Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus im MSN Messenger! (https://www.trojaner-board.de/65327-virus-msn-messenger.html)

tronix89 27.11.2008 19:48
Virus im MSN Messenger!
 
Hallo,

ich habe das gleiche Problem wie:
http://www.trojaner-board.de/62407-vermute-virus-im-msn-messenger.html

Die sidebar.exe habe ich auf "http://www.virustotal.com/de/" hochgeladen.
Da 4 Programme diese als gefährlich eingestuft haben, habe ich diese Datei gelöscht.

Dann habe ich Combofix heruntergeladen und durchgeführt.

Log:
Code:
ComboFix 08-11-27.03 - popopirat 2008-11-27 19:43:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.1396 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\popopirat\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2008-10-27 bis 2008-11-27  ))))))))))))))))))))))))))))))
.

2008-11-27 19:16 . 2008-11-27 19:16        <DIR>        d--------        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Malwarebytes
2008-11-27 19:16 . 2008-10-22 16:10        15,504        --a------        c:\winxp\system32\drivers\mbam.sys
2008-11-27 19:15 . 2008-11-27 19:16        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware
2008-11-27 19:15 . 2008-11-27 19:15        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-11-27 19:15 . 2008-10-22 16:10        38,496        --a------        c:\winxp\system32\drivers\mbamswissarmy.sys
2008-11-26 21:15 . 2008-11-26 21:15        244        --ah-----        C:\sqmnoopt07.sqm
2008-11-26 21:15 . 2008-11-26 21:15        232        --ah-----        C:\sqmdata07.sqm
2008-11-26 20:45 . 2008-11-26 20:45        244        --ah-----        C:\sqmnoopt06.sqm
2008-11-26 20:45 . 2008-11-26 20:45        232        --ah-----        C:\sqmdata06.sqm
2008-11-26 20:15 . 2008-11-26 20:15        244        --ah-----        C:\sqmnoopt05.sqm
2008-11-26 20:15 . 2008-11-26 20:15        232        --ah-----        C:\sqmdata05.sqm
2008-11-26 19:45 . 2008-11-26 19:45        244        --ah-----        C:\sqmnoopt04.sqm
2008-11-26 19:45 . 2008-11-26 19:45        232        --ah-----        C:\sqmdata04.sqm
2008-11-26 19:15 . 2008-11-26 19:15        244        --ah-----        C:\sqmnoopt03.sqm
2008-11-26 19:15 . 2008-11-26 19:15        232        --ah-----        C:\sqmdata03.sqm
2008-11-26 18:45 . 2008-11-26 18:45        244        --ah-----        C:\sqmnoopt02.sqm
2008-11-26 18:45 . 2008-11-26 18:45        232        --ah-----        C:\sqmdata02.sqm
2008-11-26 18:15 . 2008-11-26 18:15        244        --ah-----        C:\sqmnoopt01.sqm
2008-11-26 18:15 . 2008-11-26 18:15        232        --ah-----        C:\sqmdata01.sqm
2008-11-26 17:45 . 2008-11-26 17:45        244        --ah-----        C:\sqmnoopt00.sqm
2008-11-26 17:45 . 2008-11-26 17:45        232        --ah-----        C:\sqmdata00.sqm
2008-11-13 10:52 . 2008-11-13 10:52        90        --a------        c:\winxp\WA.INI
2008-11-09 03:40 . 2008-11-09 03:40        <DIR>        d--------        C:\WatchNow
2008-11-04 18:22 . 2008-11-17 17:42        32,328        --a------        c:\winxp\system32\drivers\HookCentre.sys
2008-11-04 18:20 . 2008-11-04 18:20        <DIR>        d--hs----        C:\#GDATA.Trash.Store#
2008-11-01 15:22 . 2008-11-01 15:22        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard
2008-10-31 14:44 . 2008-10-31 14:44        <DIR>        d--------        c:\programme\G DATA
2008-10-27 18:25 . 2008-11-27 15:29        <DIR>        d-a------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 18:39        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-11-27 18:38        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\foobar2000
2008-11-27 12:27        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\uTorrent
2008-11-23 01:31        43,520        ----a-w        c:\winxp\system32\CmdLineExt03.dll
2008-11-19 16:50        68,424        ----a-w        c:\winxp\system32\drivers\GRD.sys
2008-11-17 16:42        51,016        ----a-w        c:\winxp\system32\drivers\GDTdiIcpt.sys
2008-11-17 16:42        48,712        ----a-w        c:\winxp\system32\drivers\MiniIcpt.sys
2008-11-08 00:02        ---------        d-----w        c:\programme\Spybot - Search & Destroy
2008-11-04 17:25        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\G DATA
2008-10-31 13:44        ---------        d-----w        c:\programme\Gemeinsame Dateien\G DATA
2008-10-30 18:03        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\gtk-2.0
2008-10-26 18:38        22,272        ----a-w        c:\winxp\system32\drivers\GDNdisIc.sys
2008-10-26 17:48        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2008-10-26 17:08        ---------        d-----w        c:\programme\Sony Ericsson
2008-10-26 14:56        ---------        d-----w        c:\programme\DivX
2008-10-26 14:16        ---------        d-----w        c:\programme\OO Software
2008-10-26 13:49        ---------        d-----w        c:\programme\Gemeinsame Dateien\Nero
2008-10-26 13:49        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero
2008-10-25 14:04        21,840        ----atw        c:\winxp\system32\SIntfNT.dll
2008-10-25 14:04        17,212        ----atw        c:\winxp\system32\SIntf32.dll
2008-10-25 14:04        12,067        ----atw        c:\winxp\system32\SIntf16.dll
2008-10-24 20:13        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\dvdcss
2008-10-24 09:12        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\2DBoy
2008-10-16 12:09        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\AveDesk
2008-10-13 19:00        ---------        d-----w        c:\programme\foobar2000
2008-10-12 17:21        2,560        ----a-w        c:\winxp\_MSRSTRT.EXE
2008-10-12 15:36        ---------        d-----w        c:\programme\Stardock
2008-10-12 15:36        ---------        d-----w        c:\programme\Gemeinsame Dateien\Stardock
2008-10-12 15:21        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Miranda
2008-10-10 23:12        ---------        d--h--w        c:\programme\InstallShield Installation Information
2008-10-10 23:12        ---------        d-----w        c:\programme\GPSoftware
2008-10-05 20:30        ---------        d-----w        c:\programme\Gemeinsame Dateien\Acon Digital Media
2008-10-05 20:30        ---------        d-----w        c:\programme\Acon Digital Media
2008-10-04 19:06        ---------        d-----w        c:\programme\Zattoo
2008-10-04 17:21        ---------        d-----w        c:\programme\Gimp-2.0
2008-10-03 23:42        ---------        d-----w        c:\programme\mIRC
2008-10-03 23:42        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\NoNameScript
2008-10-03 23:41        ---------        d-----w        c:\dokumente und einstellungen\popopirat\Anwendungsdaten\mIRC
2008-09-19 21:55        200,704        ----a-w        c:\winxp\system32\ssldivx.dll
2008-09-19 21:55        1,044,480        ----a-w        c:\winxp\system32\libdivx.dll
2008-09-04 05:02        730,368        ----a-w        c:\winxp\system32\oodsvct.exe
2008-09-04 05:02        1,295,616        ----a-w        c:\winxp\system32\oodag.exe
2008-09-04 05:01        2,524,416        ----a-w        c:\winxp\system32\oodtray.exe
2008-09-04 05:01        194,816        ----a-w        c:\winxp\system32\oodbs.exe
2008-09-04 04:59        902,400        ----a-w        c:\winxp\system32\oodtrrs.dll
2008-09-04 04:59        9,984        ----a-w        c:\winxp\system32\oodbsrs.dll
2008-09-04 04:59        8,448        ----a-w        c:\winxp\system32\oodagrs.dll
2008-09-04 04:59        16,640        ----a-w        c:\winxp\system32\oodagmg.dll
2008-08-30 04:20        15,104        ----a-w        c:\winxp\system32\ootmapi.dll
2003-10-06 08:21        0        ---ha-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\sdpsenv.dat
2006-05-03 10:06        163,328        --sh--r        c:\winxp\system32\flvDX.dll
2007-02-21 11:47        31,232        --sh--r        c:\winxp\system32\msfDX.dll
2007-12-17 13:43        27,648        --sh--w        c:\winxp\system32\Smab0.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-08-19 1037992]
"G DATA AntiVirus Trayapplication"="c:\programme\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-10-29 955976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-02-12 c:\winxp\system32\advpack.dll]

c:\dokumente und einstellungen\popopirat\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDock\ObjectDock.exe [2008-10-12 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-12 18:25 229376 c:\programme\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= c:\winxp\system32\l3codecp.acm
"msacm.l3codec"= c:\winxp\system32\l3codecp.acm

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
backup=c:\winxp\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^popopirat^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk]
path=c:\dokumente und einstellungen\popopirat\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk
backup=c:\winxp\pss\Stardock ObjectDock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 18:46 39792 c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-05-28 12:10 2120640 c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 05:42 90112 c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 19:57 15360 c:\winxp\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:21 1694208 c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 08:04 5724184 c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
--a------ 2006-02-17 07:10 270336 c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-09-04 06:01 2524416 c:\winxp\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 12:05 716800 c:\programme\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 02:11 925696 c:\programme\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 c:\programme\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 15:05 3587120 c:\programme\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
--a------ 2003-04-14 12:41 294912 c:\programme\NetDrive\NetDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 11:51 61952 c:\winxp\system32\HdAShCut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 GRD;G DATA Rootkit Detector Driver;\??\c:\winxp\system32\drivers\GRD.sys [2008-10-26 68424]
R2 AVKProxy;G DATA AntiVirus Proxy;"c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2008-08-19 1089608]
R2 AVKService;G DATA Scheduler;c:\programme\G DATA\TotalCare\AVK\AVKService.exe [2008-08-19 386120]
R2 AVKWCtl;AntiVirus Wächter;c:\programme\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;\??\c:\winxp\system32\drivers\GDTdiIcpt.sys [2008-10-26 51016]
R2 WebDriveFSD;WebDrive File System Driver;\??\c:\programme\NetDrive\rffsd.sys [2008-05-27 67032]
R3 GDMnIcpt;GDMnIcpt;\??\c:\winxp\system32\drivers\MiniIcpt.sys [2008-10-26 48712]
R3 HookCentre;HookCentre;\??\c:\winxp\system32\drivers\HookCentre.sys [2008-11-04 32328]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\winxp\system32\Drivers\OCDE.sys []
S3 G DATA Backup Service;G DATA Backup Service;c:\programme\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\programme\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S4 RFNP32;WebDrive Provider; []

*Newly Created Service* - PROCEXP90
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\dokumente und einstellungen\popopirat\Anwendungsdaten\Mozilla\Firefox\Profiles\um6ak7vf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programme\Octoshape Streaming Services\popopirat\octoprogram-L03-N00-U00-C00_0804080_000\npoctoshape.dll
FF -: plugin - c:\programme\Octoshape Streaming Services\popopirat\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF -: plugin - c:\programme\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF -: plugin - c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 19:44:52
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\winxp\system32\Ati2evxx.dll
c:\programme\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(828)
c:\winxp\system32\nvappfilter.dll
.
Zeit der Fertigstellung: 2008-11-27 19:46:00
ComboFix-quarantined-files.txt  2008-11-27 18:45:58

Vor Suchlauf: 15 Verzeichnis(se), 15.679.385.600 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15,675,367,424 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

234

tronix89 27.11.2008 20:10
HijackThis Logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:59, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G DATA\TotalCare\AVK\AVKService.exe
C:\Programme\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINXP\system32\oodag.exe
C:\Programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Programme\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\WINXP\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programme\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211319592687
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCEC5033-3240-4F29-9F67-779B7489EF90}: NameServer = 192.168.0.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Backup Service - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Programme\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINXP\system32\oodag.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\NetDrive\wdService.exe

--
End of file - 5120 bytes


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19