republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » HJT Log - Changes Windows Background automatically
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
[Spyware] HJT Log »
« [Vundo] Vundo again.. can I get help 1 more time..  
AuthorAll Replies


Jenni

@arcor-ip.net

reply to Jenni
Re: HJT Log - Changes Windows Background automatically

First i want to thank you very much for your help!!

So here the are the log-files:

mbam-log-7-9-2008 (16-47-21).txt

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 930
Windows 5.1.2600 Service Pack 2

16:47:26 09.07.2008
mbam-log-7-9-2008 (16-47-21).txt

Scan Art: Schnell Scan
Objekte gescannt: 39130
Scan Dauer: 3 minute(s), 31 second(s)

Infizierte Speicher Prozesse: 1
Infizierte Speicher Module: 3
Infizierte Registrierungsschlüssel: 42
Infizierte Registrierungswerte: 2
Infizierte Datei Objekte der Registrierung: 5
Infizierte Verzeichnisse: 1
Infizierte Dateien: 78

Infizierte Speicher Prozesse:
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> No action taken.

Infizierte Speicher Module:
C:\WINDOWS\system32\ulrofafb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yaywvWPG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qomNefcA.dll (Trojan.Vundo) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f993b06-1230-40fb-96e9-ea62844695b5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6f993b06-1230-40fb-96e9-ea62844695b5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomnefca (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> No action taken.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yaywvwpg -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\uoyzsydz.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yaywvwpg -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\Programme\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> No action taken.

Infizierte Dateien:
C:\WINDOWS\system32\yaywvWPG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\GPWvwyay.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\GPWvwyay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ulrofafb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bfaforlu.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> No action taken.
C:\WINDOWS\mrofinu572.exe (Trojan.DownLoader) -> No action taken.
C:\WINDOWS\mrofinu572.exe.tmp (Trojan.DownLoader) -> No action taken.
C:\WINDOWS\system32\lcntktdm.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\rswnw64m.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\x.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\y.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> No action taken.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\tuvSmkhg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qomNefcA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnlJARI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifdbYon.dll (Trojan.Vundo) -> No action taken.

ComboFix.txt

ComboFix 08-07-08.5 - Administrator 2008-07-09 16:58:24.1 - NTFSx86
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Administrator\Desktop\CFscript.txt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\mrofinu572.exe
C:\windows\system32\rswnw64m.exe
C:\WINDOWS\system32\uoyzsydz.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Deewoo.lnk
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\DW_Start.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\444.470
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Service_clbdriver

((((((((((((((((((((((( Dateien erstellt von 2008-06-09 bis 2008-07-09 ))))))))))))))))))))))))))))))
.

2008-07-09 16:41 . 2008-07-09 16:41 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-09 16:41 . 2008-07-09 16:41 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-09 16:41 . 2008-07-09 16:41 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2008-07-09 16:41 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 16:41 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 09:44 . 2008-07-09 09:44 d-------- C:\Programme\Trend Micro
2008-07-09 09:33 . 2008-07-09 09:33 d-------- C:\Programme\CCleaner
2008-07-08 23:00 . 2008-07-09 16:48 81,104 --------- C:\WINDOWS\system32\ulrofafb.dll
2008-07-08 22:59 . 2008-07-09 16:48 314,656 --------- C:\WINDOWS\system32\yaywvWPG.dll
2008-07-08 22:59 . 2008-07-09 16:49 1,435 --ahs---- C:\WINDOWS\system32\GPWvwyay.ini
2008-07-08 22:46 . 2008-07-08 22:46 d-------- C:\WINDOWS\system32\ver
2008-07-08 22:46 . 2008-07-08 22:46 d-------- C:\WINDOWS\system32\olixds01
2008-07-08 22:46 . 2008-07-08 22:46 d-------- C:\WINDOWS\system32\IP3
2008-07-08 22:46 . 2008-07-08 22:46 d-------- C:\WINDOWS\system32\dapi
2008-07-08 22:46 . 2008-07-08 22:46 d-------- C:\Temp\stmpv4
2008-07-08 22:46 . 2008-07-09 16:58 d-------- C:\Temp
2008-07-08 22:46 . 2008-07-08 22:46 dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-07-08 22:46 . 2008-07-09 08:55 dr-h----- C:\$VAULT$.AVG
2008-07-08 22:46 . 2008-07-08 22:46 152,259 --a------ C:\WINDOWS\system32\g65.exe
2008-07-08 22:46 . 2008-07-09 16:48 26,016 --------- C:\WINDOWS\system32\qomNefcA.dll
2008-07-08 22:46 . 2004-11-11 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-05 07:05 . 2008-07-05 07:05 32,768 --a------ C:\WINDOWS\system32\olixds01\olixds011065.exe
2008-06-10 15:50 . 2008-06-10 15:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 15:50 . 2008-06-10 15:50 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:55 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG7
.

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08, on 2008-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Synaptics\SynTP\SynMedion.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072308 serial=DR12WEX-1502297-EBB lang=DE
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe

--
End of file - 6077 bytes
to forum · permalink · 2008-07-09 11:17:32 · Reply to this
-
Forums » Up and Running » Security » Security Cleanup[Spyware] HJT Log »
« [Vundo] Vundo again.. can I get help 1 more time..  

Sunday, 29-Nov 02:11:11 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [73] Weekend Open Thread
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· [Newsgroups] Newzleech down? [Filesharing Software]
· [Future9] Future9 status [VOIP Tech Chat]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Road Runnner up to 50 mbps is ready ! [Road Runner]