Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte Logfile auswerten! (Routing.exe/Perfs.exe) (https://www.trojaner-board.de/48652-bitte-logfile-auswerten-routing-exe-perfs-exe.html)

paranetic 24.01.2008 13:09
Bitte Logfile auswerten! (Routing.exe/Perfs.exe)
 
Code:
Logfile of HijackThis v1.99.1
Scan saved at 13:04:25, on 24.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
G:\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
g:\eScan\VISTA\avpmapp.exe
g:\eScan\TRAYESER.EXE
g:\eScan\TRAYSSER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\routing.exe
G:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
G:\PTBSync\PTBSync.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\Java\jre1.6.0_03\bin\jusched.exe
G:\eScan\TRAYICOS.EXE
G:\eScan\ESERV.EXE
G:\EssentialPIM\EssentialPIM.exe
C:\WINDOWS\system32\ctfmon.exe
G:\eScan\MAILDISP.EXE
g:\eScan\MAILSCAN.EXE
G:\ESCAN\SPOOLER.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Programme\Logitech\Video\FxSvr2.exe
G:\ICQ6\ICQ.exe
G:\Mozilla Firefox\firefox.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\totalcmd\TOTALCMD.EXE
I:\Temp\Rar$EX02.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - g:\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - g:\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [PTBSync] G:\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [VGAUtil] C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eScan Updater] g:\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Server] g:\eScan\ESERV.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] g:\eScan\LAUNCH.EXE
O4 - HKCU\..\Run: [WallPaper] G:\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [EssentialPIM Pro] "G:\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Mit FlashGet laden - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: Alles mit NetXfer herunterladen - G:\NetXfer\NXAddList.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Herunterladen mit NetXfer - G:\NetXfer\NXAddLink.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CD1A35-3616-4E8E-BD40-3649A80E0FA8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C5F952-36C2-4A58-AA9A-2FEC65264C24}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  g:\outpos~1\g:\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - g:\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Management-Console (eScan-eServ) - MicroWorld Technologies Inc. - g:\eScan\TRAYESER.EXE
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - g:\eScan\TRAYSSER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
die automatische auswertung warnt vor einer "routing.exe" und einer "perfs.exe" ("Fuzzy Algorithmusprüfung (1.89 / 5.00), Schädlich")

Außerdem meldet antivir in letzter zeit immer wieder treffer, hab schon mit escan und antivir komplett gescannt, hat alles nichts geholfen...
danke schonmal!
http://img293.imageshack.us/img293/4074/vir3ne3.th.jpg
http://img337.imageshack.us/img337/4108/vir1nu5.th.jpg
http://img151.imageshack.us/img151/6575/vir2ob0.th.jpg


zur routing.exe bringt virus total dieses ergebnis:
Code:
Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2008.1.24.11        2008.01.24        -
AntiVir        7.6.0.48        2008.01.24        -
Authentium        4.93.8        2008.01.24        -
Avast        4.7.1098.0        2008.01.23        -
AVG        7.5.0.516        2008.01.24        Downloader.Generic6.AEXN
BitDefender        7.2        2008.01.24        Trojan.Agent.Delf.FQ
CAT-QuickHeal        9.00        2008.01.23        -
ClamAV        0.91.2        2008.01.24        -
DrWeb        4.44.0.09170        2008.01.24        -
eSafe        7.0.15.0        2008.01.16        -
eTrust-Vet        31.3.5482        2008.01.24        -
Ewido        4.0        2008.01.23        -
FileAdvisor        1        2008.01.24        -
Fortinet        3.14.0.0        2008.01.24        -
F-Prot        4.4.2.54        2008.01.24        -
F-Secure        6.70.13260.0        2008.01.24        -
Ikarus        T3.1.1.20        2008.01.24        Trojan.Agent.Delf.FQ
Kaspersky        7.0.0.125        2008.01.24        -
McAfee        5214        2008.01.23        -
Microsoft        1.3109        2008.01.24        -
NOD32v2        2819        2008.01.24        a variant of Win32/TrojanDownloader.Delf.OBC
Norman        5.80.02        2008.01.23        -
Panda        9.0.0.4        2008.01.23        -
Prevx1        V2        2008.01.24        Generic.Rootkit
Rising        20.28.31.00        2008.01.24        -
Sophos        4.24.0        2008.01.24        -
Sunbelt        2.2.907.0        2008.01.23        -
Symantec        10        2008.01.24        -
TheHacker        6.2.9.196        2008.01.23        -
VBA32        3.12.2.5        2008.01.21        suspected of Backdoor.XiaoBird.150 (paranoid heuristics)
VirusBuster        4.3.26:9        2008.01.23        -
Webwasher-Gateway        6.6.2        2008.01.24        -
weitere Informationen
File size: 32256 bytes
MD5: 3240aac8540893eaac76c7c438842200
SHA1: 89f1f7d43a3f6155061d4d96484bae46f1d66665
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=54BD10C900696B747EB400038D2C34006EB4F40F

Chris4You 24.01.2008 13:29
Hi,

bitte das hier abarbeiten:

Avenger
avenger.zip - The Avenger
Input script manually (anhaken)
kopiere in: View/edit script

Zitat:
Files to delete:
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten



Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Zitat:
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
Poste danach das Log von Combofix und ein neues HJ-Log:
Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Chris

paranetic 24.01.2008 13:38
wird gemacht, danke!

paranetic 24.01.2008 16:58
avenger log:
Code:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nmccgive

*******************

Script file located at: \??\C:\rjcetthm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\perfs.exe deleted successfully.
File C:\WINDOWS\system32\routing.exe deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Frischer Hijackthis-Log:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 16:57, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
G:\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
g:\eScan\VISTA\avpmapp.exe
g:\eScan\TRAYESER.EXE
g:\eScan\TRAYSSER.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
G:\PTBSync\PTBSync.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
G:\Java\jre1.6.0_03\bin\jusched.exe
G:\eScan\TRAYICOS.EXE
G:\eScan\ESERV.EXE
G:\EssentialPIM\EssentialPIM.exe
C:\WINDOWS\system32\ctfmon.exe
G:\eScan\MAILDISP.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wscntfy.exe
g:\eScan\MAILSCAN.EXE
G:\ESCAN\SPOOLER.EXE
C:\Programme\Logitech\Video\FxSvr2.exe
G:\eScan\Vista\eScanMon.exe
G:\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\daniel\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - g:\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - g:\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [PTBSync] G:\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [VGAUtil] C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eScan Updater] g:\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Server] g:\eScan\ESERV.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] g:\eScan\LAUNCH.EXE
O4 - HKCU\..\Run: [WallPaper] G:\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [EssentialPIM Pro] "G:\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Mit FlashGet laden - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: Alles mit NetXfer herunterladen - G:\NetXfer\NXAddList.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Herunterladen mit NetXfer - G:\NetXfer\NXAddLink.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CD1A35-3616-4E8E-BD40-3649A80E0FA8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C5F952-36C2-4A58-AA9A-2FEC65264C24}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  g:\outpos~1\g:\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - g:\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Management-Console (eScan-eServ) - MicroWorld Technologies Inc. - g:\eScan\TRAYESER.EXE
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - g:\eScan\TRAYSSER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

paranetic 24.01.2008 17:33
combofix-log:

Code:
ComboFix 08-01-23.2 - xxx 2008-01-24 16:33:02.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.610 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\xxx\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((  Weitere L”schungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\_003531_.tmp.dll
C:\WINDOWS\system32\_003687_.tmp.dll
C:\WINDOWS\system32\_003688_.tmp.dll
C:\WINDOWS\system32\_003689_.tmp.dll
C:\WINDOWS\system32\_003690_.tmp.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\btcusb.inf
C:\WINDOWS\system32\taskmgr.com

----- BITS: Possible infected sites -----

hxxp://gpdl.google.com
.
(((((((((((((((((((((((  Dateien erstellt von 2007-12-24 bis 2008-01-24  ))))))))))))))))))))))))))))))
.

2008-01-24 16:38 . 2008-01-24 16:38        5,112        --a------        C:\WINDOWS\GPCIDrv.sys
2008-01-24 16:38 . 2008-01-24 16:38        4        --a------        C:\WINDOWS\system32\GVTunner.ref
2008-01-24 16:38 . 2008-01-24 16:38        4        --a------        C:\WINDOWS\system32\GVGenl.ref
2008-01-24 16:31 . 2000-08-31 08:00        51,200        --a------        C:\WINDOWS\Nircmd.exe
2008-01-22 23:01 . 2008-01-22 23:02        253,952        --a------        C:\WINDOWS\system32\andt.sys
2008-01-21 14:48 . 2008-01-21 14:48        <DIR>        d--------        C:\WINDOWS\Blaiz Enterprises
2008-01-19 18:28 . 2008-01-19 18:28        46        --a------        C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-01-19 18:15 . 2008-01-19 18:28        <DIR>        d--------        C:\Programme\WinPcap
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\zts2.exe
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\system32\vcmgcd32.dll
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\system32\iifgfgf.dll
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\rundll16.exe
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\rundl132.dll
2008-01-19 14:01 . 2008-01-19 14:01        <DIR>        d-a------        C:\WINDOWS\logo1_.exe
2008-01-19 12:06 . 2008-01-23 16:53        45,056        --a------        C:\WINDOWS\system32\Indt2.sys
2008-01-19 12:03 . 2008-01-19 12:03        253,952        --a------        C:\WINDOWS\system32\ndt2.sys
2008-01-18 21:47 . 2008-01-24 14:10        54,156        --ah-----        C:\WINDOWS\QTFont.qfn
2008-01-18 21:47 . 2008-01-18 21:47        1,409        --a------        C:\WINDOWS\QTFont.for
2008-01-18 14:36 . 2008-01-18 14:36        332        --a------        C:\WINDOWS\DEFESMS.HTML
2008-01-18 14:36 . 2008-01-18 14:36        289        --a------        C:\WINDOWS\DEFESMS.VX
2008-01-18 13:23 . 2008-01-24 09:35        4,827        --a------        C:\WINDOWS\escan.dbf
2008-01-18 12:23 . 2008-01-18 12:23        20        --a------        C:\WINDOWS\WIN.PRO
2008-01-18 12:22 . 2008-01-18 12:22        13,816        --a------        C:\WINDOWS\WSSPORD.DAT
2008-01-18 12:21 . 2008-01-24 16:37        7,503,904        --ahs----        C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 12:21 . 2008-01-24 16:36        97,268        --ahs----        C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 12:10 . 2008-01-18 12:11        7,009,412        --a------        C:\WINDOWS\REGBK03.ZIP
2008-01-18 11:54 . 2007-12-10 16:00        413        --a------        C:\bootini.ins
2008-01-18 11:52 . 2007-07-12 19:32        509,952        --a------        C:\WINDOWS\system32\eInstall.exe
2008-01-18 11:51 . 2008-01-18 11:51        <DIR>        d--------        C:\WINDOWS\system32\ES_SETUP
2008-01-18 11:51 . 2008-01-18 11:53        <DIR>        d--------        C:\AVPDOS
2008-01-18 11:51 . 2002-12-18 17:58        32,768        --a------        C:\WINDOWS\system32\esmxlog.dll
2008-01-15 20:12 . 2008-01-15 20:12        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Skype
2008-01-15 20:09 . 2008-01-15 20:09        <DIR>        d--------        C:\Programme\Windows Installer Clean Up
2008-01-14 18:42 . 2008-01-14 18:42        413,696        --a------        C:\WINDOWS\system32\wrap_oal.dll
2008-01-14 18:42 . 2008-01-14 18:42        110,592        --a------        C:\WINDOWS\system32\OpenAL32.dll
2008-01-02 15:00 . 2007-06-13 14:10        1,036,288        -----c---        C:\WINDOWS\system32\dllcache\explorer.exe
2008-01-02 14:35 . 2007-10-11 00:46        6,065,664        -----c---        C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-02 14:35 . 2007-07-01 04:31        2,455,488        -----c---        C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-02 14:35 . 2007-07-01 04:36        1,040,384        -----c---        C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-02 14:35 . 2007-10-11 00:46        459,264        -----c---        C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-02 14:35 . 2007-06-27 15:04        383,488        -----c---        C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-02 14:35 . 2007-10-11 00:46        267,776        -----c---        C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-02 14:35 . 2007-10-11 00:46        63,488        -----c---        C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-02 14:35 . 2007-10-11 00:46        52,224        -----c---        C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-02 14:35 . 2007-10-10 11:59        13,824        -----c---        C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-02 08:57 . 2008-01-02 08:57        40        --a------        C:\WINDOWS\system32\drmgs.sys
2008-01-02 08:55 . 2008-01-02 08:55        <DIR>        d--------        C:\WINDOWS\WinAVI Video Converter 9.0
2007-12-31 11:38 . 2007-12-31 11:38        359,808        --a------        C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-30 18:55 . 2007-12-30 18:55        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Blizzard Entertainment

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 15:38        17,962        ----a-w        C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-01-18 10:53        ---------        d-----w        C:\Programme\Gemeinsame Dateien\MicroWorld
2008-01-15 19:09        ---------        d-----w        C:\Programme\MSECACHE
2008-01-14 17:52        107,888        ----a-w        C:\WINDOWS\system32\CmdLineExt.dll
2008-01-14 17:42        ---------        d-----w        C:\Programme\OpenAL
2007-12-31 10:38        359,808        ----a-w        C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-20 07:33        ---------        d-----w        C:\Programme\Spyware Doctor
2007-12-14 19:57        449        ----a-w        C:\Programme\INSTALL.LOG
2007-12-11 22:34        200,704        -c--a-w        C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34        1,044,480        -c--a-w        C:\WINDOWS\system32\libdivx.dll
2007-12-09 16:27        ---------        d-----w        C:\Programme\Apple Software Update
2007-12-05 22:21        ---------        d--h--w        C:\Programme\InstallShield Installation Information
2007-11-25 12:01        0        ---ha-w        C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-25 12:01        0        ---ha-w        C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-11-25 11:57        20,520        ----a-w        C:\WINDOWS\system32\drivers\ggsemc.sys
2007-11-25 11:57        13,352        ----a-w        C:\WINDOWS\system32\drivers\ggflt.sys
2007-11-25 11:57        1,419,232        ----a-w        C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-25 11:55        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Teleca Shared
2007-11-25 10:46        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Tobit
2007-11-14 22:30        103,736        ----a-w        C:\WINDOWS\system32\PnkBstrB.exe
2007-11-14 22:19        66,872        ----a-w        C:\WINDOWS\system32\PnkBstrA.exe
2007-10-29 22:42        1,293,312        ----a-w        C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28        222,720        ----a-w        C:\WINDOWS\system32\wmasf.dll
2006-05-03 09:06        163,328        --sh--r        C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47        31,232        --sh--r        C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((  Autostart Punkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WallPaper"="G:\WALLPA~1\WALLPA~1.exe" [2001-06-10 17:28 246272]
"EssentialPIM Pro"="G:\EssentialPIM\EssentialPIM.exe" [2007-10-02 14:16 3307901]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\soundman.exe]
"LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"LVCOMS"="C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"PTBSync"="G:\PTBSync\PTBSync.exe" [2006-11-07 19:15 321536]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-05-31 22:23 483328]
"VGAUtil"="C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-08-23 09:09 544768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"avgnt"="G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-15 21:29 249896]
"SunJavaUpdateSched"="G:\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"eScan Updater"="g:\eScan\TRAYICOS.exe" [2007-08-04 19:20 1305600]
"eScan Server"="g:\eScan\ESERV.exe" [2007-08-13 17:58 1799680]
"MailScan Dispatcher"="g:\eScan\LAUNCH.EXE" [2007-08-06 20:58 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]
"Picasa Media Detector"="G:\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= g:\outpos~1\g:\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli scecli

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OnlineControl.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk
backup=C:\WINDOWS\pss\OnlineControl.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^WISO Bewerbung 2007 Reminder.lnk]
backup=C:\WINDOWS\pss\WISO Bewerbung 2007 Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-06-01 12:32 94208 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 G:\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 G:\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssentialPIM]
--a------ 2007-10-02 14:16 3307901 G:\EssentialPIM\EssentialPIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
G:\ICQ5\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-10 21:56 218032 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-10 21:56 218032 C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 G:\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
--a--c--- 2007-01-04 22:21 73728 C:\WINDOWS\copyfstq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a--c--- 2005-05-23 08:57 90112 C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
--a------ 2005-08-22 09:10 69632 G:\Ulead Photo Express 6\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 g:\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WengoPhoneNG]
G:\WengoPhone\qtwengophone.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe boot
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"LogitechGalleryRepair"=G:\Logitech\ImageStudio\ISStart.exe
"LogitechImageStudioTray"=G:\Logitech\ImageStudio\LogiTray.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NVRTCLK"=C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
"nwiz"=nwiz.exe /install
"Acrobat Assistant 7.0"="G:\Acrobat 7.0\Distillr\Acrotray.exe"

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-10-24 22:23]
R1 SSHDRV82;SSHDRV82;C:\WINDOWS\system32\drivers\SSHDRV82.sys [2007-05-12 06:46]
R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2007-07-24 06:58]
R2 eScan-eServ;eScan Management-Console;g:\eScan\TRAYESER.EXE [2007-08-06 20:52]
R2 eScan-trayicos;eScan Server-Updater;g:\eScan\TRAYSSER.EXE [2007-08-06 20:53]
R2 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PtbTalk.sys [2006-11-07 19:15]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-01-24 16:38]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-01-24 16:38]
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]
S2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe []
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-02-23 16:16]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-25 12:57]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 NETMDSHA;MDSHA031;C:\WINDOWS\system32\Drivers\MDSHA031.sys [2003-05-19 09:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]

*Newly Created Service* - GPCIDRV
.
Inhalt des "geplante Tasks" Ordners
"2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-19 15:29:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 16:39:05
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.

Chris4You 25.01.2008 07:42
Hi,

hast Du mit HJ dieEinträge:
Unbekannt
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
gefixt? Sie sind noch da, nur fehlen jetzt die von Avenger beseitigten Files...
Bitte noch mal fixen!


Da scheint mindestens ein Trojaner noch da zu sein und wohl ein Rootkit!

Bitte folgende Files prüfen:
Zitat:
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys
http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
Poste die Ergebnisse mit Filename!

chris

paranetic 25.01.2008 19:23
beim neustart hat antivir genau diese dateien gemeldet und wohl gelöscht, sind jedenfalls nicht mehr da. hier nochmal ein neuer HJT-log:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:23, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
G:\PTBSync\PTBSync.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVComsX.exe
G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Logitech\Video\FxSvr2.exe
G:\Java\jre1.6.0_03\bin\jusched.exe
G:\eScan\TRAYICOS.EXE
G:\eScan\ESERV.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\Avira\AntiVir PersonalEdition Classic\sched.exe
G:\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
g:\eScan\VISTA\avpmapp.exe
g:\eScan\TRAYESER.EXE
g:\eScan\TRAYSSER.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\Alcohol 120\StarWind\StarWindService.exe
G:\eScan\Vista\eScanMon.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
G:\eScan\MAILDISP.EXE
G:\ESCAN\SPOOLER.EXE
g:\eScan\MAILSCAN.EXE
G:\Mozilla Firefox\firefox.exe
G:\ICQ6\ICQ.exe
G:\Skype\Phone\Skype.exe
G:\Skype\Plugin Manager\skypePM.exe
G:\Acrobat 7.0\Acrobat\Acrobat.exe
I:\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
I:\Temp\Adobelm_Cleanup.0001
C:\Dokumente und Einstellungen\xxx\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - g:\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - g:\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [PTBSync] G:\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [VGAUtil] C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "G:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eScan Updater] g:\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Server] g:\eScan\ESERV.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] g:\eScan\LAUNCH.EXE
O4 - HKLM\..\RunOnce: [mwavscan] "G:\eScan\MWAVSCAN.EXE" /s /AUTORUNBOOT
O4 - HKCU\..\Run: [WallPaper] G:\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [EssentialPIM Pro] "G:\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - G:\FlashGet\jc_all.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Mit FlashGet laden - G:\FlashGet\jc_link.htm
O8 - Extra context menu item: Alles mit NetXfer herunterladen - G:\NetXfer\NXAddList.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Herunterladen mit NetXfer - G:\NetXfer\NXAddLink.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://G:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\ICQ6\\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CD1A35-3616-4E8E-BD40-3649A80E0FA8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C5F952-36C2-4A58-AA9A-2FEC65264C24}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  g:\outpos~1\g:\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - G:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - g:\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Management-Console (eScan-eServ) - MicroWorld Technologies Inc. - g:\eScan\TRAYESER.EXE
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - g:\eScan\TRAYSSER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

Chris4You 28.01.2008 07:46
Hi,

bis auf das hier (kann ich nicht interpretieren) sieht es gut aus:
O18 - Protocol: schmap-help - (no CLSID) - (no file)

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:49 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28