Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:35, on 14.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\SPYWAREfighter\SPYWAREfighter.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osnatel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von osnatel GmbH
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Proxy.osnanet.de:8080
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8748] command /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2004] cmd /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7425] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9788] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3341] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC258] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3447] command /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6704] cmd /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9885] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6203] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7216] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7275] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB344] command /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6637] cmd /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1065] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1504] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4493] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3471] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6138] command /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2442] cmd /c del "C:\WINDOWS\system32\ntos.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB277] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9335] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB817] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3722] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {5F7E3FF2-9B68-4850-B012-C874E69B8DCC} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {5F7E3FF2-9B68-4850-B012-C874E69B8DCC} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.osnatel.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146865927125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147963290078
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?55879aba2b9e72023feaa0f84715b3ede410d3558123e6107a981621bcb2a52ddeb9f254173e0befcb3689a49a661d564306d30588984f50712a7b6a08d34daa816615eecf2505 :8e4c6e9d68c3e5aca81257a6dc925541
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramount/de/web/player/vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC209509-1CE2-429C-A958-8165C38192A0}: NameServer = 212.95.97.66,212.95.97.6,212.95.108.3
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: cryptonet - C:\WINDOWS\SYSTEM32\cryptonet.dll
O21 - SSODL: fxReLYlydTm - {C08AEAB6-6A20-401C-746D-F54CA9DB782D} - C:\WINDOWS\system32\kctdmw.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.giga-parc.info/giga-active-desktop-form.php?
O24 - Desktop Component 1: (no name) - http://www.giga-parc.de/activedesktop/index.php?ID=133

Beschreibe bitte dein Problem genauer.

Zudem ist mir folgendes ins Auge gefallen:

Zitat:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\ntos.exe,

Eine sehr gefährliche ZBot Variante,
du solltest:
- Alle Passwörter und Zugangsdaten von einem sauberen Rechner aus ändern
- Lasse deine Konten sperren, insbesondere PayPal, ebay und Online Banking Accounts
- Setze dich mit deiner Bank ggf. in Verbindung
- Deinen Rechner genau nach dieser Anleitung Neuaufsetzen


mfg