Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn (https://www.trojaner-board.de/40173-tr-dldr-conhook-gen-treibt-mich-wahnsinn.html)

Dr.Phoenix 20.06.2007 21:29
TR/Dldr.ConHook.Gen treibt mich in den Wahnsinn
 
Guten Abend,
habe mir anscheinend bei einer inoffiziellen software einen Trojaner eingefangen, den mir AntiVir als TR/Dldr.ConHook.Gen identifiziert.
Bin für jede Hilfe dankbar. Hier meine Logs:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 20:51:10, on 20.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SLEE503.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\PeerGuardian2\pg2.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Dominik\Desktop\HJT1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Aktuell informiert mit T-Online onNachrichten
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\awtsqpm.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FC1E6610-A16F-4F77-84B8-BA3E5E5F60D3} - C:\WINDOWS\system32\awvvt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19b215c2...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124101079593
O18 - Protocol: bw+0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CB5A2D35-427F-4871-94EE-094F21E4163D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtsqpm - C:\WINDOWS\SYSTEM32\awtsqpm.dll
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Verzeichnis von C:\WINDOWS\system32

20.06.2007  20:51            12.264 tvvwa.ini
20.06.2007  20:12            3.284 ANIWZCS{93DE43EE-39BE-4884-8C60-6DE5094B90A5}
20.06.2007  20:11            28.930 nvapps.xml
20.06.2007  20:11            1.158 wpa.dbl
20.06.2007  16:32            6.530 tvvwa.bak1
20.06.2007  16:31          266.336 awvvt.dll
20.06.2007  16:26          332.280 FNTCACHE.DAT
20.06.2007  15:56            31.254 awtsqpm.dll
12.06.2007  19:31          426.516 perfh007.dat
12.06.2007  19:31          412.608 perfh009.dat
12.06.2007  19:31            67.796 perfc009.dat
12.06.2007  19:31            80.196 perfc007.dat
12.06.2007  19:31          948.896 PerfStringBackup.INI
06.06.2007  09:53          407.152 pr2agqwb.exe
06.06.2007  08:38        15.747.032 MRT.exe
31.05.2007  08:45            4.816 divxsm.tlb
31.05.2007  08:45          524.288 DivXsm.exe
31.05.2007  08:44          823.296 divx_xx07.dll
31.05.2007  08:44          823.296 divx_xx0c.dll
31.05.2007  08:44          802.816 divx_xx11.dll
31.05.2007  08:44          740.442 DivX.dll
31.05.2007  08:44          638.976 divxdec.ax
19.05.2007  22:08            86.016 ElbyCDIO.dll
16.05.2007  19:55          407.152 pr2agqwc.exe
16.05.2007  17:11          683.520 inetcomm.dll
14.05.2007  22:35              173 TEMPSCP.SCP
14.05.2007  22:35              173 USER.SCP


Verzeichnis von C:\DOKUME~1\Dominik\LOKALE~1\Temp

20.06.2007  20:51            16.384 ~DF7F79.tmp
20.06.2007  20:42              289 datFind.zip
20.06.2007  20:12                0 JET32CE.tmp
13.07.2006  19:18            24.613 IadHide5.dll


Verzeichnis von C:\WINDOWS

20.06.2007  20:10              315 wiadebug.log
20.06.2007  20:10        1.349.593 WindowsUpdate.log
20.06.2007  20:10                50 wiaservc.log
20.06.2007  20:10                0 0.log
20.06.2007  20:10            2.048 bootstat.dat
20.06.2007  20:09            32.640 SchedLgU.Txt
20.06.2007  17:40          693.705 setupapi.log
20.06.2007  17:26              276 _delis32.ini
20.06.2007  15:03            7.779 mozver.dat
18.06.2007  21:08              116 NeroDigital.ini

Verzeichnis von C:\WINDOWS\Temp

 Verzeichnis von C:\WINDOWS\Downloaded Program Files

25.07.2002  17:13            24.576 dwusplay.dll
25.07.2002  17:13          196.608 dwusplay.exe
25.07.2002  17:05          172.032 isusweb.dll


Verzeichnis von C:\

20.06.2007  20:54                0 sys.txt
20.06.2007  20:54              392 down.txt
20.06.2007  20:53              113 tmp.txt
20.06.2007  20:53            16.937 system.txt
20.06.2007  20:52              438 systemtemp.txt
20.06.2007  20:51          114.088 system32.txt
20.06.2007  20:10    1.073.270.784 hiberfil.sys
20.06.2007  20:10      402.653.184 pagefile.sys
16.06.2007  15:14                45 TEST.XML
18.11.2006  15:50            47.564 NTDETECT.COM
18.11.2006  15:50          251.184 ntldr
18.11.2006  15:12              192 boot.ini
18.11.2005  14:23                0 temp.ch
28.02.2005  16:49              112 sphjfix.log
20.05.2004  23:50            86.016 SpHjfix.exe
20.05.2004  15:28              138 SND.reg
05.04.2003  14:22            11.504 contact.dat

Vielen Dank fürs durchlesen!
13.06.2007  15:47          255.012 comsetup.log
13.06.2007  15:47          155.615 ntdtcsetup.log
13.06.2007  15:47          175.260 iis6.log
13.06.2007  15:47            34.111 ocmsn.log
13.06.2007  15:47            1.374 imsins.log
13.06.2007  15:47          419.365 tsoc.log
13.06.2007  15:47            22.045 KB929123.log
13.06.2007  15:47          536.039 ocgen.log
13.06.2007  15:47            54.427 msgsocm.log
13.06.2007  15:47        1.093.072 FaxSetup.log
13.06.2007  15:47          110.392 updspapi.log
13.06.2007  15:46            1.374 imsins.BAK
13.06.2007  15:46            18.864 KB935840.log
13.06.2007  15:44            18.516 KB935839.log
13.06.2007  15:44            24.057 KB933566-IE7.log
12.06.2007  19:31            3.723 dahotfix.log
12.06.2007  19:31            19.544 dasetup.log
08.06.2007  21:02            5.270 setupact.log
05.06.2007  18:32          321.824 DirectX.log
26.05.2007  12:42                10 popcinfo.dat
26.05.2007  12:33            1.041 win.ini
23.05.2007  17:33            7.694 KB927891.log
14.05.2007  21:30                74 YNNHOJED.DLL
09.05.2007  20:53        2.359.350 IrfanView_Wallpaper.bmp

Dr.Phoenix 20.06.2007 21:30
Habe nun einmal VundoFix laufen lassen, der auch prompt was gefunden hat. Da aber immer noch eine Datei als Trojaner identifiziert wird, hier mein Combofix-Log:
Code:
ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe
"Dominik" - 2007-06-20 22:03:28 - Service Pack 2  NTFS 


(((((((((((((((((((((((((  Files Created from 2007-05-20 to 2007-06-20  )))))))))))))))))))))))))))))))


2007-06-20 21:47        2,097,152        --ah-----        C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2007-06-20 21:47        <DIR>        dr-h-----        C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Startmen
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Favoriten
2007-06-20 21:47        <DIR>        dr-------        C:\DOKUME~1\ADMINI~1\Eigene Dateien
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Vorlagen
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-06-20 21:47        <DIR>        d--h-----        C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\WINDOWS
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\InterTrust
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\Help
2007-06-20 21:47        <DIR>        d--------        C:\DOKUME~1\ADMINI~1\ANWEND~1\CyberLink
2007-06-20 21:26        <DIR>        d--------        C:\VundoFix Backups
2007-06-20 21:05        49,152        --a------        C:\WINDOWS\nircmd.exe
2007-06-20 17:40        <DIR>        d--------        C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 15:56        427,864        --a------        C:\WINDOWS\system32\XceedZip.dll
2007-06-20 15:56        31,254        ---------        C:\WINDOWS\system32\awtsqpm.dll
2007-06-20 15:55        <DIR>        d--------        C:\Programme\DriverGenius
2007-06-16 16:53        <DIR>        d--------        C:\CloneDVDTemp
2007-06-16 16:41        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ahead
2007-06-15 11:33        <DIR>        d--------        C:\Programme\FreePDF_XP
2007-06-15 11:33        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\FreePDF
2007-06-12 19:40        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\ENotebook 10.0
2007-06-12 19:38        <DIR>        d--------        C:\Programme\ProWorks
2007-06-12 19:37        <DIR>        d--------        C:\DOKUME~1\ALLUSE~1\ANWEND~1\CambridgeSoft
2007-06-12 19:31        33,340        ---------        C:\WINDOWS\system32\dbmsqlgc.dll
2007-06-12 19:31        24,576        ---------        C:\WINDOWS\system32\dbmsgnet.dll
2007-06-12 19:30        <DIR>        d--------        C:\Programme\Microsoft SQL Server
2007-06-12 14:21        <DIR>        d--------        C:\Programme\CambridgeSoft
2007-06-12 13:48        <DIR>        d--------        C:\Programme\PeerGuardian2
2007-06-06 09:53        64,880        --a------        C:\WINDOWS\system32\drivers\pe3agqwb.sys
2007-06-06 09:53        407,152        --a------        C:\WINDOWS\system32\pr2agqwb.exe
2007-06-06 09:52        55,160        --a------        C:\WINDOWS\system32\drivers\ps6agqwb.sys
2007-06-05 19:13        <DIR>        d--------        C:\Programme\DAEMON Tools
2007-06-05 18:35        49,536        --a------        C:\WINDOWS\system32\drivers\ahtuezr3.sys
2007-06-01 17:39        <DIR>        d--------        C:\Programme\Skype
2007-06-01 17:39        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Skype
2007-05-31 23:24        <DIR>        d--------        C:\Programme\iPod
2007-05-31 08:45        524,288        --a------        C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44        823,296        --a------        C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44        823,296        --a------        C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44        802,816        --a------        C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44        740,442        --a------        C:\WINDOWS\system32\DivX.dll


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 18:09:14        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\uTorrent
2007-06-20 17:26:24        --------        d-----w        C:\Programme\Tunebite
2007-06-20 15:41:03        --------        d--h--w        C:\Programme\WindowsUpdate
2007-06-20 14:33:13        --------        d--h--w        C:\Programme\InstallShield Installation Information
2007-06-20 13:03:50        7,779        ----a-w        C:\WINDOWS\mozver.dat
2007-06-16 14:27:32        --------        d-----w        C:\Programme\Elaborate Bytes
2007-06-14 14:32:44        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Skype
2007-06-13 05:27:09        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\ICQ
2007-06-12 17:31:44        80,196        ----a-w        C:\WINDOWS\system32\perfc007.dat
2007-06-12 17:31:44        426,516        ----a-w        C:\WINDOWS\system32\perfh007.dat
2007-06-08 16:32:30        --------        d-----w        C:\Programme\DivX
2007-06-06 18:10:48        --------        d-----w        C:\Programme\Gemeinsame Dateien\Sony Shared
2007-06-06 18:10:13        --------        d-----w        C:\Programme\Video Store
2007-06-06 18:09:31        --------        d-----w        C:\Programme\Gemeinsame Dateien\Ulead Systems
2007-06-05 16:59:39        685,816        ----a-w        C:\WINDOWS\system32\drivers\sptd.sys
2007-06-02 11:05:55        --------        d-----w        C:\Programme\PartyGaming.Net
2007-06-01 15:20:58        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\MyPhoneExplorer
2007-05-31 21:24:36        --------        d-----w        C:\Programme\iTunes
2007-05-26 10:42:34        10        ----a-w        C:\WINDOWS\popcinfo.dat
2007-05-19 20:08:25        86,016        ----a-w        C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 17:55:20        407,152        ----a-w        C:\WINDOWS\system32\pr2agqwc.exe
2007-05-16 17:55:02        64,880        ----a-w        C:\WINDOWS\system32\drivers\pe3agqwc.sys
2007-05-16 17:54:44        55,160        ----a-w        C:\WINDOWS\system32\drivers\ps6agqwc.sys
2007-05-16 15:11:44        683,520        ----a-w        C:\WINDOWS\system32\inetcomm.dll
2007-05-15 18:07:55        --------        d-----w        C:\Programme\Ulead CD & DVD PictureShow 4
2007-05-14 21:37:47        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Ulead Systems
2007-05-14 21:35:55        --------        d-----w        C:\Programme\Gemeinsame Dateien\InstallShield
2007-05-14 19:56:38        --------        d-----w        C:\Programme\Shareaza
2007-05-14 19:56:33        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Shareaza
2007-05-14 19:30:02        74        ---ha-w        C:\WINDOWS\YNNHOJED.DLL
2007-05-14 18:32:17        --------        d-----w        C:\Programme\Gemeinsame Dateien\InterVideo
2007-05-14 18:31:12        --------        d-----w        C:\Programme\Windows Media Components
2007-05-14 14:22:59        --------        d-----w        C:\Programme\MyPhoneExplorer
2007-05-14 14:21:50        --------        d-----w        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-05-14 14:21:46        --------        d-----w        C:\Programme\Mobile Master
2007-05-14 13:54:07        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\Mobile Master
2007-05-10 09:59:55        --------        d-----w        C:\Programme\QuickTime
2007-05-09 18:16:32        --------        d-----w        C:\Programme\Trillian
2007-05-08 17:40:53        --------        d-----w        C:\Programme\rlw32
2007-05-07 12:45:59        --------        d-----w        C:\Programme\ICQ6
2007-05-02 16:01:12        --------        d-----w        C:\DOKUME~1\Dominik\ANWEND~1\tunebite
2007-04-26 14:12:15        --------        d-----w        C:\Programme\Radiograbber
2007-04-25 14:22:27        144,896        ----a-w        C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29        3,596,288        ----a-w        C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18        200,704        ----a-w        C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18        1,044,480        ----a-w        C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34        73,728        ----a-w        C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34        196,608        ----a-w        C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33        53,248        ----a-w        C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31        593,920        ----a-w        C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31        57,344        ----a-w        C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31        344,064        ----a-w        C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31        294,912        ----a-w        C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31        294,912        ----a-w        C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47        12,288        ----a-w        C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46        124,472        ----a-w        C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:13:24        2,854,400        ----a-w        C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36        33,624        ----a-w        C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54        1,710,936        ----a-w        C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48        549,720        ----a-w        C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42        325,976        ----a-w        C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36        203,096        ----a-w        C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28        92,504        ----a-w        C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20        53,080        ----a-w        C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20        43,352        ----a-w        C:\WINDOWS\system32\wups2.dll
2007-04-15 18:11:56        43,520        ----a-w        C:\WINDOWS\system32\CmdLineExt03.dll
2004-12-13 12:08:48        56        --sh--r        C:\WINDOWS\system32\F5904193E3.sys


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{066A2CDC-319E-4460-BA45-C24562CD51AA}=C:\WINDOWS\system32\awtsqpm.dll [2007-06-20 15:56]
{6A7E5524-010E-4773-B916-E7E5B8445336}=C:\WINDOWS\system32\awvvt.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 21:20 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 18:06]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-02-27 21:08]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-13 19:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-04-25 12:29]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"PeerGuardian"="C:\Programme\PeerGuardian2\pg2.exe" [2005-09-18 18:40]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SSS6_Suite"="C:\Programme\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Programme\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Programme\Steganos Security Suite 6\spm.exe" /booting

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
"{066A2CDC-319E-4460-BA45-C24562CD51AA}"="C:\WINDOWS\system32\awtsqpm.dll" [2007-06-20 15:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpm]
awtsqpm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APITRAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OpenMG Jukebox Startup.lnk]
backup=C:\WINDOWS\pss\OpenMG Jukebox Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLMIcon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
C:\Programme\Classic PhoneTools\CapFax.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Inet Xp..]
teekids.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MJStarter]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Programme\Registry Clean Expert\RCScheduler.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"mmtask"="C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"


Contents of the 'Scheduled Tasks' folder
2007-06-08 15:17:43  C:\WINDOWS\tasks\1-Click Maintenance.job
2007-04-15 09:41:01  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 22:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 22:09:51
C:\ComboFix-quarantined-files.txt ... 2007-06-20 22:09
C:\ComboFix2.txt ... 2007-06-20 21:19

        --- E O F ---

Dr.Phoenix 22.06.2007 15:22
Hat sich erledigt:
http://www.hijackthis-forum.de/showthread.php?t=23490


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20