Trojan/Dldr.Oscaboth + Backdoor.PcClient.18 (paranoid heuristics) !!!

Migelangelo

Hallo
ich hab mir da was eingafangen

Trojan/Dldr.Oscaboth
Backdoor.PcClient.18 (paranoid heuristics)

ich hab im abgesicherten modus und mit deaktivierter systemwiederherstellung
schon das system mit ewido und spy emergency 2005 gereinigt und die zwei übeltäter so hoffe ich entfernt.

nun wollte ich mal das ihr mein logfile anschaut ob da noch was ist.

Logfile of HijackThis v1.99.1
Scan saved at 13:39:23, on 06.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Panda Antivirus\Pavsrv51.exe
F:\Panda Antivirus\APVXDWIN.EXE
C:\Programme\philips\Philips 54Mbps Wireless USB Adapter Utility\PRISMSVR.EXE
C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Panda Antivirus\AVENGINE.EXE
C:\PROGRA~1\mcafee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
G:\DriveImage 7\Agent\PQV2iSvc.exe
C:\Programme\philips\Philips 54Mbps Wireless USB Adapter Utility\PHUSB11GMonitor.exe
C:\Programme\Rainlendar\Rainlendar.exe
F:\Panda Antivirus\pavProxy.exe
C:\Dokumente und Einstellungen\Mike\Eigene Dateien\!!!!!!!! ACHTUNG DOWNLOAD !!!!!!!!!\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IESecObj Class - {6BDB7256-E43F-429D-BA08-D864FBB56B6F} - C:\Programme\IESecure\IESecure.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [APVXDWIN] "F:\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\philips\Philips 54Mbps Wireless USB Adapter Utility\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ZyConfig] "C:\Programme\ZyConfig\ZyConfig.exe" -update
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe
O4 - Global Startup: Philips Wireless USB Adapter 11g.lnk = C:\Programme\philips\Philips 54Mbps Wireless USB Adapter Utility\PHUSB11GMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://h++p://download.ebay.com/turb...++/install.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - America Online, Inc. - (no file)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Conexant - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Panda Antivirus\Pavsrv51.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - G:\DriveImage 7\Agent\PQV2iSvc.exe

P.S hab die datei dort prüfen lassen
http://virusscan.jotti.org/