|
Log-Analyse und Auswertung: System Ruckelt in skype bzw in Internet!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
10.11.2007, 09:37 | #1 |
| System Ruckelt in skype bzw in Internet! Guten Morgen, Also mein Problem: Mein PC Ruckel in skype also die gegen seite versteht mich nicht wirklich. Dazu kommt das ich zb. bei WC3 im Battlenet totale ruckler habe. Da es mit sicherheit nciht am inet liegt muss es was sein was meinen PC langsamer macht. Also meine Daten! DELL M1710 --> 1024 MB AS --> 120GB FS --> Intel Core 2 Duo 2.66 --> Inet: 16000 DSL Und hier meine Log's hoffe ihr findet was! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:29:12, on 10.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Programme\Intel\Wireless\Bin\S24EvMon.exe E:\WINDOWS\system32\spoolsv.exe E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe E:\Programme\Intel\Wireless\Bin\EvtEng.exe E:\WINDOWS\system32\inetsrv\inetinfo.exe E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\Programme\Intel\Wireless\Bin\RegSrvc.exe E:\Programme\Intel\Wireless\Bin\WLKeeper.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe E:\WINDOWS\Explorer.EXE E:\Programme\Dell\QuickSet\quickset.exe E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe E:\Programme\Synaptics\SynTP\SynTPEnh.exe E:\Programme\Java\jre1.6.0_03\bin\jusched.exe E:\WINDOWS\stsystra.exe E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe E:\Programme\DAEMON Tools Pro\DTProAgent.exe E:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe E:\Programme\Mozilla Firefox\firefox.exe E:\Programme\Microsoft Virtual PC\Virtual PC.exe E:\WINDOWS\system32\svchost.exe E:\Programme\ScreenshotCaptor\ScreenshotCaptor.exe E:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE E:\WINDOWS\System32\svchost.exe E:\Programme\Skype\Phone\Skype.exe E:\Programme\Skype\Plugin Manager\skypePM.exe E:\Programme\ICQ6\ICQ.exe E:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everestpoker.com/rules/?l=de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Dell QuickSet] E:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [DWPersistentQueuedReporting] E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a O4 - HKLM\..\Run: [74351e6e] rundll32.exe "E:\WINDOWS\system32\gjufhmdj.dll",b O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ICQ] "E:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Programme\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1476116351-3504499707-2315442071-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-21-1757981266-329068152-682003330-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - E:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5154/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cp-pro.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cp-pro.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cp-pro.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: E:\WINDOWS\system32\__c00B1E4.dat O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\maknnvuj.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - E:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Programme\F-Secure Internet Security\Common\FSMA32.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lmab_device - Unknown owner - E:\WINDOWS\system32\LMabcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMIndexingService - Nero AG - E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Programme\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - E:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - E:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9742 bytes |
11.11.2007, 00:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Ruckelt in skype bzw in Internet! Hallo.
__________________Code:
ATTFilter E:\WINDOWS\system32\gjufhmdj.dll E:\WINDOWS\system32\__c00B1E4.dat E:\WINDOWS\system32\maknnvuj.exe Führ für weitere Analysezwecke auch mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles: - eScan
__________________ |
12.11.2007, 11:29 | #3 |
| System Ruckelt in skype bzw in Internet! Also erst mal die Logs der 3 Datein!
__________________Code:
ATTFilter E:\WINDOWS\system32\gjufhmdj.dll 0 bytes size received E:\WINDOWS\system32\__c00B1E4.dat Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2007.11.12.0 2007.11.12 - AntiVir 7.6.0.34 2007.11.12 TR/Dldr.Agen.ZV.1.B Authentium 4.93.8 2007.11.10 - Avast 4.7.1074.0 2007.11.11 - AVG 7.5.0.503 2007.11.11 Downloader.Small.AVQ BitDefender 7.2 2007.11.12 Trojan.Generic.70968 CAT-QuickHeal 9.00 2007.11.10 TrojanDownloader.ConHook.hl ClamAV 0.91.2 2007.11.12 - DrWeb 4.44.0.09170 2007.11.12 - eSafe 7.0.15.0 2007.11.08 suspicious Trojan/Worm eTrust-Vet 31.2.5289 2007.11.12 Win32/Darksma.FR Ewido 4.0 2007.11.11 - FileAdvisor 1 2007.11.12 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.10 W32/Downldr2.AILP F-Secure 6.70.13030.0 2007.11.12 Trojan-Downloader.Win32.ConHook.hl Ikarus T3.1.1.12 2007.11.12 Trojan-Downloader.Win32.ConHook.hl Kaspersky 7.0.0.125 2007.11.12 Trojan-Downloader.Win32.ConHook.hl McAfee 5160 2007.11.09 Vundo Microsoft 1.3007 2007.11.12 - NOD32v2 2652 2007.11.11 - Norman 5.80.02 2007.11.09 W32/ConHook.GT Panda 9.0.0.4 2007.11.11 Adware/PurityScan Prevx1 V2 2007.11.12 Trojan.Zlob Rising 20.18.00.00 2007.11.12 - Sophos 4.23.0 2007.11.12 Mal/Behav-010 Sunbelt 2.2.907.0 2007.11.09 - Symantec 10 2007.11.12 Downloader TheHacker 6.2.9.124 2007.11.12 - VBA32 3.12.2.4 2007.11.11 Trojan-Downloader.Win32.ConHook.hl VirusBuster 4.3.26:9 2007.11.11 Trojan.DL.ConHook.CN Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Dldr.Agen.ZV.1.B weitere Informationen File size: 10816 bytes MD5: de842974bf20f8a8d59522410574ce72 SHA1: 0fc0484776bbd3185b836156b8377072360b261e packers: UPX packers: PE_Patch.UPX, UPX Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=BD036893407CBFFB2A53002BB9C23C006CD5F7C3 E:\WINDOWS\system32\maknnvuj.exe 0 bytes size received |
12.11.2007, 12:09 | #4 |
| System Ruckelt in skype bzw in Internet! ESCAN Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NETWORK eScan Version: 9.5.4 Sprache: German E:\DOKUME~1\Psike\LOKALE~1\Temp\MWAV.LOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Object "smitfraud Browser Hijacker" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen. System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Keine Aktion vorgenommen. System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Keine Aktion vorgenommen. System found infected with savingbot shopper Spyware/Adware (foxuser.dbf)! Action taken: Keine Aktion vorgenommen. System found infected with precisionpop Spyware/Adware (starter.exe)! Action taken: Keine Aktion vorgenommen. System found infected with desktop scam Trojan-Downloader (main.exe)! Action taken: Keine Aktion vorgenommen. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Datei C:\dell\drivers\R122161\HDAQFE\win2k3\jpn\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. Datei C:\dell\drivers\R122161\HDAQFE\win2k3\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. Datei C:\dell\drivers\R122161\HDAQFE\win2k_xp\us\qfe.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. Datei C:\Destinator\Desti_Pack\centrafuse.exe infiziert von "NULL.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Offending file found: E:\WINDOWS\system32\swreg.exe Offending file found: E:\WINDOWS\system32\swsc.exe Offending file found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\microsoft\visual foxpro 9\foxuser.dbf Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\eclipse\plugins\org.eclipse.cdt.core.win32_4.0.0.200709241202\os\win32\x86\starter.exe Offending file found: E:\Dokumente und Einstellungen\Psike\Desktop\desktop\desktop ordner strukturen\travianbotv2.2\main.exe ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\icq\bart\1024 ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ E:\Dokumente und Einstellungen\Psike\Desktop\TimeShift_HD_Int_Trailer.zip nicht gescannt. Wahrscheinlich durch Passwort geschützt... C:\MSOCache\All Users\{90120000-00A1-0407-0000-0000000FF1CE}-C\OnoteLR.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc Zeilen die nicht dem Standard entsprechen: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Specherüberprüfung: Aktiviert Registry Überprüfung: Aktiviert System-Ordner Überprüfung: Aktiviert Überprüfung der Systembereiche: Deaktiviert Überprüfung der Dienste: Aktiviert Überprüfung der Festplatten: Deaktiviert Überprüfung aller Festplatten :Aktiviert Batchstart: 12:07:33,78 Batchende: 12:07:38,06 |
12.11.2007, 12:11 | #5 |
| System Ruckelt in skype bzw in Internet! Und nun die ScanLogs! Silent Runners: Code:
ATTFilter "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ICQ" = ""E:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."] "Skype" = ""E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "DAEMON Tools Pro Agent" = ""E:\Programme\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."] "Steam" = ""C:\Program Files (x86)\Steam\Steam.exe" -silent" ["Valve Corporation"] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] "ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Dell QuickSet" = "E:\Programme\Dell\QuickSet\quickset.exe" ["Dell Inc"] "IntelZeroConfig" = ""E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"] "IntelWireless" = ""E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"] "SynTPEnh" = "E:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "SunJavaUpdateSched" = ""E:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"] "NBKeyScan" = ""E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"] "Adobe Reader Speed Launcher" = ""E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "QuickTime Task" = ""E:\Programme\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."] "F-Secure Manager" = ""E:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" [file not found] "F-Secure TNB" = ""E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" [file not found] "AVP" = ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"] "DWPersistentQueuedReporting" = "E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE -a" [MS] "NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "74351e6e" = "rundll32.exe "E:\WINDOWS\system32\hijvfaes.dll",b" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00" -> {HKLM...CLSID} = "XTTBPos00 Class" \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {20fdcbd4-adf0-4225-9558-36413481fbfa}\(Default) = "{afbf1843-1463-8559-5224-0fda4dbcdf02}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\WINDOWS\system32\laaqvywd.dll" [null data] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "E:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "E:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Bluetooth-Umgebung" \InProcServer32\(Default) = "E:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook" -> {HKLM...CLSID} = "SmartFTP Copy Hook" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."] "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" = "SmartFTP ContextMenu" -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"] "{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" = "SmartFTP ShellDropHandler" -> {HKLM...CLSID} = "SmartFTP ShellDropHandler Class" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"] "{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" = "SmartFTP Drop ShellIconOverlayHandler" -> {HKLM...CLSID} = "SmartFTP Drop ShellIconOverlayHandler" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus" -> {HKLM...CLSID} = "Statistik für Web-Anti-Virus" \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] "{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook" -> {HKLM...CLSID} = "VPCHostCopyHook" \InProcServer32\(Default) = "E:\Programme\Microsoft Virtual PC\VPCShExH.DLL" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Visio11\VISSHE.DLL" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> klogon\DLLName = "E:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "E:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"] Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}" -> {HKLM...CLSID} = "Notepad++" \InProcServer32\(Default) = "E:\Programme\Notepad++\nppcm.dll" ["Burgaud.com"] SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" -> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension" \InProcServer32\(Default) = "E:\Programme\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Dokumente und Einstellungen\Psike\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Psike" & "All Users" startup folders: ------------------------------------------------------- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "BTTray" -> shortcut to: "E:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "E:\Programme\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] 000000000005\LibraryPath = "E:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 39 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {461CC20B-FB6E-4F16-8FE8-C29359DB100E}\ "ButtonText" = "BitComet Search" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "E:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."] Bluetooth Service, btwdins, "E:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] FTP-Publishing, MSFtpsvc, "E:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS] Intel(R) PROSet/Wireless Event Log, EvtEng, "E:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Registry Service, RegSrvc, "E:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Service, S24EventMonitor, "E:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "E:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"] IPv6-Hilfsdienst, 6to4, "E:\WINDOWS\system32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\6to4svc.dll" [MS]} Kaspersky Anti-Virus 7.0, AVP, ""E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r" ["Kaspersky Lab"] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NICCONFIGSVC, NICCONFIGSVC, "E:\Programme\Dell\QuickSet\NICCONFIGSVC.exe" ["Dell Inc."] NMIndexingService, NMIndexingService, ""E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "E:\WINDOWS\system32\PnkBstrA.exe" [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["Broadcom Corporation."] HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"] HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] Lexmark Enhanced TCP/IP Port\Driver = "lmablmpm.dll" [empty string] ---------- (launch time: 2007-11-12 11:05:55) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 276 seconds. ---------- (total run time: 314 seconds) |
12.11.2007, 12:12 | #6 |
| System Ruckelt in skype bzw in Internet! ComboFix Code:
ATTFilter ComboFix 07-11-08.1 - Psike 2007-11-12 10:45:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.366 [GMT 1:00] ausgeführt von:: E:\Dokumente und Einstellungen\Psike\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . Nicht in der Lage Systemrechte zu erhalten (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . E:\Programme\SecCenter E:\Programme\SecCenter\scprot4.exe.bak E:\WINDOWS\system32\__c0052BD0.dat E:\WINDOWS\system32\__c00878F6.dat E:\WINDOWS\system32\__c00B1E4.dat E:\WINDOWS\system32\__c00CC31B.dat E:\WINDOWS\system32\__c00DDC58.dat E:\WINDOWS\system32\__c00E1C7A.dat E:\WINDOWS\system32\aqwnsyvn.dll E:\WINDOWS\system32\Cache E:\WINDOWS\system32\dchadevf.dll E:\WINDOWS\system32\efqfvuck.dll E:\WINDOWS\system32\fkmdvbtn E:\WINDOWS\system32\fkmdvbtn\bg1.gif E:\WINDOWS\system32\fkmdvbtn\bgtop.gif E:\WINDOWS\system32\fkmdvbtn\bottom1.gif E:\WINDOWS\system32\fkmdvbtn\essentials.gif E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe E:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe E:\WINDOWS\system32\fkmdvbtn\icon1.ico E:\WINDOWS\system32\fkmdvbtn\install1.gif E:\WINDOWS\system32\fkmdvbtn\left1.gif E:\WINDOWS\system32\fkmdvbtn\li.gif E:\WINDOWS\system32\fkmdvbtn\logo.gif E:\WINDOWS\system32\fkmdvbtn\main.htm E:\WINDOWS\system32\fkmdvbtn\mainframe.htm E:\WINDOWS\system32\fkmdvbtn\reinstall1.gif E:\WINDOWS\system32\fkmdvbtn\right1.gif E:\WINDOWS\system32\fkmdvbtn\s1.htm E:\WINDOWS\system32\fkmdvbtn\s2.htm E:\WINDOWS\system32\fkmdvbtn\s3.htm E:\WINDOWS\system32\fkmdvbtn\SMTop1.gif E:\WINDOWS\system32\fkmdvbtn\SMTop2.gif E:\WINDOWS\system32\fkmdvbtn\SMTop3.gif E:\WINDOWS\system32\fkmdvbtn\SMTop4.gif E:\WINDOWS\system32\fkmdvbtn\soft1_off.gif E:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif E:\WINDOWS\system32\fkmdvbtn\soft1_on.gif E:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif E:\WINDOWS\system32\fkmdvbtn\soft2_off.gif E:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif E:\WINDOWS\system32\fkmdvbtn\soft2_on.gif E:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif E:\WINDOWS\system32\fkmdvbtn\soft3_off.gif E:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif E:\WINDOWS\system32\fkmdvbtn\soft3_on.gif E:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif E:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif E:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif E:\WINDOWS\system32\fkmdvbtn\softleft_off.gif E:\WINDOWS\system32\fkmdvbtn\softleft_on.gif E:\WINDOWS\system32\fkmdvbtn\top1.gif E:\WINDOWS\system32\fkmdvbtn\top2.gif E:\WINDOWS\system32\fkmdvbtn\turnoff1.gif E:\WINDOWS\system32\fkmdvbtn\turnon1.gif E:\WINDOWS\system32\fsolburw.dll E:\WINDOWS\system32\igykyvva.dll E:\WINDOWS\system32\jknnolhi.dll E:\WINDOWS\system32\kvvxrvvx.dll E:\WINDOWS\system32\lumikhxo.dll E:\WINDOWS\system32\madxylnk.dll E:\WINDOWS\system32\nyjudwil.dll E:\WINDOWS\system32\oalacemo.dll E:\WINDOWS\system32\qmjkgbrm.dll E:\WINDOWS\system32\ssttt.dll E:\WINDOWS\system32\tttss.bak1 E:\WINDOWS\system32\tttss.bak2 E:\WINDOWS\system32\tttss.ini E:\WINDOWS\system32\tttss.ini2 E:\WINDOWS\system32\tttss.tmp E:\WINDOWS\system32\votdpqkw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((( Dateien erstellt von 2007-10-12 bis 2007-11-12 )))))))))))))))))))))))))))))) . 2007-11-12 10:42 51,200 --a------ E:\WINDOWS\NirCmd.exe 2007-11-11 23:37 88,128 --a------ E:\WINDOWS\system32\hijvfaes.dll 2007-11-11 23:34 79,936 --a------ E:\WINDOWS\system32\laaqvywd.dll 2007-11-11 23:25 71,232 --a------ E:\WINDOWS\system32\acmudrsa.exe 2007-11-11 16:51 16,288 --------- E:\WINDOWS\system32\drivers\pxhelp20.sys 2007-11-11 16:50 <DIR> d-------- E:\Programme\DVD Complete 2007-11-11 16:49 <DIR> d-------- E:\Programme\directx 2007-11-11 16:48 <DIR> d-------- E:\Programme\DAZZLE 2007-11-11 16:41 15,360 --a------ E:\WINDOWS\system32\drivers\StreamIP.sys 2007-11-11 16:41 15,360 --a--c--- E:\WINDOWS\system32\dllcache\streamip.sys 2007-11-11 16:41 10,880 --a------ E:\WINDOWS\system32\drivers\NdisIP.sys 2007-11-11 16:41 10,880 --a--c--- E:\WINDOWS\system32\dllcache\ndisip.sys 2007-11-11 16:41 5,504 --a------ E:\WINDOWS\system32\drivers\MSTEE.sys 2007-11-11 16:41 5,504 --a--c--- E:\WINDOWS\system32\dllcache\mstee.sys 2007-11-11 16:40 85,376 --a------ E:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-11-11 16:40 85,376 --a--c--- E:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-11-11 16:40 19,328 --a------ E:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-11-11 16:40 19,328 --a--c--- E:\WINDOWS\system32\dllcache\wstcodec.sys 2007-11-11 16:40 17,024 --a------ E:\WINDOWS\system32\drivers\CCDECODE.sys 2007-11-11 16:40 17,024 --a--c--- E:\WINDOWS\system32\dllcache\ccdecode.sys 2007-11-11 16:40 11,136 --a------ E:\WINDOWS\system32\drivers\SLIP.sys 2007-11-11 16:40 11,136 --a--c--- E:\WINDOWS\system32\dllcache\slip.sys 2007-11-11 16:39 25,024 -ra------ E:\WINDOWS\system32\drivers\nuvaud2.sys 2007-11-11 16:38 <DIR> E:\WINDOWS\LastGood.Tmp 2007-11-11 16:38 153,760 -ra------ E:\WINDOWS\system32\drivers\nuvvid2.sys 2007-11-11 16:38 139,264 -ra------ E:\WINDOWS\system32\NUVTwain.dll 2007-11-11 16:38 81,920 -ra------ E:\WINDOWS\system32\nuvyuv.dll 2007-11-11 16:38 54,272 --a------ E:\WINDOWS\system32\vfwwdm32.dll 2007-11-11 16:38 54,272 --a--c--- E:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-11-10 15:28 81,472 --a------ E:\WINDOWS\system32\cpvoisik.dll 2007-11-10 14:45 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA 2007-11-10 14:45 45,768 --a------ E:\WINDOWS\system32\drivers\MiniIcpt.sys 2007-11-10 14:45 41,928 --a------ E:\WINDOWS\system32\drivers\GDTdiIcpt.sys 2007-11-10 14:45 32,072 --a------ E:\WINDOWS\system32\drivers\HookCentre.sys 2007-11-10 14:40 <DIR> d-------- E:\Programme\Gemeinsame Dateien\G DATA 2007-11-10 14:40 <DIR> d-------- E:\Programme\G DATA AntiVirus Trial 2007-11-10 14:23 81,472 --a------ E:\WINDOWS\system32\vcgmthtk.dll 2007-11-10 14:08 71,232 --a------ E:\WINDOWS\system32\vuxssivx.exe 2007-11-10 09:19 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\.housecall6.6 2007-11-10 09:19 102,664 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-10 09:15 <DIR> d-------- E:\Programme\Trend Micro 2007-11-09 13:31 81,472 --a------ E:\WINDOWS\system32\mffmmoxw.dll 2007-11-09 13:29 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Nero 2007-11-09 13:28 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Eigene Dateien 2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Vorlagen 2007-11-09 13:26 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Startmen 2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Netzwerkumgebung 2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Lokale Einstellungen 2007-11-09 13:26 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator.LARS\Favoriten 2007-11-09 13:26 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator.LARS\Druckumgebung 2007-11-09 13:26 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten\Intel 2007-11-09 13:26 <DIR> dr-h----- E:\Dokumente und Einstellungen\Administrator.LARS\Anwendungsdaten 2007-11-09 13:06 71,232 --a------ E:\WINDOWS\system32\schbgpak.exe 2007-11-09 05:43 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Bluetooth Software 2007-11-09 05:26 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero 2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Vorlagen 2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Startmen 2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung 2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen 2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Favoriten 2007-11-09 05:25 <DIR> dr------- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien 2007-11-09 05:25 <DIR> d--h----- E:\Dokumente und Einstellungen\Administrator\Druckumgebung 2007-11-09 05:25 <DIR> d-------- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel 2007-11-09 05:25 <DIR> dr-h----- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten 2007-11-08 11:23 81,472 --a------ E:\WINDOWS\system32\vxlejjqp.dll 2007-11-08 11:14 167,936 --a------ E:\WINDOWS\system32\nvwrszht.dll 2007-11-08 11:14 126,976 --a------ E:\WINDOWS\system32\nvrszht.dll 2007-11-08 10:55 81,472 --a------ E:\WINDOWS\system32\ciqwwxfj.dll 2007-11-08 09:43 81,472 --a------ E:\WINDOWS\system32\cuklxcfv.dll 2007-11-07 09:40 81,472 --a------ E:\WINDOWS\system32\ulxqvtwv.dll 2007-11-07 07:34 71,232 --a------ E:\WINDOWS\system32\edpvfsdj.exe 2007-11-06 19:01 <DIR> d-------- E:\Programme\ElcomSoft 2007-11-06 10:44 81,472 --a------ E:\WINDOWS\system32\qnajhawf.dll 2007-11-06 10:27 <DIR> d-------- E:\VundoFix Backups 2007-11-06 10:04 <DIR> d---s---- E:\Dokumente und Einstellungen\Psike\UserData 2007-11-06 09:50 <DIR> d-------- E:\Programme\Gemeinsame Dateien\Merge Modules 2007-11-06 09:49 <DIR> d-------- E:\Programme\Microsoft Visual FoxPro 9 2007-11-06 09:49 <DIR> d-------- E:\Programme\Microsoft UDDI SDK 2007-11-06 09:45 <DIR> d-------- E:\Programme\MSSOAP 2007-11-05 15:38 <DIR> d-------- E:\Programme\ScreenshotCaptor 2007-11-05 15:38 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\DonationCoder 2007-11-05 15:38 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder 2007-11-05 15:38 58 --a------ E:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2007-11-05 10:30 <DIR> d-------- E:\Programme\Microsoft Virtual PC 2007-11-05 09:42 <DIR> d-------- E:\Programme\Microsoft Virtual Server 2007-11-05 09:23 <DIR> d-------- E:\WINDOWS\IIS Temporary Compressed Files 2007-11-05 09:19 <DIR> d-------- E:\Inetpub 2007-11-04 22:47 82,061 --a------ E:\WINDOWS\system32\drivers\klick.dat 2007-11-04 22:47 81,549 --a------ E:\WINDOWS\system32\drivers\klin.dat 2007-11-04 22:45 <DIR> d-------- E:\Programme\Kaspersky Lab 2007-11-04 22:45 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2007-11-04 22:45 17,834,016 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat 2007-11-04 22:45 140,320 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-04 07:54 <DIR> d-------- E:\Programme\Microsoft CAPICOM 2.1.0.2 2007-11-03 13:33 <DIR> d-------- E:\Programme\CannaPower-Tool 2007-11-03 13:33 <DIR> d-------- E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower 2007-11-02 15:21 <DIR> dr------- E:\Dokumente und Einstellungen\LocalService\Favoriten 2007-11-02 15:15 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor 2007-11-02 15:03 <DIR> d-------- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee 2007-11-02 14:51 <DIR> d-------- E:\WINDOWS\McAfee.com . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 09:56 90,044 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx 2007-11-12 09:56 15,356 --sha-w E:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-12 09:55 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\uTorrent 2007-11-11 15:55 --------- d--h--w E:\Programme\InstallShield Installation Information 2007-11-10 18:22 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Skype 2007-11-08 09:49 --------- d-----w E:\Programme\DAEMON Tools Pro 2007-11-06 09:45 --------- d-----w E:\Programme\ICQ6 2007-11-06 08:38 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2007-11-03 12:33 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\.CannaPower 2007-10-20 17:46 --------- d-----w E:\Programme\Allok AVI to DVD SVCD VCD Converter 2007-10-19 13:23 4,194 ----a-w E:\WINDOWS\system32\drivers\sthdae.log 2007-10-15 19:04 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-15 19:04 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe 2007-10-15 14:16 --------- d-----w E:\Programme\Gemeinsame Dateien\InstallShield 2007-10-11 17:01 --------- d-----w E:\Programme\Lexmark_HostCD 2007-10-11 17:01 --------- d-----w E:\Programme\Lexmark 2007-10-11 08:50 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\gtk-2.0 2007-10-10 08:00 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALM 2007-10-10 07:57 --------- d-----w E:\Programme\Gemeinsame Dateien\Adobe 2007-10-10 06:36 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet 2007-10-10 06:22 --------- d-----w E:\Programme\Bonjour 2007-10-10 06:17 --------- d-----w E:\Programme\Gemeinsame Dateien\Macrovision Shared 2007-10-09 11:13 --------- d-----w E:\Programme\QuickTime 2007-10-09 11:13 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2007-10-09 11:12 --------- d-----w E:\Programme\Apple Software Update 2007-10-09 11:12 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2007-10-08 17:43 --------- d-----w E:\Programme\Xvid 2007-10-08 17:41 --------- d-----w E:\Programme\Philips 2007-10-08 09:37 --------- d-----w E:\Programme\GIMP-2.0 2007-10-08 09:37 --------- d-----w E:\Programme\Gemeinsame Dateien\GTK 2007-10-08 09:31 --------- d-----w E:\Programme\dFotoCut 2007-10-08 08:56 --------- d-----w E:\Programme\Samsung 2007-10-08 07:36 --------- d-----w E:\Programme\HBX6 2007-10-07 07:31 --------- d-----w E:\Programme\MSXML 4.0 2007-10-06 09:42 --------- d---a-w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2007-10-06 09:42 --------- d-----w E:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2007-10-06 09:05 --------- d-----w E:\Programme\rK's DemoWatcher 2007-10-05 11:31 --------- d-----w E:\Programme\Xilisoft 2007-10-05 11:29 --------- d-----w E:\Programme\EO Video 2007-10-05 11:27 724,992 ----a-w E:\WINDOWS\iun6002.exe 2007-10-05 08:30 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Nero 2007-10-05 08:29 --------- d-----w E:\Programme\Gemeinsame Dateien\Nero 2007-10-05 08:26 --------- d-----w E:\Programme\Real Alternative 2007-10-05 08:26 --------- d-----w E:\Programme\Nero 2007-10-05 08:26 --------- d-----w E:\Dokumente und Einstellungen\Psike\Anwendungsdaten\Media Player Classic 2007-10-05 08:26 --------- d-----w E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2007-10-05 07:24 --------- d-----w E:\Programme\Windows Media Connect 2 2007-10-05 02:25 81,920 ----a-w E:\WINDOWS\system32\nvwddi.dll 2007-10-05 02:25 81,920 ----a-w E:\WINDOWS\system32\nvmctray.dll 2007-10-05 02:25 8,491,008 ----a-w E:\WINDOWS\system32\nvcpl.dll 2007-10-05 02:25 6,854,368 ----a-w E:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-05 02:25 6,750,208 ----a-w E:\WINDOWS\system32\nvoglnt.dll 2007-10-05 02:25 6,344,704 ----a-w E:\WINDOWS\system32\nvdisps.dll 2007-10-05 02:25 5,755,520 ----a-w E:\WINDOWS\system32\nv4_disp.dll 2007-10-05 02:25 5,509,120 ----a-w E:\WINDOWS\system32\nvdispsr.dll 2007-10-05 02:25 466,944 ----a-w E:\WINDOWS\system32\nvshell.dll 2007-10-05 02:25 458,752 ----a-w E:\WINDOWS\system32\nvmccssr.dll 2007-10-05 02:25 45,056 ----a-w E:\WINDOWS\system32\nvmccsrs.dll 2007-10-05 02:25 442,368 ----a-w E:\WINDOWS\system32\nvappbar.exe 2007-10-05 02:25 425,984 ----a-w E:\WINDOWS\system32\keystone.exe 2007-10-05 02:25 364,544 ----a-w E:\WINDOWS\system32\nvapi.dll 2007-10-05 02:25 36,864 ----a-w E:\WINDOWS\system32\nvcodins.dll 2007-10-05 02:25 36,864 ----a-w E:\WINDOWS\system32\nvcod.dll 2007-10-05 02:25 335,872 ----a-w E:\WINDOWS\system32\nvwrses.dll 2007-10-05 02:25 335,872 ----a-w E:\WINDOWS\system32\nvwrsel.dll 2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvwrsfr.dll 2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvwrsesm.dll 2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvrshe.dll 2007-10-05 02:25 327,680 ----a-w E:\WINDOWS\system32\nvrsar.dll 2007-10-05 02:25 323,584 ----a-w E:\WINDOWS\system32\nvwrspt.dll 2007-10-05 02:25 319,488 ----a-w E:\WINDOWS\system32\nvwrsptb.dll 2007-10-05 02:25 319,488 ----a-w E:\WINDOWS\system32\nvwrsnl.dll 2007-10-05 02:25 315,392 ----a-w E:\WINDOWS\system32\nvwrsru.dll 2007-10-05 02:25 311,296 ----a-w E:\WINDOWS\system32\nvwrsde.dll 2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrstr.dll 2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrssl.dll 2007-10-05 02:25 303,104 ----a-w E:\WINDOWS\system32\nvwrsfi.dll 2007-10-05 02:25 3,629,056 ----a-w E:\WINDOWS\system32\nvvitvsr.dll 2007-10-05 02:25 3,551,232 ----a-w E:\WINDOWS\system32\nvvitvs.dll 2007-10-05 02:25 3,334,144 ----a-w E:\WINDOWS\system32\nvgames.dll 2007-10-05 02:25 3,166,208 ----a-w E:\WINDOWS\system32\nvgamesr.dll 2007-10-05 02:25 299,008 ----a-w E:\WINDOWS\system32\nvwrssk.dll 2007-10-05 02:25 299,008 ----a-w E:\WINDOWS\system32\nvwrsno.dll 2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrssv.dll 2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrspl.dll 2007-10-05 02:25 294,912 ----a-w E:\WINDOWS\system32\nvwrsda.dll 2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvwrseng.dll 2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvwrscs.dll 2007-10-05 02:25 286,720 ----a-w E:\WINDOWS\system32\nvnt4cpl.dll 2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvwrsar.dll 2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrsfr.dll 2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrses.dll 2007-10-05 02:25 282,624 ----a-w E:\WINDOWS\system32\nvrsel.dll 2007-10-05 02:25 278,528 ----a-w E:\WINDOWS\system32\nvwrshe.dll 2007-10-05 02:25 278,528 ----a-w E:\WINDOWS\system32\nvrsde.dll 2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrspt.dll 2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrsnl.dll 2007-10-05 02:25 274,432 ----a-w E:\WINDOWS\system32\nvrsesm.dll 2007-10-05 02:25 270,336 ----a-w E:\WINDOWS\system32\nvrsru.dll 2007-10-05 02:25 266,240 ----a-w E:\WINDOWS\system32\nvrsptb.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20fdcbd4-adf0-4225-9558-36413481fbfa}] 2007-11-11 23:34 79936 --a------ E:\WINDOWS\system32\laaqvywd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="E:\Programme\Dell\QuickSet\quickset.exe" [2007-05-14 13:23] "IntelZeroConfig"="E:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 15:32] "IntelWireless"="E:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 15:30] "SynTPEnh"="E:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-10-05 03:25] "nwiz"="nwiz.exe" [2007-10-05 03:25 E:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="E:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57] "NBKeyScan"="E:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51] "Adobe Reader Speed Launcher"="E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "QuickTime Task"="E:\Programme\QuickTime\QTTask.exe" [2007-06-29 05:24] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 E:\WINDOWS\stsystra.exe] "F-Secure Manager"="E:\Programme\F-Secure Internet Security\Common\FSM32.exe" [] "F-Secure TNB"="E:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" [] "AVP"="E:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51] "DWPersistentQueuedReporting"="E:\PROGRA~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.exe" [2007-02-26 09:01] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 03:25] "74351e6e"="E:\WINDOWS\system32\hijvfaes.dll" [2007-11-11 23:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="E:\Programme\ICQ6\ICQ.exe" [2007-08-08 16:03] "Skype"="E:\Programme\Skype\Phone\Skype.exe" [2007-09-13 12:31] "DAEMON Tools Pro Agent"="E:\Programme\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08] "Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2007-10-05 08:31] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35] "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjigh] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 E:\WINDOWS\system32\ssttt.dll R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe R3 guardian2;guardian2;E:\WINDOWS\system32\Drivers\oz776.sys S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys S3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys S3 NUVision;NUVision II Video Service;E:\WINDOWS\system32\DRIVERS\nuvvid2.sys S3 vmh;Virtual Machine-Hilfsdienst;"E:\Programme\Microsoft Virtual Server\vmh.exe" -service S4 F-Secure Filter;F-Secure File System Filter;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\E:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys S4 Virtual Server;Virtual Server;"E:\Programme\Microsoft Virtual Server\vssrvc.exe" . Inhalt des "geplante Tasks" Ordners "2007-11-05 13:24:03 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - E:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 10:57:57 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2007-11-12 11:04:23 - machine was rebooted . --- E O F --- |
13.11.2007, 00:24 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Ruckelt in skype bzw in Internet! Boah! Dein System ist ja echt derbe zugemüllt mit offensichtlichen Schädlingsdateien. Beachte, dass eine Bereinigung niemals für Sicherheit steht und die oft langwierige Prozedur quasi für nichts sein und wieder nichts sein kann. Entscheide dich entweder für die sichere oder aber die unsichere Lösung.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.11.2007, 09:20 | #8 |
| System Ruckelt in skype bzw in Internet! Ich kann immo leider nicht Neu installieren da mein Laptop auch mein Firmen PC ist und ich dann sehr viel sichern muss und jede gesicherte datei kann ja Potentiell auch wieder Gefährlich sein.. Denke ich mal! Also muss ich jetzt wohl erst mal den Langen (unsicheren) prozess wähln würde mich freuen wenn du mir genauer aufzeigen kannst welcher Virus wo ist? Danke schon mal! mfg Lars |
13.11.2007, 12:59 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Ruckelt in skype bzw in Internet!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu System Ruckelt in skype bzw in Internet! |
adobe, appinit_dlls, bho, bonjour, computer, drivers, excel, explorer, f-secure, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, log's, logfile, mozilla, mozilla firefox, problem, registry, rundll, s-1-5-18, security, senden, sicherheit, software, system, trend micro, unknown file in winsock lsp, urlsearchhook, windows, windows xp |