virus Win32:TratBHO

Baltasar0303 · 09.01.2008, 11:49

ich hoffe das isch jetz alles richtig mache.da ich ja schon ne warnug von euch erhalten hab,was mir übrigends leid tut. so nun zu meinem problem seit etwa 6 tagen habe ich was auf dem rechner.mein virensacanner findet den virus und ich kann ihn löschen,aber sobald ich den rechner neu starte komt wieder soeine viruswarnung:

avast hat eine probe von hgddd.dll entdeckt.

Dateiname: C:Windows\System32\hgddd.dll

Malware-Name: Win32:TratBHO {Trj}

Malware-Typ: Trojanisches Pferd

VPSVersion: 080108-0, 0801.2008

ich weiss keinen rat auf das problem und die reschersche im netz hat mich auch nicht weiter gebracht.in einem anderen forum wurde mir gesagt ich soll mit HijackThis ein logile erstellen.nun kenn ich mich damit nicht aus aber ich versuche nach bestem wissen und gewissen den weisungen von euch folge zuleisten.ich bitte euch um hilfe weil ich wirklich nicht weiter weiss.danke schonmal im vorraus.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:05, on 09.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\****\komplette ordner&install dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\hgddd.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxywu.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - h**p://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

11Boy11 · 09.01.2008, 12:47

Hi, Baltasar0303!

Wir beginnen mit Combofix.

1) - Lade dir Combofix herunter

2) combofix.exe starten und bestätige die Abfrage mit 1 und drücke Enter

3) Bericht posten

Achtung:

Combofix nimmt ein wenig Zeit in anspruch!
Bitte nichts während des Scans am Pc machen

Es kann auch sein, dass dein Computer zwischendurch mal herunterfährt!

_____________________________

Gehe nun in den Abgesicherten Modus, und lade Dir das Programm - Avenger - herunter.

- "Input script manually" anhacken
- Auf die Lupe klicken
- kopiere anschließend in "View/edit script" :

Zitat:

Files to delete:
C:Windows\System32\hgddd.dll

- Done klicken
- gruene Ampel anklicken

...das Script wird nun ausgeführt. danach wird der PC automatisch neustarten

Baltasar0303 · 09.01.2008, 13:33

hallo 11Boy11.
danke für deine schnelle antwort hier die combofix log.txt

ComboFix 08-01-09.2 - Baltasar0303 2008-01-09 13:18:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.310 [GMT 1:00]
ausgeführt von:: C:\Users\Baltasar0303\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\dddgh.ini
C:\Windows\System32\dddgh.ini2
C:\Windows\system32\hgddd.exe
C:\Windows\system32\xxywu.dll

Code:

ATTFilter

 <pre>
C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe ---> NeroCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe ---> NMBgMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe ---> RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe ---> GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe ---> lxczbmgr.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher .exe ---> EULALauncher.exe
</pre>

.
.
((((((((((((((((((((((( Dateien erstellt von 2007-12-09 bis 2008-01-09 ))))))))))))))))))))))))))))))
.

2008-01-09 13:16 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 22:21 . 2008-01-09 11:08 337,408 --a------ C:\Windows\System32\hgddd.dll
2008-01-08 22:12 . 2008-01-08 22:12 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 22:12 . 2008-01-08 22:12 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 22:12 . 2008-01-08 22:12 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 22:12 . 2008-01-08 22:12 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 22:12 . 2008-01-08 22:12 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 22:10 . 2008-01-08 22:10 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 22:10 . 2008-01-08 22:10 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 22:10 . 2008-01-08 22:10 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 22:10 . 2008-01-08 22:10 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 22:10 . 2008-01-08 22:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 22:10 . 2008-01-08 22:10 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 22:10 . 2008-01-08 22:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 22:10 . 2008-01-08 22:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 22:10 . 2008-01-08 22:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-08 22:10 . 2008-01-08 22:10 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-07 21:01 . 2008-01-07 21:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-07 21:01 . 2008-01-07 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-07 21:01 . 2008-01-07 21:01 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-01-07 15:57 . 2008-01-07 15:57 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\Grisoft
2008-01-07 15:03 . 2008-01-07 15:03 <DIR> d-------- C:\Users\All Users\TEMP
2008-01-07 15:03 . 2008-01-07 15:03 <DIR> d-------- C:\PROGRA~2\TEMP
2008-01-07 15:02 . 2008-01-07 15:13 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-07 12:45 . 2008-01-07 12:45 <DIR> d-------- C:\Program Files\Opera
2008-01-07 11:15 . 2008-01-07 11:15 <DIR> d-------- C:\PCWELT
2008-01-07 11:05 . 2008-01-07 11:05 <DIR> d-------- C:\Program Files\CCleaner
2008-01-05 20:28 . 2008-01-06 10:07 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-05 20:18 . 2008-01-05 20:19 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\PrevxCSI
2008-01-04 10:42 . 2008-01-09 13:24 2,037 --a------ C:\Windows\System32\OODBS.lor
2008-01-03 20:24 . 2008-01-08 00:06 <DIR> d-------- C:\Windows\System32\oodag
2008-01-03 20:15 . 2008-01-03 20:15 <DIR> d-------- C:\Program Files\OO Software
2007-12-30 11:38 . 2007-12-30 11:41 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\Nokia
2007-12-30 11:38 . 2007-12-30 17:47 <DIR> d-------- C:\Users\All Users\PC Suite
2007-12-30 11:38 . 2007-12-30 17:47 <DIR> d-------- C:\PROGRA~2\PC Suite
2007-12-30 11:36 . 2007-12-30 11:36 <DIR> d-------- C:\Program Files\DIFX
2007-12-30 11:35 . 2007-12-30 11:38 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\PC Suite
2007-12-30 11:32 . 2007-02-22 10:15 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-12-30 11:31 . 2007-12-30 12:05 <DIR> d-------- C:\Users\All Users\Installations
2007-12-30 11:31 . 2007-12-30 12:05 <DIR> d-------- C:\PROGRA~2\Installations
2007-12-30 10:26 . 2007-12-30 10:26 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\Leadertech
2007-12-29 18:42 . 2007-12-30 10:16 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\Teleca
2007-12-29 18:32 . 2007-12-29 18:32 <DIR> d-------- C:\Users\Baltasar0303\{1e9ca355-f1a1-4ae9-b364-d74e5eb65e55}
2007-12-29 18:29 . 2007-12-29 18:30 <DIR> d-------- C:\Users\Baltasar0303\{6dac8eae-6f59-4692-8e89-00c56bda3521}
2007-12-29 18:26 . 2007-04-24 11:33 98,696 --a------ C:\Windows\System32\drivers\s125obex.sys
2007-12-29 18:25 . 2007-04-24 11:33 108,680 --a------ C:\Windows\System32\drivers\s125mdm.sys
2007-12-29 18:25 . 2007-04-24 11:33 83,336 --a------ C:\Windows\System32\drivers\s125bus.sys
2007-12-29 18:25 . 2007-04-24 11:33 15,112 --a------ C:\Windows\System32\drivers\s125mdfl.sys
2007-12-29 18:25 . 2007-04-24 11:33 12,424 --a------ C:\Windows\System32\drivers\s125whnt.sys
2007-12-29 18:25 . 2007-04-24 11:33 12,424 --a------ C:\Windows\System32\drivers\s125wh.sys
2007-12-29 18:25 . 2007-04-24 11:33 12,424 --a------ C:\Windows\System32\drivers\s125cmnt.sys
2007-12-29 18:25 . 2007-04-24 11:33 12,424 --a------ C:\Windows\System32\drivers\s125cm.sys
2007-12-29 18:24 . 2007-12-29 18:25 <DIR> d-------- C:\Users\Baltasar0303\{ba63b98a-97fc-400c-bc7f-65d023bbd198}
2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Users\Baltasar0303\AppData\Roaming\Sony Ericsson
2007-12-29 18:17 . 2007-12-30 10:16 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-29 13:55 . 2007-12-30 09:03 <DIR> d-------- C:\Program Files\Disc2Phone
2007-12-27 20:18 . 2008-01-08 23:53 <DIR> d-------- C:\Users\Baltasar0303\komplette ordner&install dateien
2007-12-27 13:42 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll
2007-12-27 13:42 . 2007-12-27 13:42 400 --a------ C:\Windows\ODBC.INI
2007-12-27 13:35 . 2007-12-27 21:55 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-27 13:34 . 2007-12-27 13:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-27 12:25 . 2007-12-27 12:25 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-25 11:59 . 2007-12-26 20:00 <DIR> d-------- C:\Users\Baltasar0303\{88d41c83-d53e-4a74-9208-790b37802aa1}
2007-12-25 11:57 . 2006-12-20 17:59 585,728 --a------ C:\Windows\System32\tmp9CEA.tmp
2007-12-25 11:56 . 2008-01-09 13:24 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2007-12-12 09:12 . 2007-12-12 09:12 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 09:12 . 2007-12-12 09:12 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 09:12 . 2007-12-12 09:12 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 09:12 . 2007-12-12 09:12 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 09:10 . 2007-12-12 09:10 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-12 09:10 . 2007-12-12 09:10 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-12 09:10 . 2007-12-12 09:10 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-12 09:10 . 2007-12-12 09:10 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-12 09:09 . 2007-12-12 09:09 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 09:09 . 2007-12-12 09:09 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 09:09 . 2007-12-12 09:09 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 21:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:18 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 21:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 21:10 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 21:10 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 21:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-05 16:19 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\BitTorrent
2008-01-05 15:59 --------- d-----w C:\Program Files\eMule
2008-01-03 11:01 --------- d-----w C:\PROGRA~2\Skype
2007-12-27 11:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 17:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 17:48 --------- d-----w C:\PROGRA~2\WinZip
2007-12-12 08:16 --------- d-----w C:\Program Files\MSECACHE
2007-12-12 08:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 08:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 08:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-07 10:51 --------- d-----w C:\Program Files\SlySoft
2007-12-06 10:28 --------- d-----w C:\Program Files\Project64 1.6
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-27 21:26 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-27 21:14 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-11-26 14:00 --------- d-----w C:\PROGRA~2\farstone
2007-11-26 13:58 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\FarStone
2007-11-26 13:51 261 ----a-w C:\inVHDDrvLog.dat
2007-11-26 13:01 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2007-11-21 14:13 --------- d-----w C:\PROGRA~2\Messenger Plus!
2007-11-18 14:14 --------- d-----w C:\PROGRA~2\pixelStorm
2007-11-18 10:14 --------- d-----w C:\Program Files\ICQ6
2007-11-17 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 17:15 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\ICQ
2007-11-17 17:14 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\InstallShield
2007-11-15 17:56 --------- d-----w C:\Program Files\Alwil Software
2007-11-14 18:48 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 18:48 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 18:48 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 18:48 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 18:48 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 18:48 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 18:48 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 18:48 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 18:48 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 18:48 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 18:48 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 18:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 18:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 18:47 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 18:47 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 18:47 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 18:47 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 18:47 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 18:47 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-14 18:46 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-12 20:06 --------- d-----w C:\Program Files\Windows Live
2007-11-12 20:06 --------- d-----w C:\PROGRA~2\WLInstaller
2007-11-12 19:38 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-11-12 19:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-12 19:12 --------- d-----w C:\PROGRA~2\Symantec
2007-11-12 18:25 --------- d-----w C:\Program Files\Google
2007-11-12 18:19 --------- d-----w C:\Program Files\Java
2007-11-12 11:09 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-12 11:09 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-12 11:08 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-11 21:39 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\.purple
2007-11-11 21:07 --------- d-----w C:\Program Files\GMX
2007-11-11 20:59 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\GMX
2007-11-11 15:15 --------- d-----w C:\Program Files\MSN Messenger
2007-11-11 08:38 --------- d-----w C:\PROGRA~2\NVIDIA
2007-11-09 11:13 --------- d-----w C:\Program Files\Common Files\GTK
2007-11-09 10:52 --------- d-----w C:\Users\Baltasar0303\AppData\Roaming\Trillian
2007-10-25 20:33 737,280 ----a-w C:\Windows\iun6002.exe
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
2007-10-10 12:54 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 12:54 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 12:54 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 12:54 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 12:51 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 12:51 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-10 12:51 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-30 16:00 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-09 11:08 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-19 18:28 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-01-09 11:07 228088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-09 11:08 1840128]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2008-01-09 11:08 18944]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-09 11:08 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-09 11:08 153136]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [ ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [ ]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2008-01-09 11:07 74672]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R2 acedrv10;acedrv10;C:\Windows\system32\drivers\acedrv10.sys [2007-07-27 09:13]
R2 acehlp10;acehlp10;C:\Windows\system32\drivers\acehlp10.sys [2007-07-27 11:46]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 08:22]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-09 11:08]
S3 MosIrUsb;MosIrUsb.sys;C:\Windows\system32\DRIVERS\MosIrUsb.sys [2004-08-02 16:16]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

.
Inhalt des "geplante Tasks" Ordners
"2008-01-09 12:23:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 13:25:01
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-09 13:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 12:27:27
.
2008-01-08 21:13:08 --- E O F ---

melde mich wieder wenn Avenger durch ist.

Baltasar0303 · 09.01.2008, 13:51

em ich hab da n kleines problem die avengerversion von dir is nich für vista.
hab schon gegoolet aber nix gefunden.was nu sprach der ratlose Baltasar?

BataAlexander · 09.01.2008, 14:02

Bitte sende mir den Inhalt der C:\QooBox per eMail.
Ansonsten kannst Du ihmo den Rechner neu aufspielen. Deswegen
Hier findest Du eine Anleitung dazu.

Baltasar0303 · 09.01.2008, 14:14

was aus der QooBox möchtest du denn genau haben?

BackEnv
Quarantine
ComboFix-quarantined-files.txt
snapshot@2008-01-09_13.26.54.99.dat
snapshot@2008-01-09_13.26.54.99_B.dat

und was meinst du mit rechner neu ausetzen?

BataAlexander · 09.01.2008, 14:24

Was hast Du denn da für Links eingefügt?
Ich würde gern den ganzen Ordner haben.
Den Rechner musst Du neu Installieren, Windows neu aufspielen.
Dein Befall kann mir zuviel

Zitat:

Schaltet Antiviren-Anwendungen aus
Sendet sich an Adressen in Outlook-Adressbüchern
Verwendet seine eigene E-Mail-Engine
Reduziert die Systemsicherheit
Installiert sich in der Registrierung

Baltasar0303 · 09.01.2008, 15:02

nochmal danke für deine hilfe.meinst du nich den bekommt mann anders weg?und zudem habe ich nur eine backup cd von packard bell.ist damit der virus dann weg????
ich bin jetz sehr verzweifelt nach deiner aussage.

und die links befinden sich auch in dem ordner Qoobox.

BataAlexander · 09.01.2008, 16:22

Zitat:

Zitat von Baltasar0303

meinst du nich den bekommt mann anders weg?

Nicht sicher ist meine Meinung. Vor allem weil er ja nicht alleine ist!

Zitat:

und zudem habe ich nur eine backup cd von packard bell.ist damit der virus dann weg????

SystemRevovery meinst Du, ja danach ist der Virus erst mal weg, ob er wiederkommt, liegt an Dir.

Den Ordner bitte Zippen und mir per Board Mail schicken, wär toll.

Baltasar0303 · 09.01.2008, 16:47

hab grade eine boot zeit prüfung laufen lassen.und der hat auch was gefunden.seitdem kam keine viruswarnung mehr und das kam beim logfile raus

Logfile of HijackThis v1.99.1
Scan saved at 16:39:33, on 09.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\Explorer.exe
C:\Users\*****\komplette ordner&install dateien\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - h**p://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

so nu muss mir noch einer sagen ob da immernoch was faul is oder ob ich vieleicht doch n system backup machen muss aber der eintrag der in der ersten logfile unter f3-REG:win.ini: load=C:\Windows\system32\hgddd.exe stand is ja auch weg.

09.01.2008, 14:02	#5
BataAlexander > MalwareDB	virus Win32:TratBHO Bitte sende mir den Inhalt der C:\QooBox per eMail. Ansonsten kannst Du ihmo den Rechner neu aufspielen. Deswegen Hier findest Du eine Anleitung dazu.

virus Win32:TratBHO

Plagegeister aller Art und deren Bekämpfung: virus Win32:TratBHO