Trojaner-Board - System Ruckelt in skype bzw in Internet!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - System Ruckelt in skype bzw in Internet! (https://www.trojaner-board.de/45655-system-ruckelt-skype-bzw-internet.html)

System Ruckelt in skype bzw in Internet!

Guten Morgen,

Also mein Problem: Mein PC Ruckel in skype also die gegen seite versteht mich nicht wirklich. Dazu kommt das ich zb. bei WC3 im Battlenet totale ruckler habe. Da es mit sicherheit nciht am inet liegt muss es was sein was meinen PC langsamer macht. Also meine Daten!

DELL M1710
--> 1024 MB AS
--> 120GB FS
--> Intel Core 2 Duo 2.66
--> Inet: 16000 DSL

Und hier meine Log's hoffe ihr findet was!

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:29:12, on 10.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Programme\Intel\Wireless\Bin\S24EvMon.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

E:\Programme\Bonjour\mDNSResponder.exe

E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

E:\Programme\Intel\Wireless\Bin\EvtEng.exe

E:\WINDOWS\system32\inetsrv\inetinfo.exe

E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\Programme\Intel\Wireless\Bin\RegSrvc.exe

E:\Programme\Intel\Wireless\Bin\WLKeeper.exe

E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

E:\WINDOWS\Explorer.EXE

E:\Programme\Dell\QuickSet\quickset.exe

E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe

E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe

E:\Programme\Synaptics\SynTP\SynTPEnh.exe

E:\Programme\Java\jre1.6.0_03\bin\jusched.exe

E:\WINDOWS\stsystra.exe

E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

E:\Programme\DAEMON Tools Pro\DTProAgent.exe

E:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe

E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

E:\Programme\Mozilla Firefox\firefox.exe

E:\Programme\Microsoft Virtual PC\Virtual PC.exe

E:\WINDOWS\system32\svchost.exe

E:\Programme\ScreenshotCaptor\ScreenshotCaptor.exe

E:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

E:\WINDOWS\System32\svchost.exe

E:\Programme\Skype\Phone\Skype.exe

E:\Programme\Skype\Plugin Manager\skypePM.exe

E:\Programme\ICQ6\ICQ.exe

E:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everestpoker.com/rules/?l=de

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell QuickSet] E:\Programme\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [DWPersistentQueuedReporting] E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a

O4 - HKLM\..\Run: [74351e6e] rundll32.exe "E:\WINDOWS\system32\gjufhmdj.dll",b

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ICQ] "E:\Programme\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Programme\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-21-1476116351-3504499707-2315442071-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-1757981266-329068152-682003330-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - E:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5154/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cp-pro.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cp-pro.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cp-pro.local

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: E:\WINDOWS\system32\__c00B1E4.dat

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\maknnvuj.exe (file missing)

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - E:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe (file missing)

O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Programme\F-Secure Internet Security\Common\FSMA32.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lmab_device - Unknown owner - E:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Programme\WinPcap\rpcapd.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - E:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - E:\Programme\Intel\Wireless\Bin\WLKeeper.exe
 

--

End of file - 9742 bytes

Hallo.

Code:

E:\WINDOWS\system32\gjufhmdj.dll

E:\WINDOWS\system32\__c00B1E4.dat

E:\WINDOWS\system32\maknnvuj.exe

Lad bei Virustotal diese Dateien zur Auswertung hoch und poste sämtliche Ergebnisse.
Führ für weitere Analysezwecke auch mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles:

- eScan
- Silentrunners
- combofix

Also erst mal die Logs der 3 Datein!

Code:

E:\WINDOWS\system32\gjufhmdj.dll

0 bytes size received
 

E:\WINDOWS\system32\__c00B1E4.dat

Antivirus          Version          letzte aktualisierung          Ergebnis

AhnLab-V3        2007.11.12.0        2007.11.12        -

AntiVir        7.6.0.34        2007.11.12        TR/Dldr.Agen.ZV.1.B

Authentium        4.93.8        2007.11.10        -

Avast        4.7.1074.0        2007.11.11        -

AVG        7.5.0.503        2007.11.11        Downloader.Small.AVQ

BitDefender        7.2        2007.11.12        Trojan.Generic.70968

CAT-QuickHeal        9.00        2007.11.10        TrojanDownloader.ConHook.hl

ClamAV        0.91.2        2007.11.12        -

DrWeb        4.44.0.09170        2007.11.12        -

eSafe        7.0.15.0        2007.11.08        suspicious Trojan/Worm

eTrust-Vet        31.2.5289        2007.11.12        Win32/Darksma.FR

Ewido        4.0        2007.11.11        -

FileAdvisor        1        2007.11.12        -

Fortinet        3.11.0.0        2007.10.19        -

F-Prot        4.4.2.54        2007.11.10        W32/Downldr2.AILP

F-Secure        6.70.13030.0        2007.11.12        Trojan-Downloader.Win32.ConHook.hl

Ikarus        T3.1.1.12        2007.11.12        Trojan-Downloader.Win32.ConHook.hl

Kaspersky        7.0.0.125        2007.11.12        Trojan-Downloader.Win32.ConHook.hl

McAfee        5160        2007.11.09        Vundo

Microsoft        1.3007        2007.11.12        -

NOD32v2        2652        2007.11.11        -

Norman        5.80.02        2007.11.09        W32/ConHook.GT

Panda        9.0.0.4        2007.11.11        Adware/PurityScan

Prevx1        V2        2007.11.12        Trojan.Zlob

Rising        20.18.00.00        2007.11.12        -

Sophos        4.23.0        2007.11.12        Mal/Behav-010

Sunbelt        2.2.907.0        2007.11.09        -

Symantec        10        2007.11.12        Downloader

TheHacker        6.2.9.124        2007.11.12        -

VBA32        3.12.2.4        2007.11.11        Trojan-Downloader.Win32.ConHook.hl

VirusBuster        4.3.26:9        2007.11.11        Trojan.DL.ConHook.CN

Webwasher-Gateway        6.0.1        2007.11.12        Trojan.Dldr.Agen.ZV.1.B

weitere Informationen

File size: 10816 bytes

MD5: de842974bf20f8a8d59522410574ce72

SHA1: 0fc0484776bbd3185b836156b8377072360b261e

packers: UPX

packers: PE_Patch.UPX, UPX

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=BD036893407CBFFB2A53002BB9C23C006CD5F7C3
 

E:\WINDOWS\system32\maknnvuj.exe

0 bytes size received

ESCAN

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Header 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  

find.bat Version 2007.06.16.01 
 

Microsoft Windows XP [Version 5.1.2600]

Bootmodus: NETWORK 

    

eScan Version: 9.5.4 

Sprache: German 

E:\DOKUME~1\Psike\LOKALE~1\Temp\MWAV.LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Infektionsmeldungen 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

 Object "smitfraud Browser Hijacker" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. 

 System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Keine Aktion vorgenommen. 

 System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Keine Aktion vorgenommen. 

 System found infected with savingbot shopper Spyware/Adware (foxuser.dbf)! Action taken: Keine Aktion vorgenommen. 

 System found infected with precisionpop Spyware/Adware (starter.exe)! Action taken: Keine Aktion vorgenommen. 

 System found infected with desktop scam Trojan-Downloader (main.exe)! Action taken: Keine Aktion vorgenommen. 

 

 

~~~~~~~~~~~ 
 Dateien 

~~~~~~~~~~~ 

~~~~ Infected files 

~~~~~~~~~~~ 

 Datei C:\dell\drivers\R122161\HDAQFE\win2k3\jpn\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. 

 Datei C:\dell\drivers\R122161\HDAQFE\win2k3\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. 

 Datei C:\dell\drivers\R122161\HDAQFE\win2k_xp\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. 

 Datei C:\Destinator\Desti_Pack\centrafuse.exe infiziert von "NULL.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. 

~~~~~~~~~~~ 

~~~~ Tagged files 

~~~~~~~~~~~ 

~~~~~~~~~~~ 

~~~~ Offending files 

~~~~~~~~~~~ 

 Offending file found: E:\WINDOWS\system32\swreg.exe 

 Offending file found: E:\WINDOWS\system32\swsc.exe 

 Offending file found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\microsoft\visual foxpro 9\foxuser.dbf 

 Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\eclipse\plugins\org.eclipse.cdt.core.win32_4.0.0.200709241202\os\win32\x86\starter.exe 

 Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\travianbotv2.2\main.exe 

~~~~~~~~~~~ 
 Ordner 

~~~~~~~~~~~ 

 Offending Folder found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\icq\bart\1024 

~~~~~~~~~~~ 
 Registry 

~~~~~~~~~~~ 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Diverses 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

~~~~~~~~~~~~~~~~~~~~~~ 
 Prozesse und Module 

~~~~~~~~~~~~~~~~~~~~~~ 

~~~~~~~~~~~~~~~~~~~~~~ 
 Scanfehler 

~~~~~~~~~~~~~~~~~~~~~~ 

 E:\Dokumente und Einstellungen\Psike\Desktop\TimeShift_HD_Int_Trailer.zip nicht gescannt. Wahrscheinlich durch Passwort geschützt... 

 C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt... 

~~~~~~~~~~~~~~~~~~~~~~ 
 Hosts-Datei 

~~~~~~~~~~~~~~~~~~~~~~ 

DataBasePath: %SystemRoot%\System32\drivers\etc 

Zeilen die nicht dem Standard entsprechen: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Statistiken: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
 Scan-Optionen 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

 Specherüberprüfung: Aktiviert 

 Registry Überprüfung: Aktiviert 

 System-Ordner Überprüfung: Aktiviert 

 Überprüfung der Systembereiche: Deaktiviert 

 Überprüfung der Dienste: Aktiviert 

 Überprüfung der Festplatten: Deaktiviert 

 Überprüfung aller Festplatten :Aktiviert 

 

Batchstart: 12:07:33,78 

Batchende: 12:07:38,06

Und nun die ScanLogs!
Silent Runners:

Code:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"
 
 

Startup items buried in registry:

---------------------------------
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ICQ" = ""E:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]

"Skype" = ""E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"DAEMON Tools Pro Agent" = ""E:\Programme\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]

"Steam" = ""C:\Program Files (x86)\Steam\Steam.exe" -silent" ["Valve Corporation"]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]

"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Dell QuickSet" = "E:\Programme\Dell\QuickSet\quickset.exe" ["Dell Inc"]

"IntelZeroConfig" = ""E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]

"IntelWireless" = ""E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]

"SynTPEnh" = "E:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"SunJavaUpdateSched" = ""E:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NeroFilterCheck" = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"]

"NBKeyScan" = ""E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]

"Adobe Reader Speed Launcher" = ""E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"QuickTime Task" = ""E:\Programme\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]

"F-Secure Manager" = ""E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" [file not found]

"F-Secure TNB" = ""E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" [file not found]

"AVP" = ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

"DWPersistentQueuedReporting" = "E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a" [MS]

"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"74351e6e" = "rundll32.exe "E:\WINDOWS\system32\hijvfaes.dll",b" [MS]
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00"

  -> {HKLM...CLSID} = "XTTBPos00 Class"

                   \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader"

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{20fdcbd4-adf0-4225-9558-36413481fbfa}\(Default) = "{afbf1843-1463-8559-5224-0fda4dbcdf02}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\laaqvywd.dll" [null data]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "E:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

                   \InProcServer32\(Default) = "E:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"

  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

                   \InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"

  -> {HKLM...CLSID} = "Bluetooth-Umgebung"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"

  -> {HKLM...CLSID} = "SmartFTP Copy Hook"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]

"{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" = "SmartFTP ContextMenu"

  -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]

"{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" = "SmartFTP ShellDropHandler"

  -> {HKLM...CLSID} = "SmartFTP ShellDropHandler Class"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]

"{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" = "SmartFTP Drop ShellIconOverlayHandler"

  -> {HKLM...CLSID} = "SmartFTP Drop ShellIconOverlayHandler"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Outlook File Icon Extension"

                   \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus"

  -> {HKLM...CLSID} = "Statistik für Web-Anti-Virus"

                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"

  -> {HKLM...CLSID} = "VPCHostCopyHook"

                   \InProcServer32\(Default) = "E:\Programme\Microsoft Virtual PC\VPCShExH.DLL" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"

  -> {HKLM...CLSID} = "ImageExtractorShellExt Class"

                   \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"

  -> {HKLM...CLSID} = "CInfoTipShellExt Class"

                   \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data]
 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> klogon\DLLName = "E:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

                   \InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"

  -> {HKLM...CLSID} = "Notepad++"

                   \InProcServer32\(Default) = "E:\Programme\Notepad++\nppcm.dll" ["Burgaud.com"]

SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"

  -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"

  -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"

                   \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
 
 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------
 

Note: detected settings may not have any effect.
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}
 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}
 
 

Active Desktop and Wallpaper:

-----------------------------
 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "E:\Dokumente und Einstellungen\Psike\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 
 

Startup items in "Psike" & "All Users" startup folders:

-------------------------------------------------------
 

E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

"BTTray" -> shortcut to: "E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
 
 

Enabled Scheduled Tasks:

------------------------
 

"AppleSoftwareUpdate" -> launches: "E:\Programme\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
 
 

Winsock2 Service Provider DLLs:

-------------------------------
 

Namespace Service Providers
 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

000000000005\LibraryPath = "E:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
 

Transport Service Providers
 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 39

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 

Toolbars, Explorer Bars, Extensions:

------------------------------------
 

Toolbars
 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{855F3B16-6D32-4FE6-8A56-BBB695989046}"

  -> {HKLM...CLSID} = "ICQ Toolbar"

                   \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]
 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)

  -> {HKLM...CLSID} = "ICQ Toolbar"

                   \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"]
 

Explorer Bars
 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
 

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
 

HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]
 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
 

Extensions (Tools menu items, main toolbar menu buttons)
 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\

"ButtonText" = "BitComet Search"
 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherchieren"
 
 

Miscellaneous IE Hijack Points

------------------------------
 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)

  -> {HKLM...CLSID} = "ICQ Toolbar"

                   \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
 
 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------
 

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "E:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]

Bluetooth Service, btwdins, "E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]

FTP-Publishing, MSFtpsvc, "E:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS]

Intel(R) PROSet/Wireless Event Log, EvtEng, "E:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Registry Service, RegSrvc, "E:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Service, S24EventMonitor, "E:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "E:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"]

IPv6-Hilfsdienst, 6to4, "E:\WINDOWS\system32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\6to4svc.dll" [MS]}

Kaspersky Anti-Virus 7.0, AVP, ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r" ["Kaspersky Lab"]

Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]

NICCONFIGSVC, NICCONFIGSVC, "E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe" ["Dell Inc."]

NMIndexingService, NMIndexingService, ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]

NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

PnkBstrA, PnkBstrA, "E:\WINDOWS\system32\PnkBstrA.exe" [null data]
 
 

Print Monitors:

---------------
 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["Broadcom Corporation."]

HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"]

HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]

Lexmark Enhanced TCP/IP Port\Driver = "lmablmpm.dll" [empty string]
 
 

---------- (launch time: 2007-11-12 11:05:55)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.
 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 276 seconds.

---------- (total run time: 314 seconds)

ComboFix

Code:

ComboFix 07-11-08.1 - Psike 2007-11-12 10:45:43.1 - NTFSx86 

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.366 [GMT 1:00]

ausgeführt von:: E:\Dokumente und Einstellungen\Psike\Desktop\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt

.
 

        Nicht in der Lage Systemrechte zu erhalten
 

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

E:\Programme\SecCenter

E:\Programme\SecCenter\scprot4.exe.bak

E:\WINDOWS\system32\__c0052BD0.dat

E:\WINDOWS\system32\__c00878F6.dat

E:\WINDOWS\system32\__c00B1E4.dat

E:\WINDOWS\system32\__c00CC31B.dat

E:\WINDOWS\system32\__c00DDC58.dat

E:\WINDOWS\system32\__c00E1C7A.dat

E:\WINDOWS\system32\aqwnsyvn.dll

E:\WINDOWS\system32\Cache

E:\WINDOWS\system32\dchadevf.dll

E:\WINDOWS\system32\efqfvuck.dll

E:\WINDOWS\system32\fkmdvbtn

E:\WINDOWS\system32\fkmdvbtn\bg1.gif

E:\WINDOWS\system32\fkmdvbtn\bgtop.gif

E:\WINDOWS\system32\fkmdvbtn\bottom1.gif

E:\WINDOWS\system32\fkmdvbtn\essentials.gif

E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe

E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe

E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe

E:\WINDOWS\system32\fkmdvbtn\icon1.ico

E:\WINDOWS\system32\fkmdvbtn\install1.gif

E:\WINDOWS\system32\fkmdvbtn\left1.gif

E:\WINDOWS\system32\fkmdvbtn\li.gif

E:\WINDOWS\system32\fkmdvbtn\logo.gif

E:\WINDOWS\system32\fkmdvbtn\main.htm

E:\WINDOWS\system32\fkmdvbtn\mainframe.htm

E:\WINDOWS\system32\fkmdvbtn\reinstall1.gif

E:\WINDOWS\system32\fkmdvbtn\right1.gif

E:\WINDOWS\system32\fkmdvbtn\s1.htm

E:\WINDOWS\system32\fkmdvbtn\s2.htm

E:\WINDOWS\system32\fkmdvbtn\s3.htm

E:\WINDOWS\system32\fkmdvbtn\SMTop1.gif

E:\WINDOWS\system32\fkmdvbtn\SMTop2.gif

E:\WINDOWS\system32\fkmdvbtn\SMTop3.gif

E:\WINDOWS\system32\fkmdvbtn\SMTop4.gif

E:\WINDOWS\system32\fkmdvbtn\soft1_off.gif

E:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif

E:\WINDOWS\system32\fkmdvbtn\soft1_on.gif

E:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif

E:\WINDOWS\system32\fkmdvbtn\soft2_off.gif

E:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif

E:\WINDOWS\system32\fkmdvbtn\soft2_on.gif

E:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif

E:\WINDOWS\system32\fkmdvbtn\soft3_off.gif

E:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif

E:\WINDOWS\system32\fkmdvbtn\soft3_on.gif

E:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif

E:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif

E:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif

E:\WINDOWS\system32\fkmdvbtn\softleft_off.gif

E:\WINDOWS\system32\fkmdvbtn\softleft_on.gif

E:\WINDOWS\system32\fkmdvbtn\top1.gif

E:\WINDOWS\system32\fkmdvbtn\top2.gif

E:\WINDOWS\system32\fkmdvbtn\turnoff1.gif

E:\WINDOWS\system32\fkmdvbtn\turnon1.gif

E:\WINDOWS\system32\fsolburw.dll

E:\WINDOWS\system32\igykyvva.dll

E:\WINDOWS\system32\jknnolhi.dll

E:\WINDOWS\system32\kvvxrvvx.dll

E:\WINDOWS\system32\lumikhxo.dll

E:\WINDOWS\system32\madxylnk.dll

E:\WINDOWS\system32\nyjudwil.dll

E:\WINDOWS\system32\oalacemo.dll

E:\WINDOWS\system32\qmjkgbrm.dll

E:\WINDOWS\system32\ssttt.dll

E:\WINDOWS\system32\tttss.bak1

E:\WINDOWS\system32\tttss.bak2

E:\WINDOWS\system32\tttss.ini

E:\WINDOWS\system32\tttss.ini2

E:\WINDOWS\system32\tttss.tmp

E:\WINDOWS\system32\votdpqkw.dll
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService
 
 

(((((((((((((((((((((((   Dateien erstellt von 2007-10-12 bis 2007-11-12  ))))))))))))))))))))))))))))))

.
 

2007-11-12 10:42        51,200        --a------        E:\WINDOWS\NirCmd.exe

2007-11-11 23:37        88,128        --a------        E:\WINDOWS\system32\hijvfaes.dll

2007-11-11 23:34        79,936        --a------        E:\WINDOWS\system32\laaqvywd.dll

2007-11-11 23:25        71,232        --a------        E:\WINDOWS\system32\acmudrsa.exe

2007-11-11 16:51        16,288        ---------        E:\WINDOWS\system32\drivers\pxhelp20.sys

2007-11-11 16:50        <DIR>        d--------        E:\Programme\DVD Complete

2007-11-11 16:49        <DIR>        d--------        E:\Programme\directx

2007-11-11 16:48        <DIR>        d--------        E:\Programme\DAZZLE

2007-11-11 16:41        15,360        --a------        E:\WINDOWS\system32\drivers\StreamIP.sys

2007-11-11 16:41        15,360        --a--c---        E:\WINDOWS\system32\dllcache\streamip.sys

2007-11-11 16:41        10,880        --a------        E:\WINDOWS\system32\drivers\NdisIP.sys

2007-11-11 16:41        10,880        --a--c---        E:\WINDOWS\system32\dllcache\ndisip.sys

2007-11-11 16:41        5,504        --a------        E:\WINDOWS\system32\drivers\MSTEE.sys

2007-11-11 16:41        5,504        --a--c---        E:\WINDOWS\system32\dllcache\mstee.sys

2007-11-11 16:40        85,376        --a------        E:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-11-11 16:40        85,376        --a--c---        E:\WINDOWS\system32\dllcache\nabtsfec.sys

2007-11-11 16:40        19,328        --a------        E:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-11-11 16:40        19,328        --a--c---        E:\WINDOWS\system32\dllcache\wstcodec.sys

2007-11-11 16:40        17,024        --a------        E:\WINDOWS\system32\drivers\CCDECODE.sys

2007-11-11 16:40        17,024        --a--c---        E:\WINDOWS\system32\dllcache\ccdecode.sys

2007-11-11 16:40        11,136        --a------        E:\WINDOWS\system32\drivers\SLIP.sys

2007-11-11 16:40        11,136        --a--c---        E:\WINDOWS\system32\dllcache\slip.sys

2007-11-11 16:39        25,024        -ra------        E:\WINDOWS\system32\drivers\nuvaud2.sys

2007-11-11 16:38        <DIR>                E:\WINDOWS\LastGood.Tmp

2007-11-11 16:38        153,760        -ra------        E:\WINDOWS\system32\drivers\nuvvid2.sys

2007-11-11 16:38        139,264        -ra------        E:\WINDOWS\system32\NUVTwain.dll

2007-11-11 16:38        81,920        -ra------        E:\WINDOWS\system32\nuvyuv.dll

2007-11-11 16:38        54,272        --a------        E:\WINDOWS\system32\vfwwdm32.dll

2007-11-11 16:38        54,272        --a--c---        E:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-11-10 15:28        81,472        --a------        E:\WINDOWS\system32\cpvoisik.dll

2007-11-10 14:45        <DIR>        d--------        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

2007-11-10 14:45        45,768        --a------        E:\WINDOWS\system32\drivers\MiniIcpt.sys

2007-11-10 14:45        41,928        --a------        E:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2007-11-10 14:45        32,072        --a------        E:\WINDOWS\system32\drivers\HookCentre.sys

2007-11-10 14:40        <DIR>        d--------        E:\Programme\Gemeinsame Dateien\G DATA

2007-11-10 14:40        <DIR>        d--------        E:\Programme\G DATA AntiVirus Trial

2007-11-10 14:23        81,472        --a------        E:\WINDOWS\system32\vcgmthtk.dll

2007-11-10 14:08        71,232        --a------        E:\WINDOWS\system32\vuxssivx.exe

2007-11-10 09:19        <DIR>        d--------        E:\Dokumente und Einstellungen\Psike\.housecall6.6

2007-11-10 09:19        102,664        --a------        E:\WINDOWS\system32\drivers\tmcomm.sys

2007-11-10 09:15        <DIR>        d--------        E:\Programme\Trend Micro

2007-11-09 13:31        81,472        --a------        E:\WINDOWS\system32\mffmmoxw.dll

2007-11-09 13:29        <DIR>        d--------        E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Nero

2007-11-09 13:28        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator.LARS\Eigene Dateien

2007-11-09 13:26        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator.LARS\Vorlagen

2007-11-09 13:26        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator.LARS\Startmen

2007-11-09 13:26        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator.LARS\Netzwerkumgebung

2007-11-09 13:26        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator.LARS\Lokale Einstellungen

2007-11-09 13:26        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator.LARS\Favoriten

2007-11-09 13:26        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator.LARS\Druckumgebung

2007-11-09 13:26        <DIR>        d--------        E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Intel

2007-11-09 13:26        <DIR>        dr-h-----        E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten

2007-11-09 13:06        71,232        --a------        E:\WINDOWS\system32\schbgpak.exe

2007-11-09 05:43        <DIR>        d--------        E:\Dokumente und Einstellungen\Administrator\Bluetooth Software

2007-11-09 05:26        <DIR>        d--------        E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero

2007-11-09 05:25        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator\Vorlagen

2007-11-09 05:25        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator\Startmen

2007-11-09 05:25        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

2007-11-09 05:25        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

2007-11-09 05:25        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator\Favoriten

2007-11-09 05:25        <DIR>        dr-------        E:\Dokumente und Einstellungen\Administrator\Eigene Dateien

2007-11-09 05:25        <DIR>        d--h-----        E:\Dokumente und Einstellungen\Administrator\Druckumgebung

2007-11-09 05:25        <DIR>        d--------        E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel

2007-11-09 05:25        <DIR>        dr-h-----        E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

2007-11-08 11:23        81,472        --a------        E:\WINDOWS\system32\vxlejjqp.dll

2007-11-08 11:14        167,936        --a------        E:\WINDOWS\system32\nvwrszht.dll

2007-11-08 11:14        126,976        --a------        E:\WINDOWS\system32\nvrszht.dll

2007-11-08 10:55        81,472        --a------        E:\WINDOWS\system32\ciqwwxfj.dll

2007-11-08 09:43        81,472        --a------        E:\WINDOWS\system32\cuklxcfv.dll

2007-11-07 09:40        81,472        --a------        E:\WINDOWS\system32\ulxqvtwv.dll

2007-11-07 07:34        71,232        --a------        E:\WINDOWS\system32\edpvfsdj.exe

2007-11-06 19:01        <DIR>        d--------        E:\Programme\ElcomSoft

2007-11-06 10:44        81,472        --a------        E:\WINDOWS\system32\qnajhawf.dll

2007-11-06 10:27        <DIR>        d--------        E:\VundoFix Backups

2007-11-06 10:04        <DIR>        d---s----        E:\Dokumente und Einstellungen\Psike\UserData

2007-11-06 09:50        <DIR>        d--------        E:\Programme\Gemeinsame Dateien\Merge Modules

2007-11-06 09:49        <DIR>        d--------        E:\Programme\Microsoft Visual FoxPro 9

2007-11-06 09:49        <DIR>        d--------        E:\Programme\Microsoft UDDI SDK

2007-11-06 09:45        <DIR>        d--------        E:\Programme\MSSOAP

2007-11-05 15:38        <DIR>        d--------        E:\Programme\ScreenshotCaptor

2007-11-05 15:38        <DIR>        d--------        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\DonationCoder

2007-11-05 15:38        <DIR>        d--------        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder

2007-11-05 15:38        58        --a------        E:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat

2007-11-05 10:30        <DIR>        d--------        E:\Programme\Microsoft Virtual PC

2007-11-05 09:42        <DIR>        d--------        E:\Programme\Microsoft Virtual Server

2007-11-05 09:23        <DIR>        d--------        E:\WINDOWS\IIS Temporary Compressed Files

2007-11-05 09:19        <DIR>        d--------        E:\Inetpub

2007-11-04 22:47        82,061        --a------        E:\WINDOWS\system32\drivers\klick.dat

2007-11-04 22:47        81,549        --a------        E:\WINDOWS\system32\drivers\klin.dat

2007-11-04 22:45        <DIR>        d--------        E:\Programme\Kaspersky Lab

2007-11-04 22:45        <DIR>        d--------        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2007-11-04 22:45        17,834,016        --ahs----        E:\WINDOWS\system32\drivers\fidbox.dat

2007-11-04 22:45        140,320        --ahs----        E:\WINDOWS\system32\drivers\fidbox2.dat

2007-11-04 07:54        <DIR>        d--------        E:\Programme\Microsoft CAPICOM 2.1.0.2

2007-11-03 13:33        <DIR>        d--------        E:\Programme\CannaPower-Tool

2007-11-03 13:33        <DIR>        d--------        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower

2007-11-02 15:21        <DIR>        dr-------        E:\Dokumente und Einstellungen\LocalService\Favoriten

2007-11-02 15:15        <DIR>        d--------        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor

2007-11-02 15:03        <DIR>        d--------        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee

2007-11-02 14:51        <DIR>        d--------        E:\WINDOWS\McAfee.com
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-12 09:56        90,044        --sha-w        E:\WINDOWS\system32\drivers\fidbox.idx

2007-11-12 09:56        15,356        --sha-w        E:\WINDOWS\system32\drivers\fidbox2.idx

2007-11-12 09:55        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\uTorrent

2007-11-11 15:55        ---------        d--h--w        E:\Programme\InstallShield Installation Information

2007-11-10 18:22        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Skype

2007-11-08 09:49        ---------        d-----w        E:\Programme\DAEMON Tools Pro

2007-11-06 09:45        ---------        d-----w        E:\Programme\ICQ6

2007-11-06 08:38        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2007-11-03 12:33        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower

2007-10-20 17:46        ---------        d-----w        E:\Programme\Allok AVI to DVD SVCD VCD Converter

2007-10-19 13:23        4,194        ----a-w        E:\WINDOWS\system32\drivers\sthdae.log

2007-10-15 19:04        22,328        ----a-w        E:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-10-15 19:04        103,736        ----a-w        E:\WINDOWS\system32\PnkBstrB.exe

2007-10-15 14:16        ---------        d-----w        E:\Programme\Gemeinsame Dateien\InstallShield

2007-10-11 17:01        ---------        d-----w        E:\Programme\Lexmark_HostCD

2007-10-11 17:01        ---------        d-----w        E:\Programme\Lexmark

2007-10-11 08:50        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\gtk-2.0

2007-10-10 08:00        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALM

2007-10-10 07:57        ---------        d-----w        E:\Programme\Gemeinsame Dateien\Adobe

2007-10-10 06:36        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet

2007-10-10 06:22        ---------        d-----w        E:\Programme\Bonjour

2007-10-10 06:17        ---------        d-----w        E:\Programme\Gemeinsame Dateien\Macrovision Shared

2007-10-09 11:13        ---------        d-----w        E:\Programme\QuickTime

2007-10-09 11:13        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer

2007-10-09 11:12        ---------        d-----w        E:\Programme\Apple Software Update

2007-10-09 11:12        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple

2007-10-08 17:43        ---------        d-----w        E:\Programme\Xvid

2007-10-08 17:41        ---------        d-----w        E:\Programme\Philips

2007-10-08 09:37        ---------        d-----w        E:\Programme\GIMP-2.0

2007-10-08 09:37        ---------        d-----w        E:\Programme\Gemeinsame Dateien\GTK

2007-10-08 09:31        ---------        d-----w        E:\Programme\dFotoCut

2007-10-08 08:56        ---------        d-----w        E:\Programme\Samsung

2007-10-08 07:36        ---------        d-----w        E:\Programme\HBX6

2007-10-07 07:31        ---------        d-----w        E:\Programme\MSXML 4.0

2007-10-06 09:42        ---------        d---a-w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

2007-10-06 09:42        ---------        d-----w        E:\Programme\Gemeinsame Dateien\Blizzard Entertainment

2007-10-06 09:05        ---------        d-----w        E:\Programme\rK's DemoWatcher

2007-10-05 11:31        ---------        d-----w        E:\Programme\Xilisoft

2007-10-05 11:29        ---------        d-----w        E:\Programme\EO Video

2007-10-05 11:27        724,992        ----a-w        E:\WINDOWS\iun6002.exe

2007-10-05 08:30        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Nero

2007-10-05 08:29        ---------        d-----w        E:\Programme\Gemeinsame Dateien\Nero

2007-10-05 08:26        ---------        d-----w        E:\Programme\Real Alternative

2007-10-05 08:26        ---------        d-----w        E:\Programme\Nero

2007-10-05 08:26        ---------        d-----w        E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Media Player Classic

2007-10-05 08:26        ---------        d-----w        E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero

2007-10-05 07:24        ---------        d-----w        E:\Programme\Windows Media Connect 2

2007-10-05 02:25        81,920        ----a-w        E:\WINDOWS\system32\nvwddi.dll

2007-10-05 02:25        81,920        ----a-w        E:\WINDOWS\system32\nvmctray.dll

2007-10-05 02:25        8,491,008        ----a-w        E:\WINDOWS\system32\nvcpl.dll

2007-10-05 02:25        6,854,368        ----a-w        E:\WINDOWS\system32\drivers\nv4_mini.sys

2007-10-05 02:25        6,750,208        ----a-w        E:\WINDOWS\system32\nvoglnt.dll

2007-10-05 02:25        6,344,704        ----a-w        E:\WINDOWS\system32\nvdisps.dll

2007-10-05 02:25        5,755,520        ----a-w        E:\WINDOWS\system32\nv4_disp.dll

2007-10-05 02:25        5,509,120        ----a-w        E:\WINDOWS\system32\nvdispsr.dll

2007-10-05 02:25        466,944        ----a-w        E:\WINDOWS\system32\nvshell.dll

2007-10-05 02:25        458,752        ----a-w        E:\WINDOWS\system32\nvmccssr.dll

2007-10-05 02:25        45,056        ----a-w        E:\WINDOWS\system32\nvmccsrs.dll

2007-10-05 02:25        442,368        ----a-w        E:\WINDOWS\system32\nvappbar.exe

2007-10-05 02:25        425,984        ----a-w        E:\WINDOWS\system32\keystone.exe

2007-10-05 02:25        364,544        ----a-w        E:\WINDOWS\system32\nvapi.dll

2007-10-05 02:25        36,864        ----a-w        E:\WINDOWS\system32\nvcodins.dll

2007-10-05 02:25        36,864        ----a-w        E:\WINDOWS\system32\nvcod.dll

2007-10-05 02:25        335,872        ----a-w        E:\WINDOWS\system32\nvwrses.dll

2007-10-05 02:25        335,872        ----a-w        E:\WINDOWS\system32\nvwrsel.dll

2007-10-05 02:25        327,680        ----a-w        E:\WINDOWS\system32\nvwrsfr.dll

2007-10-05 02:25        327,680        ----a-w        E:\WINDOWS\system32\nvwrsesm.dll

2007-10-05 02:25        327,680        ----a-w        E:\WINDOWS\system32\nvrshe.dll

2007-10-05 02:25        327,680        ----a-w        E:\WINDOWS\system32\nvrsar.dll

2007-10-05 02:25        323,584        ----a-w        E:\WINDOWS\system32\nvwrspt.dll

2007-10-05 02:25        319,488        ----a-w        E:\WINDOWS\system32\nvwrsptb.dll

2007-10-05 02:25        319,488        ----a-w        E:\WINDOWS\system32\nvwrsnl.dll

2007-10-05 02:25        315,392        ----a-w        E:\WINDOWS\system32\nvwrsru.dll

2007-10-05 02:25        311,296        ----a-w        E:\WINDOWS\system32\nvwrsde.dll

2007-10-05 02:25        303,104        ----a-w        E:\WINDOWS\system32\nvwrstr.dll

2007-10-05 02:25        303,104        ----a-w        E:\WINDOWS\system32\nvwrssl.dll

2007-10-05 02:25        303,104        ----a-w        E:\WINDOWS\system32\nvwrsfi.dll

2007-10-05 02:25        3,629,056        ----a-w        E:\WINDOWS\system32\nvvitvsr.dll

2007-10-05 02:25        3,551,232        ----a-w        E:\WINDOWS\system32\nvvitvs.dll

2007-10-05 02:25        3,334,144        ----a-w        E:\WINDOWS\system32\nvgames.dll

2007-10-05 02:25        3,166,208        ----a-w        E:\WINDOWS\system32\nvgamesr.dll

2007-10-05 02:25        299,008        ----a-w        E:\WINDOWS\system32\nvwrssk.dll

2007-10-05 02:25        299,008        ----a-w        E:\WINDOWS\system32\nvwrsno.dll

2007-10-05 02:25        294,912        ----a-w        E:\WINDOWS\system32\nvwrssv.dll

2007-10-05 02:25        294,912        ----a-w        E:\WINDOWS\system32\nvwrspl.dll

2007-10-05 02:25        294,912        ----a-w        E:\WINDOWS\system32\nvwrsda.dll

2007-10-05 02:25        286,720        ----a-w        E:\WINDOWS\system32\nvwrseng.dll

2007-10-05 02:25        286,720        ----a-w        E:\WINDOWS\system32\nvwrscs.dll

2007-10-05 02:25        286,720        ----a-w        E:\WINDOWS\system32\nvnt4cpl.dll

2007-10-05 02:25        282,624        ----a-w        E:\WINDOWS\system32\nvwrsar.dll

2007-10-05 02:25        282,624        ----a-w        E:\WINDOWS\system32\nvrsfr.dll

2007-10-05 02:25        282,624        ----a-w        E:\WINDOWS\system32\nvrses.dll

2007-10-05 02:25        282,624        ----a-w        E:\WINDOWS\system32\nvrsel.dll

2007-10-05 02:25        278,528        ----a-w        E:\WINDOWS\system32\nvwrshe.dll

2007-10-05 02:25        278,528        ----a-w        E:\WINDOWS\system32\nvrsde.dll

2007-10-05 02:25        274,432        ----a-w        E:\WINDOWS\system32\nvrspt.dll

2007-10-05 02:25        274,432        ----a-w        E:\WINDOWS\system32\nvrsnl.dll

2007-10-05 02:25        274,432        ----a-w        E:\WINDOWS\system32\nvrsesm.dll

2007-10-05 02:25        270,336        ----a-w        E:\WINDOWS\system32\nvrsru.dll

2007-10-05 02:25        266,240        ----a-w        E:\WINDOWS\system32\nvrsptb.dll

.
 

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20fdcbd4-adf0-4225-9558-36413481fbfa}]

2007-11-11 23:34        79936        --a------        E:\WINDOWS\system32\laaqvywd.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell QuickSet"="E:\Programme\Dell\QuickSet\quickset.exe" [2007-05-14 13:23]

"IntelZeroConfig"="E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 15:32]

"IntelWireless"="E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 15:30]

"SynTPEnh"="E:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]

"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-10-05 03:25]

"nwiz"="nwiz.exe" [2007-10-05 03:25 E:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="E:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"NeroFilterCheck"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]

"NBKeyScan"="E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]

"Adobe Reader Speed Launcher"="E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]

"QuickTime Task"="E:\Programme\QuickTime\QTTask.exe" [2007-06-29 05:24]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 E:\WINDOWS\stsystra.exe]

"F-Secure Manager"="E:\Programme\F-Secure Internet Security\Common\FSM32.exe" []

"F-Secure TNB"="E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" []

"AVP"="E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

"DWPersistentQueuedReporting"="E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.exe" [2007-02-26 09:01]

"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 03:25]

"74351e6e"="E:\WINDOWS\system32\hijvfaes.dll" [2007-11-11 23:38]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="E:\Programme\ICQ6\ICQ.exe" [2007-08-08 16:03]

"Skype"="E:\Programme\Skype\Phone\Skype.exe" [2007-09-13 12:31]

"DAEMON Tools Pro Agent"="E:\Programme\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08]

"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2007-10-05 08:31]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjigh] 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32] 
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 E:\WINDOWS\system32\ssttt.dll
 

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe

R3 guardian2;guardian2;E:\WINDOWS\system32\Drivers\oz776.sys

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys

S3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys

S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys

S3 NUVision;NUVision II Video Service;E:\WINDOWS\system32\DRIVERS\nuvvid2.sys

S3 vmh;Virtual Machine-Hilfsdienst;"E:\Programme\Microsoft Virtual Server\vmh.exe" -service

S4 F-Secure Filter;F-Secure File System Filter;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys

S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

S4 Virtual Server;Virtual Server;"E:\Programme\Microsoft Virtual Server\vssrvc.exe"
 

.

Inhalt des "geplante Tasks" Ordners

"2007-11-05 13:24:03 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- E:\Programme\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************
 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-12 10:57:57

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Eintr„ge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen 

versteckte Dateien: 0 
 

**************************************************************************

.

Zeit der Fertigstellung: 2007-11-12 11:04:23 - machine was rebooted 

.

        --- E O F ---

Boah! :eek:
Dein System ist ja echt derbe zugemüllt mit offensichtlichen Schädlingsdateien. Beachte, dass eine Bereinigung niemals für Sicherheit steht und die oft langwierige Prozedur quasi für nichts sein und wieder nichts sein kann.

Entscheide dich entweder für die sichere oder aber die unsichere Lösung.

Ich kann immo leider nicht Neu installieren da mein Laptop auch mein Firmen PC ist und ich dann sehr viel sichern muss und jede gesicherte datei kann ja Potentiell auch wieder Gefährlich sein.. Denke ich mal! Also muss ich jetzt wohl erst mal den Langen (unsicheren) prozess wähln würde mich freuen wenn du mir genauer aufzeigen kannst welcher Virus wo ist? Danke schon mal!:daumenhoc

mfg Lars

Zitat:

da mein Laptop auch mein Firmen PC ist

Dann wende dich an den zuständigen Admin. Der wird sicher auch mal gern erfahren, dass dein Arbeitsgerät ne tickende Zeitbombe ist und eine Gefahr für alle anderen Rechner im Firmennetz darstellt.