Warezov, Opnis-B wie löschen?

#1 So ich habe folgendes Problem:
Mein Virenscanner Avast meldet ständig einen Virus in unterschiedlichen Dateien. Nachdem ich immer auf Löschen klicke, kommt die gleiche Meldung ein paar Minuten später erneut.

Nachdem ich dann diese Dateien mal mit der Boot-Prüfung gelöscht habe, gingen ICQ 5.1 und 6.0 Alpha nicht mehr...

Sogar mein MSN schickt mir, obwohl ich da nicht eingeloggt bin mittlerweile Links mit einem Virus auf meinen anderen MSN-Account (in Trillian)!!!

Bin echt verzweifelt. Wie bekomme ich diese beiden Viren wieder los?

Hier der Log von Avast:

Zitat

18.04.2007 01:38:46 Gabriel 644 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\SYSTEM32\STATAMC.DLL" file.
18.04.2007 01:38:45 Gabriel 644 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\SYSTEM32\DIAGAMC.DLL" file.
18.04.2007 01:38:34 Gabriel 644 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\SYSTEM32\DIAGISR.DLL" file.
18.04.2007 01:10:23 Gabriel 644 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\SYSTEM32\STATAMC.DLL" file.
18.04.2007 01:10:17 Gabriel 644 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\SYSTEM32\DIAGAMC.DLL" file.
18.04.2007 01:09:59 Gabriel 644 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\SYSTEM32\DIAGISR.DLL" file.
17.04.2007 19:35:02 Gabriel 644 Sign of "Win32:Warezov-AQY [Wrm]" has been found in "C:\WINDOWS\system32\amcconf.exe" file.
17.04.2007 01:05:01 Gabriel 496 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\system32\statamc.dll" file.
17.04.2007 01:04:50 Gabriel 496 Sign of "Win32:Warezov-AQZ [Wrm]" has been found in "C:\WINDOWS\system32\diagamc.dll" file.
16.04.2007 23:21:41 Gabriel 496 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 23:21:38 Gabriel 496 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
16.04.2007 23:21:25 Gabriel 496 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 19:19:41 Gabriel 640 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 19:19:37 Gabriel 640 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
16.04.2007 19:19:24 Gabriel 640 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 18:42:20 Gabriel 4920 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP227\A0142590.exe" file.
16.04.2007 18:42:10 Gabriel 4920 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP227\A0142589.dll" file.
16.04.2007 18:28:28 Gabriel 1556 Sign of "Win32:Agent-FHR [Trj]" has been found in "C:\DOKUME~1\Gabriel\LOKALE~1\Temp\7zO93.tmp\mspass.exe" file.
16.04.2007 18:28:14 Gabriel 1556 Sign of "Win32:Agent-FHR [Trj]" has been found in "C:\DOKUME~1\Gabriel\LOKALE~1\Temp\7zO93.tmp\mspass.exe" file.
16.04.2007 16:24:14 Gabriel 1556 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 16:24:12 Gabriel 1556 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
16.04.2007 16:22:39 Gabriel 1556 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 16:22:02 Gabriel 1556 Sign of "Win32:Warezov-AAS [Wrm]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 16:21:37 Gabriel 1556 Sign of "Win32:Warezov-AAU [Wrm]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 15:15:55 Gabriel 2936 Sign of "Win32:Opnis-B [Trj]" has been found in "c:\windows\system32\diagisr.dll" file.
16.04.2007 15:11:40 Gabriel 2132 Sign of "Win32:Opnis-B [Trj]" has been found in "c:\windows\system32\diagisr.dll" file.
16.04.2007 15:10:56 Gabriel 168 Sign of "Win32:Warezov-LH [Wrm]" has been found in "C:\Programme\ICQLite\ICQLite.exe" file.
16.04.2007 15:10:43 Gabriel 168 Sign of "Win32:Warezov-LH [Wrm]" has been found in "C:\Programme\ICQ6\ICQ.exe" file.
16.04.2007 15:00:58 Gabriel 168 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP227\A0141604.dll" file.
16.04.2007 15:00:57 Gabriel 168 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP227\A0141603.exe" file.
16.04.2007 15:00:57 Gabriel 168 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP227\A0141602.exe" file.
16.04.2007 14:59:01 Gabriel 168 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 14:58:57 Gabriel 168 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
16.04.2007 14:58:57 Gabriel 168 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 14:58:57 Gabriel 168 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 14:54:24 Gabriel 168 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Temp\temp.fr73C8" file.
16.04.2007 14:54:24 Gabriel 168 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Temp\temp.fr5DF7" file.
16.04.2007 14:54:24 Gabriel 168 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Temp\temp.frDD5F" file.
16.04.2007 14:12:34 SYSTEM 1508 Sign of "Win32:Warezov-AAS [Wrm]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
16.04.2007 14:12:04 SYSTEM 1508 Sign of "Win32:Warezov-AAU [Wrm]" has been found in "c:\windows\system32\1478344318" file.
16.04.2007 14:10:34 SYSTEM 1508 Sign of "Win32:Warezov-AAU [Wrm]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
16.04.2007 14:06:05 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "c:\windows\system32\1183054362" file.
16.04.2007 14:05:52 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\ifcmgr32.dll" file.
16.04.2007 14:05:43 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\ifcmgr32.dll" file.
16.04.2007 14:05:36 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\ifcmgr32.dll" file.
16.04.2007 14:03:41 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:40 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:39 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:37 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:36 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\ifcconf.exe" file.
16.04.2007 14:03:35 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:20 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:11 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:10 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:08 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:04 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:03:02 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:02:25 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\confifc.dll" file.
16.04.2007 14:01:00 SYSTEM 1508 Sign of "Win32:Warezov-MV [Wrm]" has been found in "C:\WINDOWS\system32\ifcstat.dll" file.
16.04.2007 14:00:59 SYSTEM 1508 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\system32\confifc.dll" file.
16.04.2007 00:20:43 Gabriel 1532 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 22:15:02 Gabriel 1532 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 20:11:40 Gabriel 1532 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 20:11:37 Gabriel 1532 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 19:11:04 Gabriel 1532 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 18:25:48 Gabriel 1252 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 17:25:01 Gabriel 1252 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 16:24:25 Gabriel 1252 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
15.04.2007 00:35:38 SYSTEM 1256 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 23:34:36 SYSTEM 1256 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 23:19:31 Gabriel 1348 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 21:38:14 Gabriel 1348 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 20:37:40 Gabriel 1348 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 19:37:06 Gabriel 1348 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 19:30:03 Gabriel 1348 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
14.04.2007 19:30:00 Gabriel 1348 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
14.04.2007 19:29:54 Gabriel 1348 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.
14.04.2007 18:48:50 Gabriel 2736 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook Sicherung.pst\Persönliche Ordner\Höchste Ebene der Persönlichen Ordner\Gelöschte Objekte\Re [3]: Hallo. Ihre Liebe.\Kodak_ IMG0025.zip\Kodak_ IMG0025.JPG_____________________________________________________.JPG.exe" file.
14.04.2007 18:45:55 Gabriel 1088 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 17:45:37 Gabriel 1088 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprov.exe" file.
14.04.2007 17:45:29 Gabriel 1088 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\isrprf32.dll" file.
14.04.2007 17:45:11 Gabriel 1088 Sign of "Win32:Warezov-BUB [Wrm]" has been found in "C:\WINDOWS\tife32.exe\[Upack]" file.
14.04.2007 17:25:34 Gabriel 1088 Sign of "Win32:Opnis-B [Trj]" has been found in "C:\WINDOWS\system32\diagisr.dll" file.

Hier der Log von HJT:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 14:20:45, on 16.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\msormsxm.exe
C:\WINDOWS\idl32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skcsd32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skcsd32.exe
O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\system32\ifcconf.exe
O4 - HKLM\..\Run: [idl32.exe] C:\WINDOWS\idl32.exe s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Skype\Plugin Manager\Skype4COM.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: ipsemsw3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: msormsxm - C:\WINDOWS\system32\msormsxm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#2 Hallo,

poste noch die fehlenden Logs...

Zitat

http://board.protecus.de/t23188.htm
- Erstellen eines Hijackthis-Logfiles
- CleanUp (temporaeren Dateien loeschen)
- Combofix
- Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten)

Schonmal prüfen kannst Du folgende Datei:
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

Zitat

C:\WINDOWS\system32\msormsxm.dll
C:\WINDOWS\system32\ipsemsw3.dll
c:\windows\system32\spacklsp.dll

Chris

#3 Sorry!
Blödes AntiVirus blockiert den PC nach dem Start so dermaßen, is nicht mehr feierlich Musste dann im abgesichertem Modus das Programm wieder deinstallieren...

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 14:33:22, on 18.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\Programme\Trillian\trillian.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skksd32.exe
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skksd32.exe -s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Skype\Plugin Manager\Skype4COM.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: ipsemsw3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: isrconf - cfgamc.dll (file missing)
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: msormsxm - C:\WINDOWS\system32\msormsxm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Zitat

"Gabriel" - 07-04-18 14:35:29 Service Pack 2
ComboFix 07-04-18.2V - Running from: C:\Dokumente und Einstellungen\Gabriel\Desktop\


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\download plugin


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-18 14:35 140,622 --a------ C:\WINDOWS\system32\msormsxm.exe
2007-04-18 14:08 <DIR> d--hs---- C:\WINDOWS\CSC
2007-04-18 12:19 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-04-18 12:19 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\WholeSecurity
2007-04-18 10:48 35,840 --a------ C:\WINDOWS\skkkkkkk.exe
2007-04-17 19:36 45,056 --ah----- C:\WINDOWS\system32\isrprf32.dll
2007-04-17 19:36 40,960 --ah----- C:\WINDOWS\system32\isrprov.exe
2007-04-17 00:28 3,584 --a------ C:\WINDOWS\btm32.exe
2007-04-16 14:18 176,128 --a------ C:\WINDOWS\hefh781.dat
2007-04-16 14:14 <DIR> d-------- C:\Programme\Lavasoft
2007-04-16 14:14 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\Lavasoft
2007-04-16 14:10 177,152 --a------ C:\WINDOWS\idl32.exe
2007-04-15 18:22 <DIR> d-------- C:\Programme\NuGardt Software
2007-04-11 19:28 49,152 --a------ C:\WINDOWS\system32\gptedrmc.dll
2007-04-11 19:28 49,152 --------- C:\WINDOWS\system32\ipsemsw3.dll
2007-04-11 19:28 40,960 --a------ C:\WINDOWS\system32\bcshqdvd.exe
2007-04-11 19:28 4 --a------ C:\WINDOWS\system32\msormsxm.dat
2007-04-11 19:28 184,320 --a------ C:\WINDOWS\system32\msormsxm.dll
2007-04-09 22:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-09 14:50 <DIR> d-------- C:\Programme\mIRC
2007-04-05 01:25 <DIR> d-------- C:\Programme\XING-Plugin 3.3.1
2007-04-03 20:36 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-03 20:36 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-04-03 20:36 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-02 14:06 <DIR> d-------- C:\DOKUME~1\Gabriel\ANWEND~1\MailFrontier
2007-04-02 01:15 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-02 01:15 42,648 --a------ C:\WINDOWS\zllsputility_loc0407.dll
2007-04-02 01:15 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc0407.dll
2007-04-02 01:15 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc0407.dll
2007-04-02 01:14 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-30 13:01 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-03-30 13:01 1,122,304 --a------ C:\WINDOWS\system32\ivimci32.dll
2007-03-29 23:59 <DIR> d-------- C:\Programme\CyberLink
2007-03-29 23:59 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink
2007-03-29 23:47 <DIR> d-------- C:\Programme\SHOUTcast Source
2007-03-29 23:47 <DIR> d-------- C:\Programme\RealMedia
2007-03-29 23:47 <DIR> d-------- C:\Programme\OpenSource Flash Video Splitter
2007-03-29 23:47 <DIR> d-------- C:\Programme\Haali
2007-03-29 23:47 <DIR> d-------- C:\Programme\CD Audio Reader Filter
2007-03-29 23:46 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-03-29 23:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-29 23:46 <DIR> d-------- C:\Programme\Zoom Player
2007-03-29 23:46 <DIR> d-------- C:\Programme\ffdshow
2007-03-29 23:46 <DIR> d-------- C:\Programme\DirectVobSub
2007-03-29 23:45 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-03-29 23:45 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-03-29 23:45 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-03-29 23:45 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-03-29 23:45 <DIR> d-------- C:\Programme\AVSMedia
2007-03-28 16:58 <DIR> d-------- C:\Programme\OpenOffice.org 2.2
2007-03-26 18:50 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\NVIDIA
2007-03-26 17:43 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2007-03-26 17:33 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-03-26 17:33 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-03-26 17:33 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-03-26 17:33 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-03-26 17:33 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-03-26 17:33 315,392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-03-26 17:33 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-03-26 17:33 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-03-26 17:33 299,008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-03-26 17:33 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-03-26 17:33 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-03-26 17:33 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-03-26 17:33 278,528 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-03-26 17:33 270,336 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-03-26 17:33 270,336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-03-26 17:33 266,240 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-03-26 17:33 266,240 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-03-26 17:33 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-03-26 17:33 258,048 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-03-26 17:33 253,952 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-03-26 17:33 253,952 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-03-26 17:33 253,952 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-03-26 17:33 253,952 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-03-26 17:33 253,952 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-03-26 17:33 249,856 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-03-26 17:33 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-03-26 17:33 221,184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-03-26 17:33 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-03-26 17:33 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-03-26 17:33 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-03-26 17:33 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-03-26 17:33 122,880 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-03-26 17:20 888,832 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-03-26 17:20 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-03-26 17:20 81,920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-03-26 17:20 806,912 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-03-26 17:20 6,500,352 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-03-26 17:20 581,632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-03-26 17:20 5,623,808 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-03-26 17:20 5,246,976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-03-26 17:20 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-03-26 17:20 458,752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-03-26 17:20 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-03-26 17:20 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-03-26 17:20 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-03-26 17:20 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-26 17:20 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-26 17:20 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-03-26 17:20 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-03-26 17:20 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-03-26 17:20 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-03-26 17:20 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-03-26 17:20 323,584 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-03-26 17:20 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-03-26 17:20 307,200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-03-26 17:20 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-03-26 17:20 3,211,264 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-03-26 17:20 3,072,000 --a------ C:\WINDOWS\system32\nvgames.dll
2007-03-26 17:20 3,006,464 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-03-26 17:20 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-03-26 17:20 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-03-26 17:20 286,720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-03-26 17:20 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-03-26 17:20 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-03-26 17:20 282,624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-03-26 17:20 278,528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-03-26 17:20 278,528 --a------ C:\WINDOWS\system32\nvrses.dll
2007-03-26 17:20 278,528 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-03-26 17:20 274,432 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-03-26 17:20 270,336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-03-26 17:20 249,856 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-03-26 17:20 245,760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-03-26 17:20 245,760 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-03-26 17:20 245,760 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-03-26 17:20 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-03-26 17:20 2,932,736 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-03-26 17:20 2,854,912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-03-26 17:20 2,465,792 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-03-26 17:20 2,043,904 --a------ C:\WINDOWS\system32\nvwss.dll
2007-03-26 17:20 188,416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-03-26 17:20 168,004 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-03-26 17:20 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-03-26 17:20 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-03-26 17:20 1,622,016 --a------ C:\WINDOWS\system32\nwiz.exe
2007-03-26 17:20 1,470,464 --a------ C:\WINDOWS\system32\nview.dll
2007-03-26 17:20 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-03-26 17:20 1,081,344 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-03-26 17:20 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-03-26 17:20 <DIR> d-------- C:\WINDOWS\nview
2007-03-26 17:19 7,774,208 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-03-26 17:19 5,747,488 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-03-26 17:19 5,745,536 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-03-26 17:19 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-03-26 17:19 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-03-26 17:19 274,432 --a------ C:\WINDOWS\system32\nvapi.dll
2007-03-26 17:19 <DIR> d-------- C:\Programme\XTreme-G MobileForce Drivers
2007-03-26 16:55 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-03-24 21:02 <DIR> d-------- C:\LAN 9
2007-03-24 00:59 <DIR> d-------- C:\Programme\BOINC
2007-03-22 17:30 139,264 --a------ C:\WINDOWS\NeoUninstall.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-18 14:29 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\skype
2007-04-18 13:46 -------- d-------- C:\Programme\flashget
2007-04-18 13:23 -------- d-------- C:\Programme\trillian
2007-04-18 12:33 -------- d-------- C:\Programme\spamihilator
2007-04-18 12:20 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\xfire
2007-04-18 12:02 -------- d-------- C:\Programme\msn messenger
2007-04-18 11:25 -------- d-------- C:\Programme\mozilla firefox 2
2007-04-18 11:08 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\openoffice.org2
2007-04-18 10:53 -------- d---s---- C:\Programme\xfire
2007-04-17 15:02 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\hamachi
2007-04-17 02:06 15360 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2007-04-16 19:18 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\teamspeak2
2007-04-16 16:57 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\bittyrant
2007-04-16 16:37 -------- d--h----- C:\Programme\installshield installation information
2007-04-16 15:10 -------- d-------- C:\Programme\icqlite
2007-04-16 14:14 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-13 20:19 -------- d-------- C:\Programme\no23 recorder
2007-04-09 18:53 26056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-02 14:27 -------- d-------- C:\Programme\intervideo
2007-04-02 01:16 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-30 12:58 48 --a------ C:\DOKUME~1\Gabriel\ANWEND~1\avsdvdplayer.m3u
2007-03-28 16:58 -------- d-------- C:\Programme\openoffice.org 2.0
2007-03-26 16:59 -------- d-------- C:\Programme\nvidia corporation
2007-03-26 16:58 -------- d-------- C:\Programme\softinterface, inc
2007-03-26 14:07 91146 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-26 14:07 450424 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-25 08:11 -------- d-------- C:\Programme\hlsw
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 00:05 -------- d-------- C:\Programme\microsoft activesync
2007-03-13 21:59 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\installshield
2007-03-12 16:05 -------- d-------- C:\Programme\paint.net
2007-03-12 13:40 -------- d-------- C:\Programme\miranda me
2007-03-09 00:02 54936 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 18:28 25 --a------ C:\WINDOWS\sw_win2000x24.dll
2007-03-02 18:47 -------- d-------- C:\Programme\microsoft works
2007-03-02 18:40 -------- d-------- C:\Programme\hewlett-packard
2007-03-01 22:17 -------- d-------- C:\DOKUME~1\Gabriel\ANWEND~1\command & conquer 3 tiberium wars demo
2007-02-28 02:20 -------- d-------- C:\Programme\filezilla server
2007-02-19 22:12 221184 --a------ C:\WINDOWS\boinc.scr
2007-02-19 16:23 -------- d-------- C:\Programme\elsterformular
2007-02-16 08:15 557056 --a------ C:\WINDOWS\system32\c-xls.dll
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-04 19:46 55949 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-01 06:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-01 06:56 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-01-31 23:27 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-01-31 01:15 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-01-30 07:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 01:37 356 --a------ C:\drmHeader.bin
2007-01-26 03:19 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-26 03:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-26 03:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-26 03:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-26 03:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-26 03:13 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-01-26 03:13 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-26 03:13 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-01-26 03:13 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-26 03:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Programme\FlashGet\jccatch.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Programme\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"Toshiba Hotkey Utility"="\"C:\\Programme\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang DE"
"NDSTray.exe"="NDSTray.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"CFSServ.exe"="CFSServ.exe -NoClient"
"TPSODDCtl"="TPSODDCtl.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Logitech Hardware Abstraction Layer"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\khalshared\\KHALMNPR.EXE\""
@=""
"IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"PadTouch"="C:\\Programme\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"T-Online DSL-Manager"="\"C:\\Programme\\T-Online\\DSL-Manager\\TODslMgr.exe\""
"TerraTec Remote Control"="\"C:\\Programme\\Gemeinsame Dateien\\TerraTec\\Remote\\TTTVRC.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"ZoneAlarm Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SoundMnEx32"="C:\\WINDOWS\\skksd32.exe"
"himem.exe"="C:\\WINDOWS\\skksd32.exe -s"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Programme\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"Spamihilator"="\"C:\\Programme\\Spamihilator\\spamihilator.exe\""
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spamihilator"="\"C:\\Programme\\Spamihilator\\Spamihilator.exe\" /waitIfProxyServiceIsService"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoTrayItemsDisplay"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isrconf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="ipsemsw3.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Mobipocket Reader Notifications"="C:\\Programme\\Mobipocket.com\\Mobipocket Reader\\readernotify.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SmoothView"="C:\\Programme\\TOSHIBA\\TOSHIBA Zoom-Dienstprogramm\\SmoothView.exe"
"TPSMain"="TPSMain.exe"
"Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"FileZilla Server Interface"="\"C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /installquiet"
"idl32.exe"="C:\\WINDOWS\\idl32.exe s"
"himem.exe"="C:\\WINDOWS\\skksd32.exe -s"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74f518f4-85fe-11db-89fb-001302c2e7b1}]
Shell\AutoRun\command F:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 14:39:33
C:\ComboFix-quarantined-files.txt ... 07-04-18 14:39

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\WINDOWS\system32

18.04.2007 14:35 140.622 msormsxm.exe
18.04.2007 14:27 1.158 wpa.dbl
18.04.2007 14:26 55.080 vsconfig.xml
18.04.2007 12:26 2.953 CONFIG.NT
18.04.2007 10:48 4 msormsxm.dat
17.04.2007 21:52 99.904 PnkBstrB.exe
17.04.2007 19:36 45.056 isrprf32.dll
17.04.2007 19:36 40.960 isrprov.exe
14.04.2007 00:39 296.456 FNTCACHE.DAT
11.04.2007 19:28 49.152 gptedrmc.dll
11.04.2007 19:28 40.960 bcshqdvd.exe
11.04.2007 19:28 49.152 ipsemsw3.dll
11.04.2007 19:28 184.320 msormsxm.dll
09.04.2007 22:02 98.304 CmdLineExt.dll
06.04.2007 14:58 109.401 nvapps.xml
03.04.2007 22:48 13.511.640 MRT.exe
03.04.2007 20:36 63.040 PnkBstrA.exe
02.04.2007 07:58 546.304 hhctrl.ocx
02.04.2007 01:16 4.212 zllictbl.dat
26.03.2007 14:07 430.400 perfh009.dat
26.03.2007 14:07 75.924 perfc009.dat
26.03.2007 14:07 450.424 perfh007.dat
26.03.2007 14:07 91.146 perfc007.dat
26.03.2007 14:07 1.060.268 PerfStringBackup.INI
17.03.2007 15:44 293.376 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
09.03.2007 00:02 54.936 vsutil_loc0407.dll
09.03.2007 00:02 22.168 imsinstall_loc0407.dll
09.03.2007 00:02 18.072 imslsp_install_loc0407.dll
09.03.2007 00:02 394.192 vsdatant.sys
09.03.2007 00:01 1.087.216 zpeng24.dll
09.03.2007 00:01 71.408 zlcommdb.dll
09.03.2007 00:01 83.696 zlcomm.dll
09.03.2007 00:01 46.832 vswmi.dll
09.03.2007 00:01 100.080 vsxml.dll
09.03.2007 00:01 472.816 vsutil.dll
09.03.2007 00:01 71.408 vsregexp.dll
09.03.2007 00:01 276.208 vspubapi.dll
09.03.2007 00:01 104.176 vsmonapi.dll
09.03.2007 00:01 157.424 vsinit.dll
09.03.2007 00:01 83.696 vsdata.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
28.02.2007 18:06 2.140.160 ntoskrnl.exe
28.02.2007 18:06 2.019.840 ntkrnlpa.exe
21.02.2007 21:00 10.752 ff_vfw.dll
16.02.2007 08:15 557.056 C-XLS.dll
15.02.2007 19:01 337.280 WgaTray.exe
15.02.2007 19:01 1.476.992 LegitCheckControl.dll
15.02.2007 19:00 236.928 WgaLogon.dll
15.02.2007 11:30 495.616 XLSConverterX.ocx
14.02.2007 15:36 226.748 TZLog.log
05.02.2007 22:18 185.856 upnphost.dll
04.02.2007 19:46 55.949 x264-uninstall.exe
01.02.2007 06:56 823.296 divx_xx07.dll
01.02.2007 06:56 823.296 divx_xx0c.dll
01.02.2007 06:56 802.816 divx_xx11.dll
01.02.2007 06:56 639.066 DivX.dll
01.02.2007 06:55 679.936 divxdec.ax
31.01.2007 23:27 4.816 divxsm.tlb
31.01.2007 23:27 524.288 DivXsm.exe
31.01.2007 01:15 118.784 DivXCodecUpdateChecker.exe
30.01.2007 07:03 10.152 dsm_de.qm
30.01.2007 07:03 3.596.288 qt-dx331.dll
30.01.2007 06:56 73.728 dpl100.dll
29.01.2007 10:58 60.416 tzchange.exe
26.01.2007 03:19 183.032 PxMas.dll
26.01.2007 03:19 72.440 pxhpinst.exe
26.01.2007 03:19 379.640 PxWave.dll
26.01.2007 03:19 502.520 pxdrv.dll
26.01.2007 03:19 1.329.912 pxsfs.dll
26.01.2007 03:19 116.472 pxcpyi64.exe
26.01.2007 03:19 118.520 pxinsi64.exe
26.01.2007 03:19 527.096 Px.dll
26.01.2007 03:19 64.760 pxcpya64.exe
26.01.2007 03:19 64.760 pxinsa64.exe
26.01.2007 03:19 129.784 pxafs.dll
26.01.2007 03:19 39.672 VXBLOCK.dll
26.01.2007 03:18 1.044.480 libdivx.dll
26.01.2007 03:18 200.704 ssldivx.dll
26.01.2007 03:13 196.608 dtu100.dll
26.01.2007 03:13 53.248 dpuGUI10.dll
26.01.2007 03:13 593.920 dpuGUI11.dll
26.01.2007 03:13 344.064 dpus11.dll
26.01.2007 03:13 57.344 dpv11.dll
26.01.2007 03:13 294.912 dpu10.dll
26.01.2007 03:13 294.912 dpu11.dll
25.01.2007 14:25 619.008 urlmon.dll
21.01.2007 23:58 1.398 mapisvc.inf
19.01.2007 13:53 51.056 sirenacm.dll
11.01.2007 14:52 664 d3d9caps.dat
11.01.2007 14:52 552 d3d8caps.dat
09.01.2007 00:43 409.600 wrap_oal.dll
09.01.2007 00:43 114.688 OpenAL32.dll
09.01.2007 00:38 15.360 BASSMOD.dll

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\DOKUME~1\Gabriel\LOKALE~1\Temp

18.04.2007 14:27 286 WCESLog.log
1 Datei(en) 286 Bytes
0 Verzeichnis(se), 24.927.592.448 Bytes frei

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\WINDOWS

18.04.2007 14:26 0 0.log
18.04.2007 14:26 159 wiadebug.log
18.04.2007 14:26 1.957.747 WindowsUpdate.log
18.04.2007 14:26 50 wiaservc.log
18.04.2007 14:25 2.048 bootstat.dat
18.04.2007 14:11 289.272 ntbtlog.txt
18.04.2007 13:23 32.606 SchedLgU.Txt
18.04.2007 12:19 338.936 setupapi.log
18.04.2007 12:06 0 fp1g9aq.scf
18.04.2007 11:41 215.221 wmsetup.log
18.04.2007 10:48 0 kodf.wav
18.04.2007 10:48 35.840 skkkkkkk.exe
17.04.2007 00:28 3.584 btm32.exe
16.04.2007 14:18 3.144.800 fmd63i.ini
16.04.2007 14:18 176.128 hefh781.dat
16.04.2007 14:10 177.152 idl32.exe
11.04.2007 14:35 133.146 MedCtrOC.log
11.04.2007 14:35 52.721 ehOCGen.log
11.04.2007 14:35 312.907 comsetup.log
11.04.2007 14:35 1.069.807 iis6.log
11.04.2007 14:35 188.938 ntdtcsetup.log
11.04.2007 14:35 432.050 tsoc.log
11.04.2007 14:35 50.676 ocmsn.log
11.04.2007 14:35 46.700 tabletoc.log
11.04.2007 14:35 1.374 imsins.log
11.04.2007 14:35 9.324 KB935448.log
11.04.2007 14:35 107.908 plusoc.log
11.04.2007 14:35 176.234 netfxocm.log
11.04.2007 14:35 451.890 ocgen.log
11.04.2007 14:35 46.553 msgsocm.log
11.04.2007 14:35 919.117 FaxSetup.log
11.04.2007 14:35 295.364 msmqinst.log
11.04.2007 14:35 1.374 imsins.BAK
11.04.2007 14:35 18.583 KB932168.log
11.04.2007 14:35 59.106 updspapi.log
11.04.2007 14:35 1.179 ie7_main.log
11.04.2007 14:35 13.783 KB931261.log
11.04.2007 14:35 13.206 KB930178.log
11.04.2007 14:34 21.773 KB931784.log
09.04.2007 19:22 263.859 DirectX.log
04.04.2007 15:13 14.673 KB925902.log
26.03.2007 17:13 26.885 KB928255.log
26.03.2007 17:01 268 ReplacerUndo.txt
22.03.2007 17:30 26 neosetup.INI
15.03.2007 14:46 10.174 KB929399.log
15.03.2007 14:44 19.415 KB929338.log
13.03.2007 17:52 373.378 setupact.log
09.03.2007 00:02 42.648 zllsputility_loc0407.dll
09.03.2007 00:02 75.512 zllsputility.exe
07.03.2007 13:34 4.583.703 discwriter.log
07.03.2007 12:27 0 OrangeBurn.log
03.03.2007 18:44 1.514 CITP_SearchHistory.INI
03.03.2007 18:28 25 SW_Win2000X24.DLL
02.03.2007 19:00 8.133 HPOins07.log
02.03.2007 18:40 20 Hposcv07.INI
28.02.2007 14:38 10.651 WgaNotify.log
19.02.2007 22:12 221.184 boinc.scr
19.02.2007 18:47 253 tm.ini
19.02.2007 16:24 35 tdf.dii
14.02.2007 15:36 34.358 KB931836.log
14.02.2007 15:35 35.617 KB928090.log
14.02.2007 15:34 17.943 KB926436.log
14.02.2007 15:34 17.645 KB918118.log
14.02.2007 15:34 17.250 KB927779.log
14.02.2007 15:34 11.963 KB924667.log
14.02.2007 15:34 14.198 KB927802.log
14.02.2007 15:33 13.367 KB928843.log
11.02.2007 17:29 28.818 DPINST.LOG
05.02.2007 14:11 139.264 NeoUninstall.exe
01.02.2007 01:56 2.276 wmsetup10.log
30.01.2007 16:06 43.438 KB909394.log
23.01.2007 18:44 6.039 WIC.log
23.01.2007 17:25 1.034.197 setupapi.log.1.old
19.01.2007 18:33 17.993 KB888111.log
10.01.2007 15:08 15.652 KB929969.log
10.01.2007 15:07 887 win.ini
06.01.2007 03:14 272 game.ini

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\WINDOWS\Temp

18.04.2007 14:26 256 ZLT07495.TMP
18.04.2007 14:26 256 ZLT07492.TMP
2 Datei(en) 512 Bytes
0 Verzeichnis(se), 24.927.678.464 Bytes frei

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\WINDOWS\Downloaded Program Files

12.04.2007 01:00 190.021 tcdefs.dat
12.04.2007 01:00 32 virscant.dat
12.04.2007 01:00 4.344.171 virscan9.dat
12.04.2007 01:00 1.717.791 virscan8.dat
12.04.2007 01:00 7.797.098 virscan7.dat
12.04.2007 01:00 2.504 catalog.dat
12.04.2007 01:00 390.652 virscan6.dat
12.04.2007 01:00 6.899 ecbootil.vxd
12.04.2007 01:00 3.648.356 virscan5.dat
12.04.2007 01:00 271.992 ecmsvr32.dll
12.04.2007 01:00 320.253 virscan4.dat
12.04.2007 01:00 148.556 virscan3.dat
12.04.2007 01:00 570.570 virscan2.dat
12.04.2007 01:00 981.338 virscan1.dat
12.04.2007 01:00 106.244 virscan.inf
12.04.2007 01:00 2.269 v.sig
12.04.2007 01:00 120.440 naveng32.dll
12.04.2007 01:00 902.776 navex32a.dll
12.04.2007 01:00 4.778 v.grd
12.04.2007 01:00 97.744 scrauth.dat
12.04.2007 01:00 3.113 tscan1hd.dat
12.04.2007 01:00 11.875 symaveng.cat
12.04.2007 01:00 1.061 symaveng.inf
12.04.2007 01:00 224 zdone.dat
12.04.2007 01:00 1.426.017 tcscan7.dat
12.04.2007 01:00 344.909 tcscan8.dat
12.04.2007 01:00 807.138 tcscan9.dat
12.04.2007 01:00 453 tinf.dat
12.04.2007 01:00 148 tinfidx.dat
12.04.2007 01:00 1.957 tinfl.dat
12.04.2007 01:00 65.737 tscan1.dat
11.12.2006 17:44 367 LegitCheckControl.inf

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: BCAF-9954

Verzeichnis von C:\

18.04.2007 14:45 0 sys.txt
18.04.2007 14:44 2.512 down.txt
18.04.2007 14:44 327 tmp.txt
18.04.2007 14:43 15.882 system.txt
18.04.2007 14:41 294 systemtemp.txt
18.04.2007 14:41 119.535 system32.txt
18.04.2007 14:39 21.909 ComboFix.txt
18.04.2007 14:39 271 ComboFix-quarantined-files.txt
18.04.2007 14:25 1.071.828.992 hiberfil.sys
18.04.2007 14:25 1.572.864.000 pagefile.sys
29.01.2007 01:37 356 drmHeader.bin
06.01.2007 18:24 309 ToCaclLg.txt
09.12.2006 16:07 31.806 ASLog.txt
01.12.2006 08:21 7.707 TDSLCheck.txt
14.11.2006 23:44 192 BcBtRmv.log
30.10.2006 02:21 1.066.496 ehthumbs.db
23.10.2006 01:59 268 sqmdata00.sqm
23.10.2006 01:59 244 sqmnoopt00.sqm
18.10.2006 09:42 209 boot.ini
04.04.2006 20:26 388 SWSTAMP.TXT
17.03.2006 14:02 0 AUTOEXEC.BAT
17.03.2006 14:02 0 IO.SYS
17.03.2006 14:02 0 CONFIG.SYS
17.03.2006 14:02 0 MSDOS.SYS
10.08.2004 15:00 47.564 NTDETECT.COM
10.08.2004 15:00 251.184 ntldr
10.08.2004 15:00 4.952 bootfont.bin
27 Datei(en) 2.646.265.397 Bytes
0 Verzeichnis(se), 24.927.653.888 Bytes frei

Die einzelnen Dateien:

Zitat

Complete scanning result of "msormsxm.dll", received in VirusTotal at 04.18.2007, 14:30:44 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.18.0 04.18.2007 no virus found
AntiVir 7.3.1.53 04.18.2007 WORM/Stration.Gen
Authentium 4.93.8 04.18.2007 W32/Warezov.gen4
Avast 4.7.981.0 04.17.2007 no virus found
AVG 7.5.0.447 04.18.2007 no virus found
BitDefender 7.2 04.18.2007 DeepScan:Generic.Stration.E0030A6A
CAT-QuickHeal 9.00 04.17.2007 I-Worm.Warezov.na
ClamAV devel-20070312 04.18.2007 Worm.Stration.ACH-7
DrWeb 4.33 04.18.2007 no virus found
eSafe 7.0.15.0 04.17.2007 Win32.Warezov.na
eTrust-Vet 30.7.3576 04.18.2007 Win32/Stration!generic
Ewido 4.0 04.18.2007 Worm.Warezov.na
FileAdvisor 1 04.18.2007 no virus found
Fortinet 2.85.0.0 04.18.2007 no virus found
F-Prot 4.3.2.48 04.17.2007 W32/Warezov.gen4
F-Secure 6.70.13030.0 04.18.2007 Email-Worm.Win32.Warezov.na
Ikarus T3.1.1.5 04.18.2007 Email-Worm.Win32.Warezov
Kaspersky 4.0.2.24 04.18.2007 Email-Worm.Win32.Warezov.na
McAfee 5011 04.17.2007 no virus found
Microsoft 1.2405 04.18.2007 Trojan:Win32/Stration.F!dll
NOD32v2 2201 04.18.2007 Win32/Stration.YO
Norman 5.80.02 04.18.2007 W32/Stration.FBE
Panda 9.0.0.4 04.18.2007 no virus found
Prevx1 V2 04.18.2007 no virus found
Sophos 4.16.0 04.17.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 W32.Stration@mm
Symantec 10 04.18.2007 W32.Stration@mm
TheHacker 6.1.6.095 04.15.2007 W32/Warezov.na
VBA32 3.11.3 04.18.2007 Worm.Win32.Stration.YO
VirusBuster 4.3.7:9 04.17.2007 no virus found
Webwasher-Gateway 6.0.1 04.18.2007 Worm.Stration.Gen

Aditional Information
File size: 184320 bytes
MD5: 8a960b156c7496dc218fc5ae8af8ce1b
SHA1: 218821712bbbad0c5023bc63dccc9ad718963ad6

Zitat

Complete scanning result of "ipsemsw3.dll", received in VirusTotal at 04.18.2007, 14:46:33 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.18.0 04.18.2007 no virus found
AntiVir 7.3.1.53 04.18.2007 WORM/Stration.Gen
Authentium 4.93.8 04.18.2007 no virus found
Avast 4.7.981.0 04.17.2007 no virus found
AVG 7.5.0.447 04.18.2007 I-Worm/Stration.CUH
BitDefender 7.2 04.18.2007 Win32.Warezov.XH@mm
CAT-QuickHeal 9.00 04.17.2007 no virus found
ClamAV devel-20070312 04.18.2007 Worm.Stration.ACH-5
DrWeb 4.33 04.18.2007 no virus found
eSafe 7.0.15.0 04.17.2007 Win32.Warezov.dc
eTrust-Vet 30.7.3576 04.18.2007 no virus found
Ewido 4.0 04.18.2007 Worm.Warezov.dc
FileAdvisor 1 04.18.2007 no virus found
Fortinet 2.85.0.0 04.18.2007 W32/Stration.DC@mm
F-Prot 4.3.2.48 04.17.2007 no virus found
F-Secure 6.70.13030.0 04.18.2007 Email-Worm.Win32.Warezov.dc
Ikarus T3.1.1.5 04.18.2007 Email-Worm.Win32.Warezov.dc
Kaspersky 4.0.2.24 04.18.2007 Email-Worm.Win32.Warezov.dc
McAfee 5011 04.17.2007 no virus found
Microsoft 1.2405 04.18.2007 Trojan:Win32/Stration.F!dll
NOD32v2 2201 04.18.2007 Win32/Stration.YO
Norman 5.80.02 04.18.2007 W32/Stration.FCF
Panda 9.0.0.4 04.18.2007 W32/Spamta.VY.worm
Prevx1 V2 04.18.2007 no virus found
Sophos 4.16.0 04.17.2007 W32/Strati-Gen
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.18.2007 W32.Stration!gen
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.18.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.7:9 04.17.2007 no virus found
Webwasher-Gateway 6.0.1 04.18.2007 Worm.Stration.Gen

Zitat

Complete scanning result of "spacklsp.dll", received in VirusTotal at 04.18.2007, 14:48:51 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.18.0 04.18.2007 no virus found
AntiVir 7.3.1.53 04.18.2007 no virus found
Authentium 4.93.8 04.18.2007 no virus found
Avast 4.7.981.0 04.17.2007 no virus found
AVG 7.5.0.447 04.18.2007 no virus found
BitDefender 7.2 04.18.2007 no virus found
CAT-QuickHeal 9.00 04.17.2007 no virus found
ClamAV devel-20070312 04.18.2007 no virus found
DrWeb 4.33 04.18.2007 no virus found
eSafe 7.0.15.0 04.17.2007 no virus found
eTrust-Vet 30.7.3576 04.18.2007 no virus found
Ewido 4.0 04.18.2007 no virus found
FileAdvisor 1 04.18.2007 no virus found
Fortinet 2.85.0.0 04.18.2007 no virus found
F-Prot 4.3.2.48 04.17.2007 no virus found
F-Secure 6.70.13030.0 04.18.2007 no virus found
Ikarus T3.1.1.5 04.18.2007 no virus found
Kaspersky 4.0.2.24 04.18.2007 no virus found
McAfee 5011 04.17.2007 no virus found
Microsoft 1.2405 04.18.2007 no virus found
NOD32v2 2201 04.18.2007 no virus found
Norman 5.80.02 04.18.2007 no virus found
Panda 9.0.0.4 04.18.2007 no virus found
Prevx1 V2 04.18.2007 no virus found
Sophos 4.16.0 04.17.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 no virus found
Symantec 10 04.18.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.18.2007 no virus found
VirusBuster 4.3.7:9 04.17.2007 no virus found
Webwasher-Gateway 6.0.1 04.18.2007 no virus found

#4 Hi,
virustotal:
Files bitte prüfen da unbekannt.
Falls diese als Virus/Trojaner erkannt werden, Bitte
File mit Pfad beim Avengerscript (Files to
delete) ergänzen und die entsprechenden
Einträge bei Hijackthis ergänzen!

Zitat

C:\WINDOWS\System32\shfoxpob.exe
C:\WINDOWS\skksd32.exe
C:\WINDOWS\system32\amcconf.exe

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu

prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Also:
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|himem.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SoundMnEx32

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs

Files to delete:
C:\WINDOWS\system32\msormsxm.dll
C:\WINDOWS\system32\ipsemsw3.dll
C:\WINDOWS\system32\gptedrmc.dll
C:\WINDOWS\system32\bcshqdvd.exe
C:\WINDOWS\system32\msormsxm.dat
C:\WINDOWS\system32\msormsxm.dll
C:\WINDOWS\system32\bcshqdvd.exe
C:\WINDOWS\tife32.exe
C:\WINDOWS\skcsd32.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skksd32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skksd32.exe
09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - AppInit_DLLs: ipsemsw3.dll
O20 - Winlogon Notify: msormsxm - C:\WINDOWS\system32\msormsxm.dll

scanne mit ewido und poste den scanreport
http://virus-protect.org/onlinescan.html

Danach bitte neues Hijackthis-Log...

Chris

#5

Zitat

Chris4You postete
Hi,
virustotal:
Files bitte prüfen da unbekannt.
Falls diese als Virus/Trojaner erkannt werden, Bitte
File mit Pfad beim Avengerscript (Files to
delete) ergänzen und die entsprechenden
Einträge bei Hijackthis ergänzen!

Zitat

C:\WINDOWS\System32\shfoxpob.exe
C:\WINDOWS\skksd32.exe
C:\WINDOWS\system32\amcconf.exe

http://www.virustotal.com/flash/index_en.html
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu

prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Kommt bei allen 3:
0 bytes size received / Se ha recibido un archivo vacio

Zitat

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kllphrol

*******************

Script file located at: \??\C:\WINDOWS\hapcahqe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\msormsxm.dll deleted successfully.
File C:\WINDOWS\system32\ipsemsw3.dll deleted successfully.
File C:\WINDOWS\system32\gptedrmc.dll deleted successfully.
File C:\WINDOWS\system32\bcshqdvd.exe deleted successfully.
File C:\WINDOWS\system32\msormsxm.dat deleted successfully.


File C:\WINDOWS\system32\msormsxm.dll not found!
Deletion of file C:\WINDOWS\system32\msormsxm.dll failed!

Could not process line:
C:\WINDOWS\system32\msormsxm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\bcshqdvd.exe not found!
Deletion of file C:\WINDOWS\system32\bcshqdvd.exe failed!

Could not process line:
C:\WINDOWS\system32\bcshqdvd.exe
Status: 0xc0000034



File C:\WINDOWS\tife32.exe not found!
Deletion of file C:\WINDOWS\tife32.exe failed!

Could not process line:
C:\WINDOWS\tife32.exe
Status: 0xc0000034



File C:\WINDOWS\skcsd32.exe not found!
Deletion of file C:\WINDOWS\skcsd32.exe failed!

Could not process line:
C:\WINDOWS\skcsd32.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|himem.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SoundMnEx32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Hijack zeigt die von dir angegebenen Zeilen nicht an ^^

Hier der Log:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 16:46:27, on 18.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Skype\Plugin Manager\Skype4COM.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: isrconf - cfgamc.dll (file missing)
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Zitat

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Atdmt
Path: C:\Dokumente und Einstellungen\Gabriel\Cookies\gabriel@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Dokumente und Einstellungen\Gabriel\Cookies\gabriel@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: C:\Dokumente und Einstellungen\Gabriel\Cookies\gabriel@ivwbox[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Dokumente und Einstellungen\Gabriel\Cookies\gabriel@msnportal.112.2o7[1].txt
Risk: Medium

Name: Worm.Warezov.dc
Path: C:\avenger\backup.zip/avenger/ipsemsw3.dll
Risk: High

Name: Worm.Warezov.na
Path: C:\avenger\backup.zip/avenger/msormsxm.dll
Risk: High

Name: TrackingCookie.I12
Path: :mozilla.28:C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Mozilla\Firefox\Profiles\w78jrs8r.default\cookies.txt
Risk: Medium

Name: TrackingCookie.I12
Path: :mozilla.29:C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Mozilla\Firefox\Profiles\w78jrs8r.default\cookies.txt
Risk: Medium

Name: TrackingCookie.I12
Path: :mozilla.30:C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Mozilla\Firefox\Profiles\w78jrs8r.default\cookies.txt
Risk: Medium

Name: TrackingCookie.I12
Path: :mozilla.33:C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Mozilla\Firefox\Profiles\w78jrs8r.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.40:C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Mozilla\Firefox\Profiles\w78jrs8r.default\cookies.txt
Risk: Medium

Name: Not-A-Virus.PSWTool.Win32.Messen.106
Path: C:\Dokumente und Einstellungen\Gabriel\Desktop\mspass.zip/mspass.exe
Risk: Low

Name: Worm.Warezov.na
Path: C:\Downloads\archive.exe
Risk: High

Name: Worm.Warezov.mo
Path: C:\WINDOWS\system32\isrprf32.dll
Risk: High

Name: Worm.Warezov.mo
Path: C:\WINDOWS\system32\isrprov.exe
Risk: High

Name: Worm.Warezov.na
Path: C:\WINDOWS\system32\msormsxm.exe
Risk: High

#6 Hallo,

also Runde II:

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:


registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isrconf

Registry values to replace with dummy:


Files to delete:
C:\WINDOWS\system32\msormsxm.exe
C:\WINDOWS\system32\isrprov.exe
C:\WINDOWS\system32\isrprf32.dll
C:\WINDOWS\system32\cfgamc.dll
C:\Downloads\archive.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O20 - Winlogon Notify: isrconf - cfgamc.dll (file missing)

PC neu starten...
Neue Logs posten....

Chris

#7

Zitat

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cgjvpmwe

*******************

Script file located at: \??\C:\Program Files\coqhpcjm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\msormsxm.exe not found!
Deletion of file C:\WINDOWS\system32\msormsxm.exe failed!

Could not process line:
C:\WINDOWS\system32\msormsxm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\isrprov.exe not found!
Deletion of file C:\WINDOWS\system32\isrprov.exe failed!

Could not process line:
C:\WINDOWS\system32\isrprov.exe
Status: 0xc0000034



File C:\WINDOWS\system32\isrprf32.dll not found!
Deletion of file C:\WINDOWS\system32\isrprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\isrprf32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cfgamc.dll not found!
Deletion of file C:\WINDOWS\system32\cfgamc.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgamc.dll
Status: 0xc0000034



File C:\Downloads\archive.exe not found!
Deletion of file C:\Downloads\archive.exe failed!

Could not process line:
C:\Downloads\archive.exe
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isrconf deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 12:54:24, on 19.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HijackThis.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\AntiVir PersonalEdition Classic\update.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Skype\Plugin Manager\Skype4COM.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#8 Hi,

so bis auf "O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)" sieht es OK aus...
Über hijack fixen lassen...

Chris

#9

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 13:32:17, on 20.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Toshiba\Windows Utilities\Hotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Trillian\trillian.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Mozilla Firefox 2\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Dokumente und Einstellungen\Gabriel\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Skype\Plugin Manager\Skype4COM.dll (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Wenn hier alles normal ist, sag ich mal ein fettes danke