Results 1 to 3 of 3

Thread: comsa32.sys, refpron, and some other trojans - please help me

  1. 2009-03-28, 12:30 #1
    buxul
    buxul is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default comsa32.sys, refpron, and some other trojans - please help me

    I've got the notebook from a colleague of my wife, which have some odd behavior? Spybot showed me some trojans, refpron, and some others, which spybot could remove. But refpron it can't remove.

    The HJT-Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:10:08, on 28.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\tdctxte.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Programme\ClamWin\bin\ClamTray.exe
    C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Programme\Real\RealPlayer\RealPlay.exe
    C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
    C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE
    C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Programme\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\Dokumente und Einstellungen\hilke\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Programme\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EEventManager] C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe"
    O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
    O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
    O4 - HKCU\..\Run: [QUAD Windows service] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
    O4 - HKCU\..\Run: [QUAD Scheduler] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166206758379
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote 2008 (Remote_Server_2008) - IniCom Networks, Inc. - C:\Programme\Remote\Remote.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)
    O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

    --
    End of file - 9388 bytes

    ddr.scr provides dds.txt:


    DDS (Ver_09-03-16.01) - FAT32x86
    Run by hilke at 12:21:46,09 on 28.03.2009
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.117 [GMT 1:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    SVCHOST.EXE
    SVCHOST.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\tdctxte.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Programme\ClamWin\bin\ClamTray.exe
    C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Programme\Real\RealPlayer\RealPlay.exe
    C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\PROGRA~1\T-Online\ISDNSP~1\Tomcat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
    C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE
    C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Programme\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\Programme\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Dokumente und Einstellungen\hilke\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.de/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://global.acer.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\googletoolbar2.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [updateMgr] "c:\programme\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [T-Online_Software_6\WLAN-Access Finder] c:\programme\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
    uRun: [InfoCockpit] c:\programme\t-online\t-online_software_6\info-cockpit\IC_START.EXE /nosplash
    uRun: [QUAD Windows service] c:\programme\quad utilities\quad registry cleaner\QUAD Registry Cleaner.exe -h
    uRun: [QUAD Scheduler] c:\programme\quad utilities\quad registry cleaner\QUAD Scheduler.exe
    mRun: [LaunchApp] Alaunch
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
    mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe
    mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
    mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
    mRun: [ClamWin] "c:\programme\clamwin\bin\ClamTray.exe" --logon
    mRun: [StatusClient 2.6] c:\programme\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
    mRun: [TomcatStartup 2.5] c:\programme\hewlett-packard\toolbox\hpbpsttp.exe
    mRun: [HP Software Update] "c:\programme\hewlett-packard\hp software update\HPWuSchd2.exe"
    mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [EEventManager] c:\programme\epson\creativity suite\event manager\EEventManager.exe
    mRun: [ISDN SpeedManager] "c:\progra~1\t-online\isdnsp~1\Tomcat.exe"
    mRun: [ToADiMon.exe] c:\programme\t-online\t-online_software_6\basis-software\basis1\ToADiMon.exe -TOnlineAutodialStart
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [T-Online_Software_6\WLAN-Access Finder] c:\programme\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
    dRun: [InfoCockpit] c:\programme\t-online\t-online_software_6\info-cockpit\IC_START.EXE /nosplash
    StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office\OSA9.EXE
    StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\winzip~1.lnk - c:\programme\winzip\WZQKPICK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166206758379
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath -

    ---- FIREFOX POLICIES ----
    c:\programme\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\programme\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
    c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

    ============= SERVICES / DRIVERS ===============

    R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
    R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
    R2 defaultlib;Service AntiVir;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-12-16 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-12-16 78208]
    R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\gemeinsame dateien\marmiko shared\MZCCntrl.exe [2006-12-19 61440]
    R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-6-30 7296]
    R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-1-14 4010]
    R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-8-4 176128]
    R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [2006-12-27 37568]
    R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\MACNDIS5.SYS [2006-12-19 17280]
    R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-9-13 4392]
    R3 TOMCATWAN;T-Online DynamicISDN (WDM);c:\windows\system32\drivers\WTOMCAT.sys [2006-12-28 173334]
    S2 netmantow;Network Ming;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 Remote_Server_2008;Remote 2008;c:\programme\remote\Remote.exe [2009-3-23 700928]
    S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe --> c:\windows\system32\sopidkc.exe [?]
    S3 fusbbase;AVM ISDN-Controller FRITZ!Card USB;c:\windows\system32\drivers\fusbbase.sys [2006-12-27 455296]
    S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\minfrais\MIINPazX.SYS [2006-12-19 17152]
    S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\t-online\t-onli~1\basis-~1\basis1\MTOnlPktAlyX.SYS [2006-8-9 17536]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-12-16 32512]

    =============== Created Last 30 ================

    2009-03-28 12:02 212,992 a------- c:\windows\system32\w.exe
    2009-03-28 12:02 212,992 a------- c:\windows\system32\tpszxyd.sys
    2009-03-28 12:02 176,128 a------- c:\windows\system32\afisicx.exe
    2009-03-28 12:02 86,016 a------- c:\windows\system32\2009321.dll
    2009-03-28 12:02 65,536 a------- c:\windows\system32\u12285315.dll
    2009-03-28 12:02 386,861 a------- c:\windows\system32\forx109293.exe
    2009-03-28 12:01 93,696 a------- c:\windows\system32\forx148813.exe
    2009-03-28 10:19 65,536 a------- c:\windows\system32\u10288120.dll
    2009-03-28 10:18 86,016 a------- c:\windows\system32\200931843.dll
    2009-03-28 10:18 386,861 a------- c:\windows\system32\forx722447.exe
    2009-03-28 10:18 73,216 a------- c:\windows\system32\forx996752.exe
    2009-03-27 20:15 93,696 a------- c:\windows\system32\forx222612.exe
    2009-03-27 20:07 722 a------- c:\windows\wininit.ini
    2009-03-27 19:39 <DIR> --d----- c:\programme\Spybot - Search & Destroy
    2009-03-27 19:39 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
    2009-03-27 19:29 65,536 a------- c:\windows\system32\u192728116.dll
    2009-03-27 19:29 386,861 a------- c:\windows\system32\forx597306.exe
    2009-03-27 19:29 86,016 a------- c:\windows\system32\200932910.dll
    2009-03-26 13:28 65,536 a------- c:\windows\system32\u132667129.dll
    2009-03-26 13:28 234,770 a------- c:\windows\system32\forx69150.exe
    2009-03-26 13:10 65,536 a------- c:\windows\system32\u132667126.dll
    2009-03-26 13:10 388,928 a------- c:\windows\system32\forx972996.exe
    2009-03-25 15:15 65,536 a------- c:\windows\system32\u152535957.dll
    2009-03-25 15:15 179,290 a------- c:\windows\system32\forx369612.exe
    2009-03-24 19:57 700,928 a------- c:\windows\system32\forx340691.exe
    2009-03-24 19:56 65,536 a------- c:\windows\system32\u192437521.dll
    2009-03-24 19:56 388,928 a------- c:\windows\system32\forx769946.exe
    2009-03-24 16:59 65,536 a------- c:\windows\system32\u162460952.dll
    2009-03-24 16:59 75,630 a------- c:\windows\system32\forx904937.exe
    2009-03-24 16:42 18,691 a------- c:\windows\system32\forx306516.exe
    2009-03-24 14:13 65,536 a------- c:\windows\system32\u142495341.dll
    2009-03-24 14:13 224,550 a------- c:\windows\system32\forx141326.exe
    2009-03-23 19:42 <DIR> --d----- c:\programme\Remote
    2009-03-23 19:41 389,536 a------- c:\windows\system32\forx381385.exe
    2009-03-23 19:41 65,536 a------- c:\windows\system32\u192364023.dll
    2009-03-23 19:40 65,536 a------- c:\windows\system32\2595500405723l.dll
    2009-03-23 19:40 65,536 a------- c:\windows\system32\2585468404723l.dll
    2009-03-23 19:40 65,411 a------- c:\windows\system32\forx693827.exe
    2009-03-23 19:40 65,536 a------- c:\windows\system32\2566734402923l.dll

    ==================== Find3M ====================

    2009-03-24 19:59 4,224 a------- c:\windows\system32\drivers\beep.sys
    2009-03-24 19:59 4,224 a------- c:\windows\system32\dllcache\beep.sys
    2009-02-09 15:04 1,846,912 a------- c:\windows\system32\win32k.sys
    2009-02-09 15:04 1,846,912 -------- c:\windows\system32\dllcache\win32k.sys

    ============= FINISH: 12:22:08,95 ===============
  2. 2009-03-28, 15:18 #2
    buxul
    buxul is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default please close thread

    because i now search help at www.hijackthis-forum.de and I don't want to crosspost, please remove this thread. Thank you
  3. 2009-03-28, 17:09 #3
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Quote Originally Posted by buxul View Post
    because i now search help at www.hijackthis-forum.de and I don't want to crosspost, please remove this thread. Thank you
    Thank you for letting us know
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules