Trojaner-Board - Bifrost entfernen

Hier der Malwarebyteslog

Code:

Malwarebytes' Anti-Malware 1.30

Datenbank Version: 1417

Windows 5.1.2600 Service Pack 2
 

23.11.2008 17:21:21

mbam-log-2008-11-23 (17-21-21).txt
 

Scan-Methode: Vollständiger Scan (C:\|)

Durchsuchte Objekte: 156605

Laufzeit: 55 minute(s), 13 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\WINDOWS\system32\mlJAssPJ.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Und hier der Silentrunnerlog

Code:

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"
 
 

Startup items buried in registry:

---------------------------------
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"TuneUp MemOptimizer" = ""C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart" ["TuneUp Software GmbH"]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"DU Meter" = "C:\Programme\DU Meter\DUMeter.exe" ["Hagel Technologies Ltd"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"Malwarebytes' Anti-Malware" = "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent" ["Malwarebytes Corporation"]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"

  -> {HKLM...CLSID} = "IEVkbdBHO Class"

                   \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"

  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

  -> {HKLM...CLSID} = "History Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Meine freigegebenen Ordner"

                   \InProcServer32\(Default) = "C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" ["Alexander Roshal"]

"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

  -> {HKLM...CLSID} = "TuneUp Theme Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]

"{4838CD50-7E5D-4811-9B17-C47A85539F28}" = "TuneUp Disk Space Explorer Shell Extension"

  -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für den Schutz des Web-Datenverkehrs"

  -> {HKLM...CLSID} = "Statistik für den Schutz des Web-Datenverkehrs"

                   \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
 

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\fccaYomL"
 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

<<!>> mlJAssPJ\DLLName = "mlJAssPJ.dll" [file not found]
 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" ["Alexander Roshal"]
 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

TuneUp Disk Space Explorer Shell Extension\(Default) = "{4838CD50-7E5D-4811-9B17-C47A85539F28}"

  -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" ["Alexander Roshal"]
 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

  -> {HKLM...CLSID} = "MBAMShlExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" ["Alexander Roshal"]
 

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

  -> {HKLM...CLSID} = "MBAMShlExt Class"

                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
 
 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------
 

Note: detected settings may not have any effect.
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}
 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}
 
 

Active Desktop and Wallpaper:

-----------------------------
 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 
 

Windows Portable Device AutoPlay Handlers

-----------------------------------------
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

  -> {HKLM...CLSID} = "WPDShextAutoplay"

                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
 

NeroAutoPlay7AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks /Drive:%L" ["Nero AG"]
 

NeroAutoPlay7CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /New:AudioCD" ["Nero AG"]
 

NeroAutoPlay7CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayMusicFilesOnArrival_CopyCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayMusicFilesOnArrival_CopyCD\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy /Drive:%L" ["Nero AG"]
 

NeroAutoPlay7DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /New:ISODisc" ["Nero AG"]
 

NeroAutoPlay7LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Programme\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
 

NeroAutoPlay7PlayAudioCD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayMusicFilesOnArrival_PlayAudioCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L" ["Nero AG"]
 

NeroAutoPlay7PlayDVD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayVideoFilesOnArrival_PlayDVD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L" ["Nero AG"]
 

NeroAutoPlay7RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks /Drive:%L" ["Nero AG"]
 

NeroAutoPlay7TranscodeVideo\

"Provider" = "Nero Recode"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayDVDMovieOnArrival_TranscodeVideo"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVDMovieOnArrival_TranscodeVideo\command\(Default) = "C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]
 

NeroAutoPlay7VideoCapture\

"Provider" = "Nero Vision"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "VideoCameraArrival_VideoCapture"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\VideoCameraArrival_VideoCapture\command\(Default) = "C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe /New:VideoCapture" ["Nero AG"]
 

NeroAutoPlay7ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]
 

PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]
 

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
 

PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
 

SonyDVConnectVegas5\

"Provider" = "Sony Vegas 5.0"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Programme\Sony\Vegas 5.0\vegas50.exe""

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
 
 

Winsock2 Service Provider DLLs:

-------------------------------
 

Namespace Service Providers
 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 

Transport Service Providers
 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 

Toolbars, Explorer Bars, Extensions:

------------------------------------
 

Explorer Bars
 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
 

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für den Schutz des Web-Datenverkehrs"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
 

Extensions (Tools menu items, main toolbar menu buttons)
 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Konsole"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
 

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Statistik für den Schutz des Web-Datenverkehrs"
 

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ Lite"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]
 
 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------
 

Ad-Aware 2007 Service, aawservice, ""C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]

Kaspersky Internet Security, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Sygate Personal Firewall, SmcService, "C:\Programme\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]

TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]}

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
 
 

---------- (launch time: 2008-11-23 17:23:47)

<<!>>: Suspicious data at a malware launch point.
 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 43 seconds, including 5 seconds for message boxes)

Hier der Combofixlog

Code:

ComboFix 08-11-22.02 - Besitzer 2008-11-23 17:28:39.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.1556 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\Downloads\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt
 
 Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\temp\vtmp2

c:\windows\system32\dNXyyyxx.ini

c:\windows\system32\dNXyyyxx.ini2

c:\windows\system32\LmoYaccf.ini

c:\windows\system32\LmoYaccf.ini2

c:\windows\system32\MSINET.oca

c:\windows\system32\RCJTCJlm.ini

c:\windows\system32\RCJTCJlm.ini2

c:\windows\system32\tmp42.tmp
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Service_NPF
 
 

(((((((((((((((((((((((   Dateien erstellt von 2008-10-23 bis 2008-11-23  ))))))))))))))))))))))))))))))

.
 

2008-11-23 16:20 . 2008-11-23 16:20        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware

2008-11-23 16:20 . 2008-11-23 16:20        <DIR>        d--------        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

2008-11-23 16:20 . 2008-11-23 16:20        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-11-23 16:20 . 2008-10-22 16:10        38,496        --a------        c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-23 16:20 . 2008-10-22 16:10        15,504        --a------        c:\windows\system32\drivers\mbam.sys

2008-11-23 15:50 . 2008-11-23 15:54        96,976        --a------        c:\windows\system32\drivers\klin.dat

2008-11-23 15:50 . 2008-11-23 15:54        87,855        --a------        c:\windows\system32\drivers\klick.dat

2008-11-23 15:49 . 2008-11-23 15:49        <DIR>        d--------        c:\programme\Kaspersky Lab

2008-11-23 15:49 . 2008-11-23 16:00        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2008-11-23 15:49 . 2008-11-23 17:31        4,408,352        --ahs----        c:\windows\system32\drivers\fidbox.dat

2008-11-23 15:49 . 2008-11-23 17:31        344,096        --ahs----        c:\windows\system32\drivers\fidbox2.dat

2008-11-23 15:49 . 2008-11-23 17:31        40,760        --ahs----        c:\windows\system32\drivers\fidbox.idx

2008-11-23 15:49 . 2008-11-23 17:31        2,256        --ahs----        c:\windows\system32\drivers\fidbox2.idx

2008-11-23 15:14 . 2008-11-23 15:22        9,951,782        --a------        c:\windows\system32\POWTI

2008-11-21 00:56 . 2008-11-13 16:20        203,540        --a------        c:\windows\system32\nvapps.nvb

2008-11-19 21:22 . 2008-11-19 21:22        <DIR>        d--------        c:\programme\QuickPar

2008-11-19 21:11 . 2008-11-19 21:36        <DIR>        d--------        C:\Need for Speed Undercover

2008-11-19 16:05 . 2008-11-19 16:05        <DIR>        d--------        c:\programme\JoWooD

2008-11-19 16:05 . 2008-11-22 23:10        <DIR>        d--------        C:\Gothic III - Götterdämmerung

2008-11-16 22:43 . 2008-11-16 22:47        <DIR>        d--------        C:\lo

2008-11-16 17:32 . 2008-11-16 17:32        <DIR>        d--------        c:\programme\TuneUp Utilities 2009

2008-11-16 17:31 . 2008-11-16 17:31        <DIR>        d--hs----        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}

2008-11-15 16:51 . 2008-11-15 16:51        <DIR>        d--------        c:\programme\DAMN NFO Viewer

2008-11-15 15:49 . 2008-11-15 15:49        <DIR>        d--------        c:\programme\GrabIt

2008-11-15 15:06 . 2008-11-15 15:06        <DIR>        d--------        c:\programme\LimeWire

2008-11-15 14:16 . 2008-11-15 15:44        <DIR>        d--------        c:\programme\SABnzbd

2008-11-15 14:02 . 2008-11-15 14:02        <DIR>        d--------        c:\dokumente und einstellungen\Besitzer\Downloads

2008-11-15 14:02 . 2008-11-15 14:31        <DIR>        d--------        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\NewsLeecher

2008-11-15 13:58 . 2008-11-15 14:06        <DIR>        d--------        c:\programme\NewsLeecher

2008-11-15 13:58 . 2008-11-15 20:49        <DIR>        d--------        c:\programme\AltBinz

2008-11-15 03:04 . 2008-11-15 03:14        <DIR>        d--------        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\GrabIt

2008-11-14 22:25 . 2008-11-14 22:25        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fallout3

2008-11-14 22:23 . 2008-11-14 23:42        <DIR>        d--------        C:\Fallout 3

2008-11-14 15:54 . 2008-11-14 15:55        <DIR>        d--------        c:\programme\Trillia

2008-11-14 15:52 . 2008-11-15 02:33        <DIR>        d--------        c:\programme\Trillian

2008-11-14 15:35 . 2008-11-14 15:53        <DIR>        d--------        c:\programme\Trillianne

2008-11-14 14:25 . 2008-11-16 17:32        362,240        --a------        c:\windows\system32\TuneUpDefragService.exe

2008-11-14 14:25 . 2008-11-12 16:44        27,904        --a------        c:\windows\system32\uxtuneup.dll

2008-11-12 14:54 . 2008-11-12 14:54        1,564,672        --a------        c:\windows\system32\nvcuda.dll

2008-11-12 14:54 . 2008-11-12 14:54        1,108,512        --a------        c:\windows\system32\nvcpluir.dll

2008-11-12 14:54 . 2008-11-12 14:54        801,312        --a------        c:\windows\system32\nvcplui.exe

2008-11-12 14:54 . 2008-11-12 14:54        420,384        --a------        c:\windows\system32\nvcpl.cpl

2008-11-08 16:33 . 2008-11-08 16:40        <DIR>        d--------        C:\Call of Duty - World at War

2008-11-07 00:31 . 2008-11-07 00:31        <DIR>        d--------        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\CommunicaEtor

2008-11-06 21:31 . 2008-11-15 15:43        <DIR>        d--------        c:\programme\aEton CommunicaEor

2008-11-05 18:06 . 2008-11-05 18:06        <DIR>        d--------        C:\Far Cry 2

2008-10-29 11:22 . 2008-11-02 16:57        <DIR>        d--------        C:\Hans Handy

2008-10-29 11:14 . 2008-10-29 11:14        <DIR>        d--------        c:\programme\PC Connectivity Solution

2008-10-29 11:14 . 2007-09-17 15:53        21,632        --a------        c:\windows\system32\drivers\pccsmcfd.sys

2008-10-23 21:22 . 2008-10-23 21:25        <DIR>        d--------        c:\programme\RSPC
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-23 14:43        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

2008-11-23 03:31        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan

2008-11-23 02:41        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\dvdcss

2008-11-22 19:21        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\UseNeXT

2008-11-22 19:00        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Azureus

2008-11-21 14:39        ---------        d-----w        c:\programme\Mozilla Thunderbird

2008-11-20 23:58        ---------        d-----w        c:\programme\Gemeinsame Dateien\Wise Installation Wizard

2008-11-20 23:57        ---------        d-----w        c:\programme\AGEIA Technologies

2008-11-19 20:38        138,184        ----a-w        c:\windows\system32\drivers\PnkBstrK.sys

2008-11-18 16:06        ---------        d-----w        c:\programme\SFT Loader

2008-11-15 19:22        ---------        d-----w        c:\programme\mIRC

2008-11-15 19:22        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\NoNameScript

2008-11-15 14:25        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\LimeWire

2008-11-15 02:41        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\McLoad

2008-11-14 21:25        ---------        d--h--w        c:\programme\InstallShield Installation Information

2008-11-14 21:11        ---------        d-----w        c:\programme\Steam

2008-11-14 14:59        34,105,245        ----a-w        c:\programme\TrillianFUNZT.rar

2008-11-14 14:27        ---------        d-----w        c:\programme\Trillianstd

2008-11-14 13:26        ---------        d-----w        c:\programme\TuneUp Utilities 2008

2008-11-12 13:54        6,188,320        ----a-w        c:\windows\system32\drivers\nv4_mini.sys

2008-11-10 09:51        ---------        d-----w        c:\programme\Spybot - Search & Destroy

2008-10-31 15:17        ---------        d-----w        c:\programme\CryptLoad_1.0.4

2008-10-30 18:20        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PC Suite

2008-10-30 18:18        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations

2008-10-29 10:16        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2008-10-27 19:34        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Hamachi

2008-10-26 19:11        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Skype

2008-10-26 18:42        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\skypePM

2008-10-12 16:41        ---------        d-----w        c:\programme\Winamp

2008-10-11 04:09        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Winamp

2008-10-02 00:09        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\HLSW

2008-10-01 20:35        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\teamspeak2

2008-10-01 19:21        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Leadertech

2008-09-30 15:04        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\VoipStunt

2008-09-30 13:53        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2008-09-29 23:53        ---------        d-----w        c:\programme\AV Vcs 6.0 DIAMOND

2008-09-29 23:49        ---------        d-----w        c:\programme\AV Vcs 6.0

2008-09-29 23:28        ---------        d-----w        c:\programme\No23 Recorder

2008-09-29 23:23        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution

2008-09-29 22:53        ---------        d-----w        c:\programme\Monsters

2008-09-28 18:29        48,397        ----a-w        c:\windows\UninstVeetleTVPlayer.exe

2008-09-27 10:36        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\uTorrent

2008-09-26 19:41        163,840        ----a-w        c:\windows\LgxSetup.exe

2008-09-26 19:41        ---------        d-----w        c:\programme\Gemeinsame Dateien\Logox.4.0

2008-09-25 21:08        ---------        d-----w        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mumble

2008-09-25 21:03        ---------        d-----w        c:\programme\Mumble

2008-09-25 20:58        ---------        d-----w        c:\programme\VogueSystemsLLC

2008-09-25 20:21        ---------        d-----w        c:\programme\VoipStunt.com

2007-08-21 03:25        460,928        ----a-w        c:\windows\inf\WN111\Mrvw245.sys

2007-05-24 13:58        249,856        ----a-w        c:\windows\inf\WN111\InsDrv2k.exe

2006-07-05 10:21        212,992        ----a-w        c:\windows\inf\WN111\CopyWHQLDriver.exe

2005-11-17 14:46        845,736        ----a-w        c:\windows\inf\WN111\DPInst.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TuneUp MemOptimizer"="c:\programme\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-11 154368]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

"DU Meter"="c:\programme\DU Meter\DUMeter.exe" [2006-11-27 1582616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

--a------ 2005-04-10 14:13 2904660 c:\programme\ICQLite\ICQLite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-10-25 19:26 1410296 c:\programme\Steam\Steam.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Octoshape Streaming Services"="c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe" -inv:bootrun

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

"SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe

"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" /background

"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DAEMON Tools-1033"="c:\programme\D-Tools\daemon.exe"  -lang 1033

"CTHelper"=CTHELPER.EXE

"CTxfiHlp"=CTXFIHLP.EXE

"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_03\bin\jusched.exe"

"LanguageShortcut"=c:\programme\CyberLink\PowerDVD\Language\Language.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"g:\\Programme\\miranda\\Neuer Ordner\\MirandaProZ\\miranda32.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\steamapps\\huette\\counter-strike\\hl.exe"=

"c:\\Programme\\uTorrent\\uTorrent.exe"=

"c:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Programme\\ICQLite\\ICQLite.exe"=

"c:\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programme\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=

"c:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"m:\\Games\\grid\\GRID.exe"=

"c:\\F.E.A.R. Mission Perseus\\FEARXP2.exe"=

"m:\\Games\\fear\\FEAR.exe"=

"m:\\Games\\fear\\FEARMP.exe"=

"m:\\Games\\fear\\FEARXP\\FEARXP.exe"=

"c:\\Programme\\PPMate\\ppmate.exe"=

"c:\\Programme\\PPMate\\ppmnet.exe"=

"c:\\Programme\\Atari\\AITD\\Alone.exe"=

"m:\\Games\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=

"m:\\Games\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=

"c:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-09-15 2915944]

R1 PsSdk41;PsSdk41;\??\c:\windows\system32\Drivers\pssdk41.sys [2008-09-14 36928]

R1 PsSdkLBF;PsSdkLBF;\??\c:\windows\system32\Drivers\pssdklbf.sys [2008-09-14 53312]

R2 UxTuneUp;TuneUp Designerweiterung;c:\windows\System32\svchost.exe -k netsvcs [2006-02-28 14336]

R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-06-01 1107968]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]

S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []

S2 ScrambyServer;Scramby Server;"c:\programme\RapidSolution\Scramby\ScrambyServer.exe" []

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe []

S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-08-08 23840]

S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;c:\windows\System32\TuneUpDefragService.exe [2008-11-14 362240]
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

Notify-mlJAssPJ - mlJAssPJ.dll
 
 

.

------- Zusätzlicher Suchlauf -------

.

FireFox -: Profile - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ubte5q17.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.de/search?q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de

FF -: plugin - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ubte5q17.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF -: plugin - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll

FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF -: plugin - c:\programme\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\programme\Octoshape Streaming Services\Besitzer\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll

FF -: plugin - c:\programme\Octoshape Streaming Services\Besitzer\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll

FF -: plugin - c:\programme\Veetle\plugins\npVeetle.dll

FF -: plugin - c:\programme\Veetle\VLC\npvlc.dll

FF -: plugin - c:\programme\Veetle\VLCBroadcast\npvbp.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.
 

**************************************************************************
 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-23 17:33:18

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostarteinträge...
 

Scanne versteckte Dateien...
 
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Sygate\SPF\Smc.exe

c:\programme\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\windows\system32\nvsvc32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-11-23 17:38:08 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2008-11-23 16:38:05
 

Vor Suchlauf: 37 Verzeichnis(se), 119.146.414.080 Bytes frei

Nach Suchlauf: 37 Verzeichnis(se), 119,084,752,896 Bytes frei
 

269

Dann der cmd-script log http://www.file-upload.net/download-1272300/listing.txt.html

und der abschließende HJT-Log

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:39:49, on 23.11.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Sygate\SPF\smc.exe

C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\DU Meter\DUMeter.exe

C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe

C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\Besitzer\Desktop\Downloads\qlketzd.com
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Scramby Server (ScrambyServer) - Unknown owner - C:\Programme\RapidSolution\Scramby\ScrambyServer.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\WINDOWS\System32\TUProgSt.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
 

--

End of file - 5889 bytes