Trojaner-Board - xupdate.exe

Liebe Community,

hier ein log-Post von einem Rechner eines Bekannten. Irgendwie beschleicht mich das Gefühl, dass hier jede Menge nach Hause telefoniert. Kann ein geschultes Auge mal drübersehen? Habe wie man sieht, Kaspersky drauf, leider find der nix.

Vielen Dank :sword2:

StartupList report, 08.09.2002, 18:08:43
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\Gerdi\Desktop\hijackthis1982\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\isnotify.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Gerdi\Desktop\hijackthis1982\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
AVPCC = "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
Adobe Photo Downloader = "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

swg = C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {0A668F4C-A122-00FA-5836-168541A3E4C7}
(no name) - (no file) - {14cd0a41-89bc-498e-92bd-ae1b62975a9e}
(no name) - (no file) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A}
(no name) - C:\Programme\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - (no file) - {c3703265-4671-4858-92a4-cba6a7b3bb45}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{24311111-1111-1121-1111-111191113457}]
CODEBASE = file://c:\eied_s7.cab

[{33331111-1111-1111-1111-611111193423}]

[{33331111-1111-1111-1111-611111193429}]

[{33331111-1111-1111-1111-611111193457}]
CODEBASE = file://c:\ex.cab

[{33331111-1111-1111-1111-611111193458}]
CODEBASE = file://c:\ex.cab

[{33331111-1111-1111-1111-615111193427}]

[{33331111-1111-1111-1111-622221193458}]
CODEBASE = file://c:\ex.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1105186082671

[{64311111-1111-1121-1111-111191113457}]
CODEBASE = file://c:\eied_s7.cab

[{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}]
CODEBASE = http://xscanner.spyshredderscanner.com/setup/webinst_de.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
SystemCheck2: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*windows update = wuaurlt.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*windows update = wuaurlt.exe
ishost.exe = ishost.exe
kernel32.dll = C:\WINDOWS\System32\isnotify.exe
issearch.exe = issearch.exe

--------------------------------------------------

End of report, 6.071 bytes
Report generated in 0,078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only