Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tr/fraudpack.26624 + Rkit/clbd.jg + Tr/dldr.small.acri + Tr/peed.a.744 ; A.exe, Ark269.tmp, Tdssadw.dll, Tdssl.dll, Tdssserv.sys


  • Please log in to reply
1 reply to this topic

#1 ringen00

ringen00

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 September 2008 - 01:01 PM

TR/FraudPack.26624 + RKIT/Clbd.JG + TR/Dldr.small.acri + TR/Peed.A.744 ; a.exe, ARK269.tmp, tdssadw.dll, tdssl.dll, tdssserv.sys

Hello !
Anyone there who could please check my hjt-logfile - am I still infected?


Hallo!
Habe Windows XP Home mit Avira Antivir Personel.
Vorgestern Nacht habe ich mir einen oder mehrere Trojaner eingefangen.
Aufgefallen ist mir das Ganze weil im Lauf des Tages der Desktop zweimal
einfror und mich so zu einem Warmstart zwang.
Zuerst schrieb ich es der starken cpu-Auslastung zu (der Rechner musste
einige Aufgaben für mich erfüllen :-) ) - im Taskmanager fand ich dann den
Prozess "a.exe" . Bei der Gelegenheit fand ich heraus das ich zu ff. Seiten
nicht mehr connecten konnte : http://w*w.virustotal.com/de/ und
ht*p://virusscan.jotti.org/
Soweit ich mich erinnern konnte deaktivierte ich die Internetverbindung
und lies Antivir und Clamwin scannen.
Antivir fand dann auch Obenstehendes und entfernte alles - Clamwin fand
(wie ich später online checken konnte) leider nur fakes.
Aufgrund der bereits stattgefundenen OS-Modifikationen entschloss
ich mich einen früheren Wiederherstellungspunkt zu benutzen.
Ja, bei "log"-Dateien war im Editor nur ein komisches "H" zu sehen und anschliessend stürtze der nämlich ab. Konnte also auch kein HJT-file abspeichern geschweige denn einsehen.
Nach Wiederherstellung des Rechnerzustandes von vor zwei Tagen fand
Avira immer noch das RootKit (gleich beim Start) und die restlichen zwei Trojaner was mich dazu bewog einen Tag früher wiederherzustellen.
Avira fand nun nichts und alle vermissten features sind wieder wohl auf :-)
Trotzdem hier mal mein Log-file - sicherheitshalber :-))


------------------------------------------------------------------

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 11:43:12, on 04.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\UPHClean\uphclean.exe
C:\Programme\USBDLM\USBDLM.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\z2 Remote2PC\R2PCServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\z2 Remote2PC\R2PCSH.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Compaq\EAB\EABSERVR.EXE
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\JetToolBar\JetTB.exe
c:\programme\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\BWMeter\crack\BWMeter.exe
C:\Programme\Opera\Opera.exe
C:\Programme\MSGTAG\MSGTAG.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.ringe-saito.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0407&s=search&ap=b204
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = file://C:\tor.pac
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O3 - Toolbar: D-Info - {CB736FF0-1D72-11D6-BF3C-005056303009} - C:\Programme\D\D-Info\dinfoband.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Programme\WinSweep\SurfBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [z2 R2PC Server Helper] "C:\Programme\z2 Remote2PC\R2PCSH.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\Compaq\EAB\EABSERVR.EXE /Start
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [TCMMouse] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGuard] "C:\Programme\FlashGuard\FlashGuard.exe" -run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programme\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSGTAG] "C:\Programme\MSGTAG\MSGTAG.exe" /startup
O4 - HKCU\..\Run: [Access Folders] C:\Programme\Shelltoys\Access Folders\afolders.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [Message-Bob] "C:\Programme\Message-Bob\Message-Bob.exe" /a
O4 - HKCU\..\Run: [Quicknote] "C:\Programme\Quicknote\Quicknote.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - Startup: Camsplitter.lnk.disabled
O4 - Startup: ClickYes.lnk = C:\Programme\Express ClickYes\ClickYes.exe
O4 - Startup: DeskTask.lnk = C:\Programme\DeskTask\DeskTask.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MouseDrv.lnk = C:\Programme\TCM Mouse\MouseDrv.exe
O4 - Startup: Mp3tag Quick Pick.lnk.disabled
O4 - Startup: Stickies.lnk = C:\Programme\stickies\stickies.exe
O4 - Startup: TitleTime.lnk = C:\Programme\TitleTime\TiTime.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: IP Monitor.lnk.disabled
O4 - Global Startup: jetToolBar.lnk = C:\Programme\JetToolBar\JetTB.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Server4PC.lnk.disabled
O4 - Global Startup: Sunnysoft Backup Manager.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Programme\Advanced%20Email%20Extractor%20PRO\Ae ePMsie.dll/page.html
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Druid: Download All Files - C:\Programme\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Programme\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: pdaConverter - C:\Programme\pdaConverter 1.3\convert_url.htm
O8 - Extra context menu item: Scan link with AEE - res://C:\Programme\Advanced%20Email%20Extractor%20PRO\Ae ePMsie.dll/link.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra button: BINGOOO - {2067FDE0-415A-43F4-B136-3E6A29C1A571} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: GWlinks - {271DAF49-8334-46ae-B163-B40B9F0CDA8B} - "C:\Programme\gwlinks\gwlinks.exe" (file missing)
O9 - Extra 'Tools' menuitem: GWlinks - Der URL-Manager - {271DAF49-8334-46ae-B163-B40B9F0CDA8B} - "C:\Programme\gwlinks\gwlinks.exe" (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: D-Info - {5baf1db0-1d34-11d6-bf3c-005056303009} - C:\Programme\D\D-Info\dinfoband.dll
O9 - Extra 'Tools' menuitem: D-Info - {5baf1db0-1d34-11d6-bf3c-005056303009} - C:\Programme\D\D-Info\dinfoband.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Programme\XemiComputers\Download Druid\DruidBar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Programme\Advanced%20Email%20Extractor%20PRO\Ae ePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Programme\Advanced%20Email%20Extractor%20PRO\Ae ePMsie.dll/page.html (file missing) (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203951697536
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206285255994
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/111...geUploader3.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4BDAA9-2840-4B1F-9148-B1FCBD4EF47F}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{70A7792B-E626-4717-9643-9FF20E3CC02E}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Programme\DynDNS Updater\DynDNS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.ex e
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MusicIP Server - Unknown owner - C:\Programme\MusicIP\MusicIP Mixer\MusicMagicServer.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Programme\CardReader2.0\OTiReader.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Programme\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Programme\USBDLM\USBDLM.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - z2 Software - C:\Programme\z2 Remote2PC\R2PCServ.exe

--
End of file - 18770 bytes
----------------------------------------------------------------

Vielen Danke im vorraus fürs checken und jegliche Hinweise und Tipps!
Habe übrigens bei meiner Trojaner-Online-Recherche immerhin schon herausgefunden dass das Geburtsdatum meiner Bedrohungen im August 08
war. Auch sollen sie "gepackt" dahergekommen sein.
Meine Konsequenzen und den Tathergang schreibe ich gerne bei nächster Gelegenheit hier dazu :-)

Gruss
ringen00

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:49 AM

Posted 21 September 2008 - 08:47 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users