLineExt03.dll
2004-12-13 12:08:48        56        --sh--r        C:\WINDOWS\system32\F5904193E3.sys


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{066A2CDC-319E-4460-BA45-C24562CD51AA}=C:\WINDOWS\system32\awtsqpm.dll [2007-06-20 15:56]
{6A7E5524-010E-4773-B916-E7E5B8445336}=C:\WINDOWS\system32\awvvt.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 21:20 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 18:06]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-02-27 21:08]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-13 19:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-04-25 12:29]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SSS6_Suite"="C:\Programme\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Programme\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Programme\Steganos Security Suite 6\spm.exe" /booting

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{066A2CDC-319E-4460-BA45-C24562CD51AA}"="C:\WINDOWS\system32\awtsqpm.dll" [2007-06-20 15:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpm]
awtsqpm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APITRAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OpenMG Jukebox Startup.lnk]
backup=C:\WINDOWS\pss\OpenMG Jukebox Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLMIcon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
C:\Programme\Classic PhoneTools\CapFax.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Inet Xp..]
teekids.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MJStarter]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Programme\Registry Clean Expert\RCScheduler.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"mmtask"="C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"


Contents of the 'Scheduled Tasks' folder
2007-06-08 15:17:43  C:\WINDOWS\tasks\1-Click Maintenance.job
2007-04-15 09:41:01  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 22:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 22:09:51
C:\ComboFix-quarantined-files.txt ... 2007-06-20 22:09
C:\ComboFix2.txt ... 2007-06-20 21:19

        --- E O F ---

Dr.Phoenix 22.06.2007 15:22
Hat sich erledigt:
http://www.hijackthis-forum.de/showthread.php?t=23490


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131