Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus im MSN Messenger! (https://www.trojaner-board.de/65327-virus-msn-messenger.html)

tronix89 27.11.2008 19:48
Virus im MSN Messenger!
 
Hallo,

ich habe das gleiche Problem wie:
http://www.trojaner-board.de/62407-vermute-virus-im-msn-messenger.html

Die sidebar.exe habe ich auf "http://www.virustotal.com/de/" hochgeladen.
Da 4 Programme diese als gefährlich eingestuft haben, habe ich diese Datei gelöscht.

Dann habe ich Combofix heruntergeladen und durchgeführt.

Log:
Code:
ComboFix 08-11-27.03 - popopirat 2008-11-27 19:43:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.1396 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\popopirat\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2008-10-27 bis 2008-11-27  ))))))))))))))))))))))))))))))
.

2008-11-27 19:16 . 2008-11-27 19:16        <DIR>        d--------        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Malwarebytes
2008-11-27 19:16 . 2008-10-22 16:10        15,504        --a------        c:\winxp\system32\drivers\mbam.sys
2008-11-27 19:15 . 2008-11-27 19:16        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware
2008-11-27 19:15 . 2008-11-27 19:15        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-11-27 19:15 . 2008-10-22 16:10        38,496        --a------        c:\winxp\system32\drivers\mbamswissarmy.sys
2008-11-26 21:15 . 2008-11-26 21:15        244        --ah-----        C:\sqmnoopt07.sqm
2008-11-26 21:15 . 2008-11-26 21:15        232        --ah-----        C:\sqmdata07.sqm
2008-11-26 20:45 . 2008-11-26 20:45        244        --ah-----        C:\sqmnoopt06.sqm
2008-11-26 20:45 . 2008-11-26 20:45        232        --ah-----        C:\sqmdata06.sqm
2008-11-26 20:15 . 2008-11-26 20:15        244        --ah-----        C:\sqmnoopt05.sqm
2008-11-26 20:15 . 2008-11-26 20:15        232        --ah-----        C:\sqmdata05.sqm
2008-11-26 19:45 . 2008-11-26 19:45        244        --ah-----        C:\sqmnoopt04.sqm
2008-11-26 19:45 . 2008-11-26 19:45        232        --ah-----        C:\sqmdata04.sqm
2008-11-26 19:15 . 2008-11-26 19:15        244        --ah-----        C:\sqmnoopt03.sqm
2008-11-26 19:15 . 2008-11-26 19:15        232        --ah-----        C:\sqmdata03.sqm
2008-11-26 18:45 . 2008-11-26 18:45        244        --ah-----        C:\sqmnoopt02.sqm
2008-11-26 18:45 . 2008-11-26 18:45        232        --ah-----        C:\sqmdata02.sqm
2008-11-26 18:15 . 2008-11-26 18:15        244        --ah-----        C:\sqmnoopt01.sqm
2008-11-26 18:15 . 2008-11-26 18:15        232        --ah-----        C:\sqmdata01.sqm
2008-11-26 17:45 . 2008-11-26 17:45        244        --ah-----        C:\sqmnoopt00.sqm
2008-11-26 17:45 . 2008-11-26 17:45        232        --ah-----        C:\sqmdata00.sqm
2008-11-13 10:52 . 2008-11-13 10:52        90        --a------        c:\winxp\WA.INI
2008-11-09 03:40 . 2008-11-09 03:40        <DIR>        d--------        C:\WatchNow
2008-11-04 18:22 . 2008-11-17 17:42        32,328        --a------        c:\winxp\system32\drivers\HookCentre.sys
2008-11-04 18:20 . 2008-11-04 18:20        <DIR>        d--hs----        C:\#GDATA.Trash.Store#
2008-11-01 15:22 . 2008-11-01 15:22        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard
2008-10-31 14:44 . 2008-10-31 14:44        <DIR>        d--------        c:\programme\G DATA
2008-10-27 18:25 . 2008-11-27 15:29        <DIR>        d-a------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 18:39        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-11-27 18:38        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\foobar2000
2008-11-27 12:27        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\uTorrent
2008-11-23 01:31        43,520        ----a-w        c:\winxp\system32\CmdLineExt03.dll
2008-11-19 16:50        68,424        ----a-w        c:\winxp\system32\drivers\GRD.sys
2008-11-17 16:42        51,016        ----a-w        c:\winxp\system32\drivers\GDTdiIcpt.sys
2008-11-17 16:42        48,712        ----a-w        c:\winxp\system32\drivers\MiniIcpt.sys
2008-11-08 00:02        ---------        d-----w        c:\programme\Spybot - Search & Destroy
2008-11-04 17:25        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\G DATA
2008-10-31 13:44        ---------        d-----w        c:\programme\Gemeinsame Dateien\G DATA
2008-10-30 18:03        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\gtk-2.0
2008-10-26 18:38        22,272        ----a-w        c:\winxp\system32\drivers\GDNdisIc.sys
2008-10-26 17:48        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2008-10-26 17:08        ---------        d-----w        c:\programme\Sony Ericsson
2008-10-26 14:56        ---------        d-----w        c:\programme\DivX
2008-10-26 14:16        ---------        d-----w        c:\programme\OO Software
2008-10-26 13:49        ---------        d-----w        c:\programme\Gemeinsame Dateien\Nero
2008-10-26 13:49        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero
2008-10-25 14:04        21,840        ----atw        c:\winxp\system32\SIntfNT.dll
2008-10-25 14:04        17,212        ----atw        c:\winxp\system32\SIntf32.dll
2008-10-25 14:04        12,067        ----atw        c:\winxp\system32\SIntf16.dll
2008-10-24 20:13        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\dvdcss
2008-10-24 09:12        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\2DBoy
2008-10-16 12:09        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\AveDesk
2008-10-13 19:00        ---------        d-----w        c:\programme\foobar2000
2008-10-12 17:21        2,560        ----a-w        c:\winxp\_MSRSTRT.EXE
2008-10-12 15:36        ---------        d-----w        c:\programme\Stardock
2008-10-12 15:36        ---------        d-----w        c:\programme\Gemeinsame Dateien\Stardock
2008-10-12 15:21        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Miranda
2008-10-10 23:12        ---------        d--h--w        c:\programme\InstallShield Installation Information
2008-10-10 23:12        ---------        d-----w        c:\programme\GPSoftware
2008-10-05 20:30        ---------        d-----w        c:\programme\Gemeinsame Dateien\Acon Digital Media
2008-10-05 20:30        ---------        d-----w        c:\programme\Acon Digital Media
2008-10-04 19:06        ---------        d-----w        c:\programme\Zattoo
2008-10-04 17:21        ---------        d-----w        c:\programme\Gimp-2.0
2008-10-03 23:42        ---------        d-----w        c:\programme\mIRC
2008-10-03 23:42        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\NoNameScript
2008-10-03 23:41        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\mIRC
2008-09-19 21:55        200,704        ----a-w        c:\winxp\system32\ssldivx.dll
2008-09-19 21:55        1,044,480        ----a-w        c:\winxp\system32\libdivx.dll
2008-09-04 05:02        730,368        ----a-w        c:\winxp\system32\oodsvct.exe
2008-09-04 05:02        1,295,616        ----a-w        c:\winxp\system32\oodag.exe
2008-09-04 05:01        2,524,416        ----a-w        c:\winxp\system32\oodtray.exe
2008-09-04 05:01        194,816        ----a-w        c:\winxp\system32\oodbs.exe
2008-09-04 04:59        902,400        ----a-w        c:\winxp\system32\oodtrrs.dll
2008-09-04 04:59        9,984        ----a-w        c:\winxp\system32\oodbsrs.dll
2008-09-04 04:59        8,448        ----a-w        c:\winxp\system32\oodagrs.dll
2008-09-04 04:59        16,640        ----a-w        c:\winxp\system32\oodagmg.dll
2008-08-30 04:20        15,104        ----a-w        c:\winxp\system32\ootmapi.dll
2003-10-06 08:21        0        ---ha-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\sdpsenv.dat
2006-05-03 10:06        163,328        --sh--r        c:\winxp\system32\flvDX.dll
2007-02-21 11:47        31,232        --sh--r        c:\winxp\system32\msfDX.dll
2007-12-17 13:43        27,648        --sh--w        c:\winxp\system32\Smab0.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-08-19 1037992]
"G DATA AntiVirus Trayapplication"="c:\programme\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-10-29 955976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-02-12 c:\winxp\system32\advpack.dll]

c:\dokumente und einstellungen\popopirat\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDock\ObjectDock.exe [2008-10-12 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-12 18:25 229376 c:\programme\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= c:\winxp\system32\l3codecp.acm
"msacm.l3codec"= c:\winxp\system32\l3codecp.acm

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
backup=c:\winxp\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^popopirat^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk]
path=c:\dokumente und einstellungen\popopirat\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk
backup=c:\winxp\pss\Stardock ObjectDock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 18:46 39792 c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-05-28 12:10 2120640 c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 05:42 90112 c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 19:57 15360 c:\winxp\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:21 1694208 c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 08:04 5724184 c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
--a------ 2006-02-17 07:10 270336 c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-09-04 06:01 2524416 c:\winxp\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 12:05 716800 c:\programme\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 02:11 925696 c:\programme\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 c:\programme\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 15:05 3587120 c:\programme\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
--a------ 2003-04-14 12:41 294912 c:\programme\NetDrive\NetDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 11:51 61952 c:\winxp\system32\HdAShCut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 GRD;G DATA Rootkit Detector Driver;\??\c:\winxp\system32\drivers\GRD.sys [2008-10-26 68424]
R2 AVKProxy;G DATA AntiVirus Proxy;"c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2008-08-19 1089608]
R2 AVKService;G DATA Scheduler;c:\programme\G DATA\TotalCare\AVK\AVKService.exe [2008-08-19 386120]
R2 AVKWCtl;AntiVirus Wächter;c:\programme\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;\??\c:\winxp\system32\drivers\GDTdiIcpt.sys [2008-10-26 51016]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\programme\NetDrive\rffsd.sys [2008-05-27 67032]
R3 GDMnIcpt;GDMnIcpt;\??\c:\winxp\system32\drivers\MiniIcpt.sys [2008-10-26 48712]
R3 HookCentre;HookCentre;\??\c:\winxp\system32\drivers\HookCentre.sys [2008-11-04 32328]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\winxp\system32\Drivers\OCDE.sys []
S3 G DATA Backup Service;G DATA Backup Service;c:\programme\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\programme\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S4 RFNP32;WebDrive Provider; []

*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Mozilla\Firefox\Profiles\um6ak7vf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programme\Octoshape Streaming Services\popopirat\octoprogram-L03-N00-U00-C00_0804080_000\npoctoshape.dll
FF -: plugin - c:\programme\Octoshape Streaming Services\popopirat\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF -: plugin - c:\programme\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF -: plugin - c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 19:44:52
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\winxp\system32\Ati2evxx.dll
c:\programme\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(828)
c:\winxp\system32\nvappfilter.dll
.
Zeit der Fertigstellung: 2008-11-27 19:46:00
ComboFix-quarantined-files.txt  2008-11-27 18:45:58

Vor Suchlauf: 15 Verzeichnis(se), 15.679.385.600 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15,675,367,424 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

234

tronix89 27.11.2008 20:10
HijackThis Logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:59, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G DATA\TotalCare\AVK\AVKService.exe
C:\Programme\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINXP\system32\oodag.exe
C:\Programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Programme\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\WINXP\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211319592687
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCEC5033-3240-4F29-9F67-779B7489EF90}: NameServer = 192.168.0.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Backup Service - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINXP\system32\oodag.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\NetDrive\wdService.exe

--
End of file - 5120 bytes


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131