Virus 'HIDDENEXT/Crypted' und mehrere Trojaner

Nasir2007

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:57, on 05.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\Temp\tHeT.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ja.lproj\SyncUICoreLocalizedSyncUICore.exe
C:\Windows\Temp\xkNi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Users\Marv\Desktop\OTL.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marv\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nvStInstStereoscpic] C:\Windows\Temp\xkNi.exe
O4 - HKLM\..\Run: [SyncUICoreLocalizedSyncUICoreRessource] c:\program files\common files\apple\mobile device support\syncuicore.resources\de.lproj\syncuicoreressourcesyncuicorelocalized.exe
O4 - HKLM\..\Run: [WindowsMicrosoft] c:\program files\common files\microsoft shared\ink\et-ee\systemwindows.exe
O4 - HKLM\..\Run: [SyncUICoreLocalizedSyncUICore] c:\program files\common files\apple\mobile device support\syncuicore.resources\ja.lproj\syncuicorelocalizedsyncuicore.exe
O4 - HKLM\..\Run: [Stereoscpicdriver] c:\windows\temp\xkni.exe
O4 - HKLM\..\Run: [MobileMeSyncUICoreLocalized] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
O4 - HKLM\..\Run: [tipresxOperating] C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
O4 - HKLM\..\Run: [nvStInstdriver] c:\windows\temp\thet.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [driverInstaller] C:\Windows\Temp\xkNi.exe
O4 - HKLM\..\RunServices: [RecursosQuickTimeQuickTime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\pt.lproj\recursosquicktimerecursosquicktime.exe
O4 - HKLM\..\RunServices: [DynamicLibrary] c:\program files\ageia technologies\v2.5.1\physxcookinglink.exe
O4 - HKLM\..\RunServices: [SystemWindows] c:\program files\common files\apple\mobile device support\netdrivers\wdfcoinstalleroperating1.5.6000.0.exe
O4 - HKLM\..\RunServices: [nvStInstInstaller] c:\windows\temp\ywhg.exe
O4 - HKLM\..\RunServices: [MobileMeSyncUICoreRessource] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
O4 - HKLM\..\RunServices: [tipresxSystem] C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7243 bytes

__________________