Trojaner, URLs nicht aufrufbar, HJT-Log hab ich immerhin schon, bitte um Hilfe.
 

Hi, habe diverse Trojaner auf dem Rechner, habe mir die zugehörigen Posts durchgelesen und poste hier mein HJT-Log. Welche Einträge sollte ich fixen bzw. muss / soll ich Combofix einsetzen?
Für Hilfe wäre ich sehr dankbar!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:28, on 08.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\PowerKey.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\CtrlVol.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\OpenOffice.org 2.3\program\soffice.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.BIN
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programme\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [24cafecd] rundll32.exe "C:\WINDOWS\system32\magbelfr.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM27f9cd51] Rundll32.exe "C:\WINDOWS\system32\mhlamryd.dll",s
O4 - HKCU\..\Run: [ChkMail] ØEŒ
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SIDEBAR] "C:\Programme\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programme\FeedReader\feedreader.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Orga-Nicer.lnk = C:\Programme\ASCOMP Software\Orga-Nicer\organicer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\system32\wltrysvc.exe

--
End of file - 8049 bytes

Hier das zugehörige Combofix-Log:

ComboFix 08-06-07.1 - User 2008-06-08 1:23:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.92 [GMT 2:00]
ausgeführt von:: C:\temp\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM27f9cd51.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kqajpkex.dll
C:\WINDOWS\system32\mnpqAJlm.ini
C:\WINDOWS\system32\mnpqAJlm.ini2
C:\WINDOWS\system32\pmnnNFyV.dll
C:\WINDOWS\system32\rflebgam.ini
C:\WINDOWS\system32\ruktojhq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2008-05-07 bis 2008-06-07 ))))))))))))))))))))))))))))))
.

2008-06-08 01:21 . 2008-06-08 01:20 1,954,511 --a------ C:\temp\ComboFix.exe
2008-06-08 00:59 . 2008-06-08 00:59 <DIR> d-------- C:\Programme\Trend Micro
2008-06-08 00:59 . 2008-06-08 00:57 812,344 --a------ C:\temp\HJTInstall.exe
2008-06-07 20:48 . 2008-06-07 20:48 91,136 --a------ C:\WINDOWS\system32\mhlamryd.dll
2008-06-07 20:15 . 2008-06-07 20:16 1,018,520 --a------ C:\temp\fsbl.exe
2008-06-07 15:05 . 2008-06-08 01:34 276,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 15:05 . 2008-06-08 01:30 4,268 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 15:02 . 2008-06-07 15:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
2008-06-07 15:00 . 2008-06-07 15:01 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-07 15:00 . 2008-06-08 01:19 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-07 15:00 . 2008-06-07 15:00 <DIR> d-------- C:\Programme\Zone Labs
2008-06-07 15:00 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-07 15:00 . 2008-06-08 01:33 358,382 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-06 19:48 . 2008-06-06 19:48 82,944 --a------ C:\WINDOWS\system32\magbelfr.dll
2008-06-06 19:45 . 2008-06-06 19:45 90,624 --a------ C:\WINDOWS\system32\ofkrujpd.dll
2008-06-06 16:04 . 2008-06-06 16:04 705,031 --a------ C:\temp\setup(5).exe
2008-06-06 16:02 . 2008-06-06 16:09 31,086,913 --a------ C:\temp\shooter.zip
2008-06-06 12:48 . 2008-06-06 12:49 <DIR> d-------- C:\Programme\NokiaFREE Unlock Codes Calculator
2008-06-06 12:48 . 2008-06-06 12:48 377,853 --a------ C:\temp\NokiaFREE_v310_Nokia_unlock_codes_calculator.zip
2008-06-06 12:03 . 2008-06-06 12:03 2,238,508 --a------ C:\temp\EasyWifiRadar.zip
2008-06-06 12:03 . 2008-06-06 12:03 2,238,508 --a------ C:\temp\EasyWifiRadar(2).zip
2008-06-05 20:28 . 2008-06-05 20:29 <DIR> d-------- C:\Programme\Nerolite
2008-06-05 20:28 . 2008-06-05 20:28 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-06-05 20:28 . 2008-06-05 20:28 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-06-05 20:28 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-06-05 20:28 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-06-05 20:28 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-06-05 20:28 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-06-05 20:28 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-06-05 19:46 . 2008-06-05 20:25 53,110,144 --a------ C:\temp\nero-8.3.2.1_europe_lite.exe
2008-06-05 19:44 . 2008-06-05 19:44 281,088 --a------ C:\WINDOWS\system32\mlJAqpnm.dll
2008-06-05 19:44 . 2008-06-05 19:44 278 --a------ C:\temp\Nero_8_(Serial).zip
2008-06-05 19:39 . 2008-06-07 13:21 <DIR> d-------- C:\temp\sandbox
2008-06-05 19:32 . 2008-06-05 19:53 103,336,866 --a------ C:\temp\Soundtrack_Crank.zip
2008-06-04 02:32 . 2008-06-04 02:33 <DIR> d-------- C:\Programme\NFS
2008-06-04 00:20 . 2008-06-04 02:30 682,070,699 --a------ C:\temp\nfs_carbon_demo_eu.zip
2008-06-03 19:57 . 2008-06-03 19:58 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\StoryLines
2008-06-03 19:53 . 2008-06-03 19:56 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Writer's Cafe
2008-06-03 19:47 . 2008-06-03 19:51 17,508,546 --a------ C:\temp\WritersCafe-1.30-Setup.exe
2008-06-03 15:46 . 2008-06-03 15:51 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0
2008-06-03 15:45 . 2008-06-03 15:53 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gourmet
2008-06-02 19:05 . 2008-06-02 19:06 <DIR> d-------- C:\Programme\FeedReader
2008-06-02 19:04 . 2008-06-03 16:19 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Feedreader
2008-06-02 19:01 . 2008-06-02 19:02 5,817,445 --a------ C:\temp\FeedReader313Setup.zip
2008-06-02 17:31 . 2008-06-02 17:31 <DIR> d-------- C:\Programme\FileZilla FTP Client
2008-06-02 17:31 . 2008-06-02 18:00 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FileZilla
2008-06-02 17:29 . 2008-06-02 17:29 3,193,272 --a------ C:\temp\FileZilla_3.0.10_win32-setup.exe
2008-06-02 17:23 . 2008-06-02 17:23 <DIR> d-------- C:\Programme\Xaldon
2008-06-02 17:23 . 2008-06-02 17:23 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-02 17:21 . 2008-06-02 17:21 1,482,798 --a------ C:\temp\WebSpider27Setup.exe
2008-06-02 17:07 . 2008-06-02 17:07 <DIR> d-------- C:\Programme\Websitemirror
2008-06-02 17:07 . 2008-06-02 17:07 182,115 --a------ C:\temp\Websitemirror3_0_0_1.exe
2008-06-02 17:00 . 2008-06-02 17:01 <DIR> d-------- C:\Programme\WinHTTrack
2008-06-02 17:00 . 2008-06-02 17:00 3,502,969 --a------ C:\temp\httrack-3.42-2.exe
2008-06-02 14:50 . 2008-06-03 15:45 <DIR> d-------- C:\Programme\Gourmet
2008-06-02 14:50 . 2008-06-02 14:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-06-02 14:43 . 2008-06-02 14:45 12,973,870 --a------ C:\temp\gourmet-0.13.4-1-full_gtkglade-2.12.9.exe
2008-06-02 13:32 . 2008-06-02 13:34 <DIR> d-------- C:\Programme\TrainingsplanV3.0
2008-06-02 13:30 . 2005-05-31 03:55 401,408 --a------ C:\WINDOWS\SwSetupu.exe
2008-06-02 13:27 . 2008-06-02 13:27 708,065 --a------ C:\temp\train30.exe
2008-06-02 13:22 . 2008-06-02 13:22 840,465 --a------ C:\temp\docscrubbersetup.exe
2008-06-02 13:14 . 2008-06-02 13:14 923,648 --a------ C:\temp\winter32.exe
2008-06-02 12:23 . 2008-06-02 12:23 <DIR> d-------- C:\Programme\Desktop Sidebar
2008-06-01 14:09 . 2008-06-01 14:09 <DIR> d-------- C:\WINDOWS\system32\de-de
2008-06-01 14:01 . 2008-06-01 14:01 <DIR> d-------- C:\Programme\Windows Media Connect 2
2008-06-01 14:01 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-01 13:59 . 2008-06-01 14:00 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-01 13:51 . 2008-06-01 13:56 25,842,760 --a------ C:\temp\wmp11-windowsxp-x86-DE-DE.exe
2008-06-01 13:48 . 2008-06-01 13:49 1,478,696 --a------ C:\temp\GenuineCheck.exe
2008-06-01 13:47 . 2008-06-01 13:50 14,782,496 --a------ C:\temp\IE7-WindowsXP-x86-deu.exe
2008-05-31 16:15 . 2008-05-31 16:59 <DIR> d-------- C:\temp\1.FM - Afterbeat Electronica
2008-05-31 11:28 . 2008-05-31 12:29 <DIR> d-------- C:\temp\Corbina Radio- BriT CorBinA RaDiO StatioN
2008-05-31 10:27 . 2008-06-07 16:50 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Desktop Sidebar
2008-05-31 10:25 . 2008-05-31 10:25 <DIR> d-------- C:\Programme\ASCOMP Software
2008-05-31 10:25 . 2008-05-31 10:25 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ASCOMP Software
2008-05-31 10:13 . 2008-05-31 10:21 11,295,216 --a------ C:\temp\sidebarb116.exe
2008-05-31 09:36 . 2008-06-02 12:24 <DIR> d-------- C:\Programme\Thoosje Sidebar V2.3
2008-05-31 09:33 . 2008-05-31 09:35 5,451,329 --a------ C:\temp\Thoosje_Sidebar_2.3_Installer.exe
2008-05-31 09:22 . 2008-05-31 09:23 2,645,736 --a------ C:\temp\onicer.exe
2008-05-28 16:38 . 2008-05-28 16:38 231,346 --a------ C:\temp\MSVocab.exe
2008-05-28 16:38 . 2008-05-28 16:38 231,346 --a------ C:\temp\MSVocab(2).exe
2008-05-28 16:36 . 2008-05-28 16:36 903,761 --a------ C:\temp\DMemMapperSetup(2).exe
2008-05-28 16:34 . 2008-05-28 16:37 <DIR> d-------- C:\Programme\Google
2008-05-28 16:34 . 2008-06-07 10:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-05-28 16:33 . 2008-05-28 16:33 907,472 --a------ C:\temp\Google Updater.exe
2008-05-28 16:30 . 2008-05-28 16:31 894,365 --a------ C:\temp\teachmaster_4-1_setup.exe
2008-05-26 11:24 . 2008-05-26 11:24 <DIR> d-------- C:\temp\Spun soundtrack
2008-05-23 20:58 . 2008-05-23 20:59 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SecondLife
2008-05-23 20:57 . 2008-05-23 21:02 <DIR> d-------- C:\Programme\SecondLife
2008-05-23 18:20 . 2008-05-23 18:40 36,799,032 --a------ C:\temp\Second_Life_1-19-1-4_Setup.exe
2008-05-23 17:30 . 2008-05-30 20:18 <DIR> d-------- C:\temp\181.fm - Rock 181 (Active Rock)
2008-05-21 11:33 . 2008-05-31 11:23 <DIR> d-------- C:\temp\[ DigitalGunfire.com ] - Long Range, Hard Hitting!
2008-05-21 11:25 . 2008-05-21 11:32 <DIR> d-------- C:\temp\Lush- Mostly female vocals with an electronic influence. [SomaFM]
2008-05-21 08:18 . 2008-05-21 11:18 <DIR> d-------- C:\temp\181.FM - The Buzz (Your Alternative Station!)
2008-05-19 18:48 . 2008-05-19 20:23 <DIR> d-------- C:\temp\} } X T C . R A D I O . L O N D O N { { DJ Journeys Into The Underground
2008-05-19 18:47 . 2008-05-19 18:47 <DIR> d-------- C:\temp\TechnoBase.FM - 24h Techno, Dance, Trance, House and More - 128k MP3
2008-05-19 13:45 . 2008-05-19 13:45 <DIR> d-------- C:\Programme\Media Converter SA Edition
2008-05-19 13:43 . 2008-05-19 13:44 4,276,237 --a------ C:\temp\mc-installer-0.6.exe
2008-05-19 13:20 . 2008-05-19 13:20 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Ashampoo
2008-05-19 13:17 . 2008-05-19 13:17 <DIR> d-------- C:\Programme\Ashampoo
2008-05-19 13:15 . 2008-05-19 13:15 2,804,360 --a------ C:\temp\ashampoo_clipfinder_140_fm.exe
2008-05-19 12:51 . 2008-05-19 12:51 1,495,112 --a------ C:\temp\install_flash_player(4).exe
2008-05-19 12:51 . 2008-05-19 12:51 1,495,112 --a------ C:\temp\install_flash_player(3).exe
2008-05-19 12:46 . 2008-05-19 12:46 <DIR> d-------- C:\Programme\Easy FLV Player
2008-05-19 12:45 . 2008-05-19 12:45 2,227,131 --a------ C:\temp\efp.exe
2008-05-19 12:34 . 2008-05-19 12:34 1,495,112 --a------ C:\temp\install_flash_player(2).exe
2008-05-18 19:32 . 2008-05-18 19:32 334,088 --a------ C:\temp\Setup(4).exe
2008-05-18 16:31 . 2008-05-18 16:31 <DIR> d-------- C:\Programme\Password-Finder
2008-05-18 16:31 . 2008-05-18 16:31 373,854 --a------ C:\temp\password.exe
2008-05-18 14:55 . 2008-05-20 01:00 <DIR> d-------- C:\temp\M2 MIX - ONLY DJs - Live From Paris France - M2 Radio | www.m2radio.fr | Bouquet de radios, Live from Paris, France | Webradio - Radio Internet | Les web radios de M2 Group
2008-05-18 14:53 . 2008-05-18 14:53 <DIR> d-------- C:\temp\Bassdrive - Music Beyond - 24-7 Drum and Bass Jungle Radio Featuring Live Shows
2008-05-18 14:04 . 2008-05-18 14:47 <DIR> d-------- C:\temp\PulsRadio Version Trance - European Trance, Vocal Trance, Hi-NRG - Puls'Radio - Non-Stop Dance And Trance Music - Radio Dance Trance Techno House 90's 80's - French Webradio - Webradio Francaise - Live From France
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- C:\temp\---DFR RADIO - World Leader In House Music---More info at WWW.DFR.FM
2008-05-18 13:51 . 2008-05-18 16:04 <DIR> d-------- C:\temp\HotMixRadio - Hot Mix Radio House Dance Djs - Live from Paris France - http---www.hotmixradio.fr
2008-05-16 12:32 . 2008-05-16 12:39 <DIR> d-------- C:\Programme\tmx5
2008-05-16 12:30 . 2008-05-16 12:30 16,102 --a------ C:\temp\Buongiorno.zip
2008-05-16 12:26 . 2008-05-16 12:28 12,234,237 --a------ C:\temp\tmx_i5.exe
2008-05-16 12:21 . 2008-05-16 12:22 4,316,556 --a------ C:\temp\setup(3).exe
2008-05-16 03:28 . 2008-05-18 18:07 <DIR> d-------- C:\temp\schieber
2008-05-14 15:10 . 2008-05-14 15:13 <DIR> d-------- C:\Programme\HighwayPursuit
2008-05-14 14:52 . 2008-05-14 14:54 3,364,957 --a------ C:\temp\HighwayPursuit1_1.exe
2008-05-13 19:42 . 2008-05-18 18:07 <DIR> d-------- C:\temp\track
2008-05-13 19:40 . 2008-05-13 19:40 <DIR> d-------- C:\Programme\Smart Projects
2008-05-13 19:30 . 2008-05-13 19:30 2,754,600 --a------ C:\temp\isobuster_all_lang.exe
2008-05-13 12:00 . 2008-05-13 12:01 2,585,872 --a------ C:\temp\WindowsInstaller-KB893803-v2-x86.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 13:08 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org2
2008-06-06 23:21 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
2008-06-04 00:35 --------- d-----w C:\Programme\Electronic Arts
2008-06-03 17:52 --------- d-----w C:\Programme\Writer's Cafe
2008-05-27 08:06 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\uTorrent
2008-05-21 10:28 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-05-21 10:27 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-21 10:27 --------- d-----w C:\Programme\Obscure
2008-05-21 10:21 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead
2008-05-21 10:09 --------- d-----w C:\Programme\Canon
2008-05-21 10:05 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-13 17:49 --------- d-----w C:\Programme\Noctua
2008-04-27 21:14 --------- d-----w C:\Programme\TmNationsForever
2008-04-27 16:33 --------- d-----w C:\Programme\Winamp
2008-04-27 16:33 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winamp
2008-04-27 16:28 --------- d-----w C:\Programme\Winamp Toolbar
2008-04-27 16:28 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar
2008-04-21 22:09 --------- d-----w C:\Programme\Java
2008-04-21 21:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-04-21 20:58 --------- d-----w C:\Programme\Avira
2008-04-21 20:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-04-20 11:37 --------- d-----w C:\Programme\K-Lite
2008-04-19 12:43 --------- d-----w C:\Programme\uTorrent
2008-04-19 12:40 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Talkback
2008-04-18 18:06 --------- d-----w C:\Programme\avmwlanstick
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc0407.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc0407.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc0407.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc0407.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2007-10-10 18:34 93,400 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EBD4DC5-CB88-4A7A-B8F2-94178F7C43F8}]
2008-06-05 19:44 281088 --a------ C:\WINDOWS\system32\mlJAqpnm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programme\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChkMail"="ØEŒ" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"LeechGet"="" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 16:34 68856]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SIDEBAR"="C:\Programme\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664]
"feedreader.exe"="C:\Programme\FeedReader\feedreader.exe" [2008-05-26 11:05 2042880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 05:22 88363 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [2002-11-25 04:23 172032]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 22:10 335872]
"LaunchAp"="C:\Programme\Launch Manager\LaunchAp.exe" [2003-05-12 15:28 32768]
"PowerKey"="C:\Programme\Launch Manager\PowerKey.exe" [2002-08-30 16:02 94208]
"LManager"="C:\Programme\Launch Manager\HotkeyApp.exe" [2003-11-26 12:32 45056]
"CtrlVol"="C:\Programme\Launch Manager\CtrlVol.exe" [2003-07-25 15:58 184320]
"LMgrOSD"="C:\Programme\Launch Manager\OSD.exe" [2003-06-25 11:53 204800]
"Wbutton"="C:\Programme\Launch Manager\Wbutton.exe" [2003-11-26 10:46 65536]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 10:51 110592]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 10:44 610304]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"AVMWlanClient"="C:\Programme\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 17:26 283136]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"24cafecd"="C:\WINDOWS\system32\magbelfr.dll" [2008-06-06 19:48 82944]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"BM27f9cd51"="C:\WINDOWS\system32\mhlamryd.dll" [2008-06-07 20:48 91136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"12502:TCP"= 12502:TCP:Torrent

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R3 AR5523;Gigaset USB Adapter 54;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-24 09:27]
R3 POWERKEY;POWERKEY;C:\Programme\Launch Manager\POWERKEY.sys [2000-12-19 19:29]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-11-07 14:48]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2002-11-28 12:04]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 avmeject;AVM Eject;C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 01:00]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 13:26]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 01:00]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 01:32:29
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...


C:\WINDOWS\system32\rflebgam.ini 294 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\OpenOffice.org 2.3\program\soffice.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-08 1:38:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 23:38:05

10 Verzeichnis(se), 11,306,807,296 Bytes frei
12 Verzeichnis(se), 11,272,888,320 Bytes frei

295 --- E O F --- 2008-04-19 10:21:29