Virtuamonde und andere Schädlinge

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:29, on 21.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Programme\G DATA\AVKClient\AVKCl.exe
F:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] F:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AvkClient] F:\Programme\G DATA\AVKClient\AVKCl.exe /GUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IRReceive] F:\Programme\IRReceive\IRReceive.exe
O4 - HKLM\..\Run: [86387ae0] rundll32.exe "F:\WINDOWS\system32\qwujythd.dll",b
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "F:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2690] command /c del "F:\WINDOWS\system32\jkkLCvsS.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2446] cmd /c del "F:\WINDOWS\system32\jkkLCvsS.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Message-Bob] F:\Programme\Message-Bob\Message-Bob.exe /a
O4 - HKCU\..\Run: [wallp2.exe] F:\Dokumente und Einstellungen\*\Anwendungsdaten\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] F:\Dokumente und Einstellungen\*\Anwendungsdaten\System Restore\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] F:\Dokumente und Einstellungen\*\Anwendungsdaten\System Restore\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] F:\Dokumente und Einstellungen\*\Anwendungsdaten\System Restore\ssqbn.exe
O4 - HKCU\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9080] command /c del "F:\WINDOWS\system32\jkkLCvsS.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8297] cmd /c del "F:\WINDOWS\system32\jkkLCvsS.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hardcopy.LNK = F:\Programme\Hardcopy\hardcopy.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = F:\lotus\smartctr\suitest.exe
O4 - Global Startup: TMMonitor.lnk = F:\Programme\ArcSoft\TotalMedia 3\TMMonitor.exe
O4 - Global Startup: Verknüpfung mit buchhaltung.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146572401733
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *.dom
O17 - HKLM\Software\..\Telephony: DomainName = *.dom
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1CC6FD-3C40-4C05-8B2B-6FF3F046E01E}: NameServer = 192.168.0.*
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9FD0A-72FD-4454-8F26-EB14B491F2E7}: NameServer = 192.168.0.*
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *.dom
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = *.dom
O23 - Service: G DATA AntiVirus Client (AntiVirusKit Client) - G DATA Software AG - F:\Programme\G DATA\AVKClient\AVKCl.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVKProxy - G DATA Software AG - F:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - F:\Programme\G DATA\AVKClient\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - F:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - F:\Programme\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - F:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7728 bytes