Trojaner-Board - Trojan-Downloader.Agent.AIGB

hi,
ich glaube ich hab mir blöderweise einen trojaner angelacht der in einem
"Your system is infected" text durch einen roten wappen mit weissem kreuz auf sich aufmerksam macht.
er will mich jedesmal auf eine internetseite führen wo mein systen angeblich durchgecheckt wird, aber ich blocke es jedesmal ab.
komischerweise ist er jetzt zwar verschwunden aber ich habe den starken verdacht dass er noch im hinterhalt lauert.
bin zwar kein profi hab aber mal hijack this runtergeladen und durchlaufen lassen
was folgendes ergab:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:10:13, on 30.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Sandboxie\SbieSvc.exe

C:\Programme\Spyware Doctor\pctsAuxs.exe

C:\Programme\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programme\Apoint2K\Apoint.exe

C:\Programme\TOSHIBA\E-KEY\CeEKey.exe

C:\Programme\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe

C:\Programme\TOSHIBA\Tvs\TvsTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Apoint2K\Apntex.exe

C:\Programme\Trojancheck 6\tcguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Programme\Sandboxie\SbieCtrl.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE

C:\Programme\PC Connectivity Solution\ServiceLayer.exe

C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programme\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Programme\Nokia\NNPCS\RunLauncher.exe

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programme\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Programme\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra button: eBay - {D7783732-69C6-4A28-BE53-618CC4609617} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
 

--

End of file - 11334 bytes

hoffe ich habe nix falsches bis jetzt gemacht und hoffe auf baldige hilfe da es nicht mal mein laptop ist der verseucht ist
Danke schonmal im vorraus auf die erhoffte hilfe
MFG Moe

ok combofix hat sie selbstständig installiert und habs mal laufen lassen und hier die log davon:

Code:

ComboFix 08-10-30.13 - ++++ 2008-11-01  0:49:44.1 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1031.18.569 [GMT 1:00]

ausgeführt von:: C:\Dokumente und Einstellungen\++++\Desktop\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\Dokumente und Einstellungen\++++\Anwendungsdaten\rbap450.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2008-09-28 bis 2008-10-31  ))))))))))))))))))))))))))))))

.
 

2008-10-30 23:26 . 2008-10-30 23:26        <DIR>        d--------        C:\Programme\Malwarebytes' Anti-Malware

2008-10-30 23:26 . 2008-10-30 23:26        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Malwarebytes

2008-10-30 23:26 . 2008-10-30 23:26        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-10-30 23:26 . 2008-10-22 16:10        38,496        --a------        C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-30 23:26 . 2008-10-22 16:10        15,504        --a------        C:\WINDOWS\system32\drivers\mbam.sys

2008-10-30 06:08 . 2008-10-30 06:08        <DIR>        d--------        C:\Programme\Trend Micro

2008-10-30 03:49 . 2008-10-30 03:50        <DIR>        d--------        C:\Programme\Yahoo!

2008-10-30 03:49 . 2008-10-30 03:58        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo!

2008-10-29 01:22 . 2008-10-29 01:22        <DIR>        d--------        C:\Programme\QT Lite

2008-10-29 01:22 . 2008-10-29 01:22        <DIR>        d--------        C:\Programme\KeyScrambler

2008-10-29 01:22 . 2008-10-29 01:22        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer

2008-10-29 01:22 . 2008-03-22 22:37        113,896        --a------        C:\WINDOWS\system32\drivers\keyscrambler.sys

2008-10-29 01:22 . 2008-09-06 15:09        90,112        --a------        C:\WINDOWS\system32\QuickTimeVR.qtx

2008-10-29 01:22 . 2008-09-06 15:09        57,344        --a------        C:\WINDOWS\system32\QuickTime.qts

2008-10-28 00:05 . 2008-10-28 00:05        <DIR>        d--------        C:\Programme\Spider Player

2008-10-28 00:05 . 2008-10-28 00:30        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Spider Player

2008-10-28 00:05 . 2008-10-28 00:05        4,174,814        --a------        C:\WINDOWS\system32\CT4MGM.SF2

2008-10-24 12:13 . 2008-10-24 12:13        <DIR>        d--------        C:\Programme\Burn4Free Toolbar

2008-10-24 12:13 . 2008-10-24 12:57        <DIR>        d--------        C:\Programme\Burn4Free

2008-10-24 12:13 . 2008-10-24 12:13        232,075        --a------        C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3406.exe

2008-10-24 12:08 . 2008-10-24 12:08        966        --a------        C:\WINDOWS\CDRip.INI

2008-10-24 12:08 . 2008-10-24 12:08        76        --a------        C:\WINDOWS\CDPlayer.ini

2008-10-24 12:07 . 2008-10-24 12:07        <DIR>        d--------        C:\Programme\CoffeeCup Software

2008-10-24 12:07 . 2003-05-14 20:07        389,120        --a------        C:\WINDOWS\system32\actskn43.ocx

2008-10-24 12:07 . 1999-08-09 13:40        163,600        --a------        C:\WINDOWS\system32\wmaudsdk.dll

2008-10-24 12:07 . 2003-03-13 17:50        151,040        --a------        C:\WINDOWS\system32\wimadll.dll

2008-10-24 12:07 . 2004-10-28 09:47        73,728        --a------        C:\WINDOWS\system32\cddvdburner2.ocx

2008-10-24 12:07 . 2004-03-08 01:13        386        --a------        C:\WINDOWS\system32\cddvdburner2.lic

2008-10-17 13:15 . 2008-10-17 13:15        268        --ah-----        C:\sqmdata00.sqm

2008-10-17 13:15 . 2008-10-17 13:15        244        --ah-----        C:\sqmnoopt00.sqm

2008-10-17 03:53 . 2008-10-17 03:54        <DIR>        d--------        C:\Programme\MSN Messenger

2008-10-17 01:34 . 2008-10-17 01:38        <DIR>        d--------        C:\Programme\Mobiola Web Camera for S60

2008-10-17 01:34 . 2007-09-20 12:04        114,688        --a------        C:\WINDOWS\system32\BTCamVideoSource.dll

2008-10-16 18:36 . 2008-10-16 18:36        <DIR>        d--------        C:\Programme\ZMatrix

2008-10-16 18:36 . 2008-10-16 18:36        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\.ZMatrix

2008-10-16 18:36 . 2008-10-16 18:36        64        --a------        C:\WINDOWS\ZMatrixSS.ini

2008-10-15 13:22 . 2008-10-15 13:22        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\DataDesign

2008-10-13 20:01 . 2008-10-13 20:01        <DIR>        d--------        C:\Programme\DigYs

2008-10-13 17:13 . 2008-10-13 17:17        <DIR>        d--------        C:\Programme\JDH Software

2008-10-13 16:03 . 2008-10-13 16:03        <DIR>        d--------        C:\Programme\pRSSreader

2008-10-13 16:01 . 2008-10-13 16:01        <DIR>        d--------        C:\Programme\Opera Software

2008-10-13 15:36 . 2008-10-13 15:36        <DIR>        d--------        C:\Programme\PDAcraft

2008-10-12 14:20 . 2008-10-12 14:20        <DIR>        d--------        C:\Programme\MEDION

2008-10-12 13:36 . 2008-10-12 13:36        <DIR>        d--------        C:\Programme\PocketRAR

2008-10-12 13:30 . 2008-10-12 13:30        <DIR>        d--------        C:\Programme\Common Files

2008-10-12 13:30 . 2008-10-12 13:30        <DIR>        d--------        C:\Programme\AvantGo Connect

2008-10-12 13:30 . 2008-10-12 13:30        2,464        --a------        C:\WINDOWS\$_hpcst$.hpc

2008-10-12 13:29 . 2008-10-13 20:07        <DIR>        d--------        C:\Programme\Microsoft ActiveSync

2008-10-10 04:53 . 2008-10-10 05:11        <DIR>        d--------        C:\Programme\Advanced PC Tweaker

2008-10-10 03:02 . 2008-10-10 03:02        <DIR>        d--------        C:\GTA

2008-10-10 01:18 . 2008-10-10 01:20        <DIR>        d--------        C:\Programme\Trojan Remover

2008-10-10 01:18 . 2008-10-10 01:18        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Simply Super Software

2008-10-10 01:18 . 2008-10-10 01:18        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software

2008-10-10 01:18 . 2006-05-25 14:52        162,304        --a------        C:\WINDOWS\system32\ztvunrar36.dll

2008-10-10 01:18 . 2003-02-02 19:06        153,088        --a------        C:\WINDOWS\system32\UNRAR3.dll

2008-10-10 01:18 . 2005-08-26 00:50        77,312        --a------        C:\WINDOWS\system32\ztvunace26.dll

2008-10-10 01:18 . 2002-03-06 00:00        75,264        --a------        C:\WINDOWS\system32\unacev2.dll

2008-10-10 01:18 . 2006-06-19 12:01        69,632        --a------        C:\WINDOWS\system32\ztvcabinet.dll

2008-10-10 01:04 . 2008-10-10 01:04        <DIR>        d--------        C:\Programme\Lavasoft

2008-10-10 01:04 . 2008-10-10 01:06        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft

2008-10-10 01:03 . 2008-10-10 01:03        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2008-10-05 02:21 . 2008-10-05 02:21        <DIR>        d--------        C:\Programme\PC Connectivity Solution

2008-10-05 02:21 . 2007-09-17 14:53        21,632        --a------        C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-10-05 01:56 . 2008-10-05 01:56        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\muvee Technologies

2008-10-05 01:54 . 2008-10-05 01:58        <DIR>        d--------        C:\WINDOWS\Globalization

2008-10-05 01:52 . 2008-10-05 02:22        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\PCSuite

2008-10-05 01:29 . 2008-10-05 02:22        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Nokia

2008-10-05 01:22 . 2008-10-05 01:22        <DIR>        d--------        C:\Programme\MSBuild

2008-10-05 01:18 . 2008-10-05 01:18        <DIR>        d--------        C:\WINDOWS\system32\XPSViewer

2008-10-05 01:16 . 2008-10-05 01:16        <DIR>        d--------        C:\Programme\Reference Assemblies

2008-10-05 01:15 . 2006-06-29 12:07        14,048        ---------        C:\WINDOWS\system32\spmsg2.dll

2008-10-04 21:36 . 2008-04-02 09:54        1,440,047        --a------        C:\WINDOWS\wrar411d.exe

2008-09-30 05:21 . 2008-09-30 05:21        21,204        --ah-----        C:\WINDOWS\system32\mlfcache.dat

2008-09-30 04:04 . 2008-09-30 04:04        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Apple Computer

2008-09-30 04:03 . 2008-09-30 04:03        <DIR>        d--------        C:\Programme\Apple Software Update

2008-09-30 04:03 . 2008-09-30 04:03        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple

2008-09-26 14:51 . 2008-09-26 14:51        0        --a------        C:\WINDOWS\TPTray.INI

2008-09-26 02:04 . 2008-09-29 10:42        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

2008-09-26 01:45 . 2008-09-29 10:43        <DIR>        d--------        C:\Programme\Securepoint Security Wizard

2008-09-26 01:45 . 2008-09-26 01:45        <DIR>        d--------        C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Securepoint2007

2008-09-26 01:34 . 2008-10-31 13:56        <DIR>        d--------        C:\Programme\Trojancheck 6

2008-09-26 01:12 . 2008-10-31 14:48        <DIR>        d--------        C:\Programme\Spyware Doctor

2008-09-26 01:12 . 2008-09-26 01:12        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\PC Tools

2008-09-26 01:12 . 2008-10-31 14:47        <DIR>        d-a------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

2008-09-26 01:12 . 2008-08-25 10:36        81,288        --a------        C:\WINDOWS\system32\drivers\iksyssec.sys

2008-09-26 01:12 . 2008-08-25 10:36        66,952        --a------        C:\WINDOWS\system32\drivers\iksysflt.sys

2008-09-26 01:12 . 2008-08-25 10:36        40,840        --a------        C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-09-26 01:12 . 2008-06-02 14:19        29,576        --a------        C:\WINDOWS\system32\drivers\kcom.sys

2008-09-25 23:16 . 2008-09-25 23:17        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Buhl Data Service GmbH

2008-09-25 23:15 . 2008-09-25 23:17        <DIR>        d--------        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

2008-09-25 23:14 . 2008-09-25 23:14        <DIR>        d--------        C:\Programme\Letstrade

2008-09-25 23:14 . 2008-09-26 13:10        <DIR>        d--------        C:\Programme\Gemeinsame Dateien\Buhl Data Service

2008-09-25 23:14 . 2008-09-25 23:14        <DIR>        d--------        C:\Programme\DataDesign

2008-09-19 22:55 . 2008-09-19 22:55        1,044,480        --a------        C:\WINDOWS\system32\libdivx.dll

2008-09-19 22:55 . 2008-09-19 22:55        200,704        --a------        C:\WINDOWS\system32\ssldivx.dll

2008-09-14 16:27 . 2008-10-21 20:38        322        --a------        C:\WINDOWS\NotenBox.ini

2008-09-13 13:47 . 2008-09-13 13:47        410,976        --a------        C:\WINDOWS\system32\deploytk.dll

2008-09-12 23:59 . 2008-10-10 05:12        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\GitarreroBeginner

2008-09-12 23:58 . 2008-09-12 23:59        <DIR>        d--------        C:\Programme\GitarreroBeginner

2008-09-06 18:07 . 2008-09-06 18:08        <DIR>        d--------        C:\WINDOWS\system32\Adobe

2008-09-03 07:07 . 2008-09-03 07:23        <DIR>        d--------        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Mobipocket
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-30 05:30        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2008-10-22 03:08        ---------        d-----w        C:\Programme\DivX

2008-10-15 12:17        ---------        d--h--w        C:\Programme\InstallShield Installation Information

2008-10-13 13:55        ---------        d-----w        C:\Programme\Microsoft.NET

2008-10-06 23:29        ---------        d-----w        C:\Programme\Gemeinsame Dateien\Adobe

2008-10-05 01:28        ---------        d-----w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Nokia

2008-10-05 01:23        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

2008-10-05 01:22        ---------        d-----w        C:\Programme\Nokia

2008-10-05 00:50        ---------        d-----w        C:\Programme\DIFX

2008-09-29 09:54        ---------        d-----w        C:\Programme\Panda Security

2008-09-29 09:53        ---------        d-----w        C:\Programme\Opera

2008-09-29 09:52        ---------        d-----w        C:\Programme\Gemeinsame Dateien\DVDVideoSoft

2008-09-29 09:51        ---------        d-----w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\concept design

2008-09-25 22:25        ---------        d-----w        C:\Programme\Spybot - Search & Destroy

2008-09-15 15:37        1,846,144        ----a-w        C:\WINDOWS\system32\win32k.sys

2008-09-13 12:47        ---------        d-----w        C:\Programme\Java

2008-09-06 00:38        ---------        d-----w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\PC Suite

2008-09-03 10:22        ---------        d-----w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Samsung

2008-09-01 22:44        ---------        d-----w        C:\Programme\MP3Gain

2008-08-29 10:09        ---------        d-----w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\NSeries

2008-08-28 22:27        0        ---ha-w        C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-28 22:27        0        ---ha-w        C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-08-28 22:19        ---------        d-----w        C:\Programme\MSXML 6.0

2008-08-28 21:59        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

2008-08-28 21:46        ---------        d-----w        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

2008-08-28 10:04        333,056        ----a-w        C:\WINDOWS\system32\drivers\srv.sys

2008-08-26 07:57        826,368        ----a-w        C:\WINDOWS\system32\wininet.dll

2008-08-14 13:42        2,182,656        ----a-w        C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:42        2,060,032        ----a-w        C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-05 21:15        1,695,744        ----a-w        C:\Dokumente und Einstellungen\++++\Anwendungsdaten\NTuser.exe

2008-08-05 20:40        74,752        ----a-w        C:\WINDOWS\ST6UNST.EXE

2008-08-05 20:40        253,952        ------w        C:\WINDOWS\Setup1.exe

2008-08-05 17:19        81,984        ----a-w        C:\WINDOWS\system32\bdod.bin

2008-07-18 20:10        94,920        ----a-w        C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10        53,448        ----a-w        C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10        45,768        ----a-w        C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10        36,552        ----a-w        C:\WINDOWS\system32\wups.dll

2008-07-18 20:09        563,912        ----a-w        C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09        325,832        ----a-w        C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09        205,000        ----a-w        C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09        1,811,656        ----a-w        C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:16        253,952        ----a-w        C:\WINDOWS\system32\es.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]

2008-10-24 12:13        806912        --a------        C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-10-24 806912]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-10-24 806912]
 

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

"SandboxieControl"="C:\Programme\Sandboxie\SbieCtrl.exe" [2008-06-30 738816]

"Veoh"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]

"UIWatcher"="C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2008-08-12 3508568]

"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]

"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

"Messenger (Yahoo!)"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]

"Apoint"="C:\Programme\Apoint2K\Apoint.exe" [2004-03-24 196608]

"CeEKEY"="C:\Programme\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]

"TPNF"="C:\Programme\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]

"HWSetup"="C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]

"SVPWUTIL"="C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]

"SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 118784]

"Tvs"="C:\Programme\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"PadTouch"="C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328]

"SunJavaUpdateSched"="C:\Programme\Java\jre6\bin\jusched.exe" [2008-09-13 144792]

"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"TrojanScanner"="C:\Programme\Trojan Remover\Trjscan.exe" [2008-10-10 967048]

"Trojancheck 6 Guard"="C:\Programme\Trojancheck 6\tcguard.exe" [2002-11-14 590336]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 C:\WINDOWS\agrsmmsg.exe]

"Zooming"="ZoomingHook.exe" [2005-06-06 C:\WINDOWS\system32\ZoomingHook.exe]

"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 C:\WINDOWS\system32\TCtrlIOHook.exe]

"TPSMain"="TPSMain.exe" [2005-08-12 C:\WINDOWS\system32\TPSMain.exe]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
 

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\

Nokia Nseries PC Suite.lnk - C:\Programme\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programme\\Messenger\\msmsgs.exe"=

"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programme\\Java\\jre6\\bin\\java.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\GTA\\gtawin\\GRAND THEFT AUTO.EXE"=

"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=

"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=

"C:\\Programme\\Mobiola Web Camera for S60\\webcam.exe"=

"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programme\\MSN Messenger\\livecall.exe"=

"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
 

R2 JavaQuickStarterService;Java Quick Starter;C:\Programme\Java\jre6\bin\jqs.exe [2008-09-13 147456]

R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 113896]

R3 SbieDrv;SbieDrv;C:\Programme\Sandboxie\SbieDrv.sys [2008-06-30 96256]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx        REG_MULTI_SZ           scan
 

*Newly Created Service* - HTTPFILTER

*Newly Created Service* - PROCEXP90

.

Inhalt des "geplante Tasks" Ordners
 

2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
 

2008-10-10 C:\WINDOWS\Tasks\One-Click Tweak.job

- C:\Programme\Advanced PC Tweaker\OneClick.exe [2008-09-01 16:58]

.

.

------- Zusätzlicher Suchlauf -------

.

FireFox -: Profile - C:\Dokumente und Einstellungen\++++\Anwendungsdaten\Mozilla\Firefox\Profiles\618hbrq2.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de

FF -: plugin - C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF -: plugin - C:\Programme\Yahoo!\Shared\npYState.dll

.
 

**************************************************************************
 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-01 00:52:32

Windows 5.1.2600 Service Pack 2 NTFS
 

detected NTDLL code modification:

ZwClose
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostarteinträge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

Zeit der Fertigstellung: 2008-11-01  0:54:36

ComboFix-quarantined-files.txt  2008-10-31 23:54:32
 

Vor Suchlauf: 17 Verzeichnis(se), 67.228.569.600 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 67,218,001,920 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

279        --- E O F ---        2008-10-24 10:37:49

nur das mit dem filelisting hab ich nicht ganz verstanden da wenn ich darauf klicke nur ein text kommt.