Trojaner-Board - Bluescreen durch smit fraud, einen tag später wieder bluescreen

Hi,
habe/hatte mit den Smitfraud trojander zugezogen, hatte ihn mit Kaspersky entdeckt. Hatte ihn mit Kaspersky entfernen lassen, system lief auch normal weiter. Am nächsten tag schalte ich meinen PC wieder ein und beim booten kommt ein Bluescreen "Der systemprozess Windows Logon Process wurde unerwartet beendet". Danh bin ich der Anleitung im Forum gefolgt und habe ihn so entfernt.

Alles so weit so gut, restart und konnte wieder in den normalen modus.

Und heute starte ich meinen PC erneut, wiedermals bluescreen, eScan meinte 35 Viren (log unten). Adaware und Spybot finden nichts.

Ich werde glecih versuchen nochmal normal zu booten und ein hijackthis log nachzureichen..

Escan log (auschnitte welche das wort "vorgenommen" enthielten, habe die wörter z.T. abgekürzt damit der thread net zu lang wird, hoffe das is ok)

Zitat:

27:58 Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
28:03 Object "gain.gator Spyware/Adware" in Dateisystem gefunden!

28:03 Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
28:03 Object "gain.gator Spyware/Adware" in Dateisystem gefunden!

28:05 Off. file found: C:\DOKUME~1\Bene\LOKALE~1\Temp\cmdlineext02.dll
28:05 sys dound inf. with whenu.savenow Spyware/Adware (cmdlineext02.dll)!

28:05 Off. file found: C:\DOKUME~1\Bene\LOKALE~1\Temp\war3_install.exe
28:05 sys dound inf. with whenu.savenow Spyware/Adware (war3_install.exe)!

28:08 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\downloads\pbsetup.exe
28:08 sys dound inf. with system soap pro Spyware/Adware (pbsetup.exe)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\process.exe
28:10 sys dound inf. with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\pv.exe
28:10 sys dound inf. with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\swreg.exe
28:10 sys dound inf. with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\error cleaner.url
28:10 sys dound inf. with winfixer/errorsafe Adware (error cleaner.url)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\privacy protector.url
28:10 sys dound inf. with privacyprotector Corrupted Adware/Spyware (privacy protector.url)!

28:10 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\spyware&malware protection.url
28:10 sys dound inf. with privacyprotector Corrupted Adware/Spyware (spyware&malware protection.url)!

28:12 Off. file found: C:\Dokumente und Einstellungen\Bene\Lokale Einstellungen\temp\cmdlineext02.dll
28:12 sys dound inf. with whenu.savenow Spyware/Adware (cmdlineext02.dll)!

28:12 Off. file found: C:\Dokumente und Einstellungen\Bene\Lokale Einstellungen\temp\war3_install.exe
28:12 sys dound inf. with whenu.savenow Spyware/Adware (war3_install.exe)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/forceactivedesktopon
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/forceactivedesktopon)!

28:16 Off. Reg. Ent. found: hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
28:16 sys dound inf. with mirar Spyware/Adware (hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/classicshell
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/classicshell)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispcpl
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispcpl)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noviewcontextmenu
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noviewcontextmenu)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispscrsavpage
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispscrsavpage)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispbackgroundpage
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispbackgroundpage)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispsettingspage
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispsettingspage)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/novisualstylechoice
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/novisualstylechoice)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nosizechoice
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nosizechoice)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nocolorchoice
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nocolorchoice)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nosavesettings
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nosavesettings)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nocomponents
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nocomponents)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noeditingcomponents
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noeditingcomponents)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nodeletingcomponents
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nodeletingcomponents)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noaddingcomponents
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noaddingcomponents)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noclosedragdropbands
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noclosedragdropbands)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nohtmlwallpaper
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nohtmlwallpaper)!

28:16 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nochangingwallpaper
28:16 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nochangingwallpaper)!

28:17 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nothemestab
28:17 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nothemestab)!

28:17 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noactivedesktop
28:17 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noactivedesktop)!

28:18 Checking MountPoints2 Registry Key...
28:18 Checking CLSID Reference Entries...
28:18 Entry "HKCR\AccClientDocMgr.Illustrator.3" verw. Obj. "{542D1218-CD17-AE53-B1C8-5F6159482C77}".

28:18 Entry "HKCR\Adobe.Illustrator.dwg" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".

28:18 Entry "HKCR\Adobe.Illustrator.dxf" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".

28:18 Entry "HKCR\Adobe.Illustrator.pict" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".

28:18 Entry "HKCR\ComPlusMetaData.MsCorHost" verw. Obj. "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".

28:18 Entry "HKCR\ComPlusMetaData.MsCorHost.2" verw. Obj. "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}".

28:18 Entry "HKCR\NBShell.NBShellHook.3" verw. Obj. "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}".

28:18 Entry "HKCR\NMUIEngin0.NMUIResourceLoaderHarddisk" verw. Obj. "{b35354ff-7e4a-46a4-bf69-4d92c3d7787b1}".

28:19 Entry "HKCR\SPhoneParser.FoundSkypeNumber" verw. Obj. "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}".

28:19 Entry "HKCR\SPhoneParser.FoundSkypeNumber.1" verw. Obj. "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}".

28:19 Entry "HKCR\SymWriter.pdb" verw. Obj. "{520DC67A-752E-11D3-8D56-00C04F680B2B}".

28:19 Entry "HKCR\vmappsdk.MksCompatCtl.9" verw. Obj. "{7DABFF61-6A84-4E64-908D-C662E2C4102A}".

28:19 Checking Module Usage Entries...
28:19 Checking User Trusted External App Entries...
28:19 Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" verw. Obj. "".

28:19 Checking Shared DLL Entries...
28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\system32\pxwma.dll".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\system32\pxinsi64.exe".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\system32\pxcpyi64.exe".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb".

28:21 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb".

28:23 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" verw. Obj. "C:\Programme\Gemeinsame Dateien\Nero\Shared\NL3\NeroPatentActivation.exe".

28:23 Checking Installer Entries...
28:39 Checking Shared Tools Entries...
28:39 Checking File Extension Entries...
28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".4100218".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".aa".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".ab".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".ac".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".badongo".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".cfg".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".corrupt".

28:39 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".cry".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".info".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".lay".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mdf".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mds".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mpq".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".sft".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".veg".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".w3m".

28:40 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".w3x".

28:40 Checking Application Cache Entries...
28:40 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" verw. Obj. "xfriend 2.5 2.5".

28:40 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" verw. Obj. "{0B486E5E-EFA5-4C05-831A-1B3A1047DF96}".

33:21 Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
33:21 Object "gain.gator Spyware/Adware" in Dateisystem gefunden!

33:21 Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
33:21 Object "gain.gator Spyware/Adware" in Dateisystem gefunden!

33:24 Off. file found: C:\DOKUME~1\Bene\LOKALE~1\Temp\cmdlineext02.dll
33:24 sys dound inf. with whenu.savenow Spyware/Adware (cmdlineext02.dll)!

33:24 Off. file found: C:\DOKUME~1\Bene\LOKALE~1\Temp\war3_install.exe
33:24 sys dound inf. with whenu.savenow Spyware/Adware (war3_install.exe)!

33:24 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\downloads\pbsetup.exe
33:24 sys dound inf. with system soap pro Spyware/Adware (pbsetup.exe)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\process.exe
33:25 sys dound inf. with trojan-downloader.bat.ftp.ab Trojan-Downloader (process.exe)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\pv.exe
33:25 sys dound inf. with drivecleaner2006 Corrupted Adware/Spyware (pv.exe)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Desktop\smitrem\swreg.exe
33:25 sys dound inf. with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\error cleaner.url
33:25 sys dound inf. with winfixer/errorsafe Adware (error cleaner.url)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\privacy protector.url
33:25 sys dound inf. with privacyprotector Corrupted Adware/Spyware (privacy protector.url)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Favoriten\spyware&malware protection.url
33:25 sys dound inf. with privacyprotector Corrupted Adware/Spyware (spyware&malware protection.url)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Lokale Einstellungen\temp\cmdlineext02.dll
33:25 sys dound inf. with whenu.savenow Spyware/Adware (cmdlineext02.dll)!

33:25 Off. file found: C:\Dokumente und Einstellungen\Bene\Lokale Einstellungen\temp\war3_install.exe
33:25 sys dound inf. with whenu.savenow Spyware/Adware (war3_install.exe)!

33:25 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/forceactivedesktopon
33:25 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/forceactivedesktopon)!

33:25 Off. Reg. Ent. found: hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
33:25 sys dound inf. with mirar Spyware/Adware (hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com)!

33:25 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/classicshell
33:25 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/classicshell)!

33:25 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispcpl
33:25 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispcpl)!

33:25 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noviewcontextmenu
33:25 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noviewcontextmenu)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispscrsavpage
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispscrsavpage)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispbackgroundpage
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispbackgroundpage)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispsettingspage
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nodispsettingspage)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/novisualstylechoice
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/novisualstylechoice)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nosizechoice
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nosizechoice)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\system/nocolorchoice
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\system/nocolorchoice)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nosavesettings
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nosavesettings)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nocomponents
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nocomponents)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noeditingcomponents
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noeditingcomponents)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nodeletingcomponents
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nodeletingcomponents)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noaddingcomponents
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noaddingcomponents)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noclosedragdropbands
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/noclosedragdropbands)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nohtmlwallpaper
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nohtmlwallpaper)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nochangingwallpaper
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\activedesktop/nochangingwallpaper)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nothemestab
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/nothemestab)!

33:26 Off. Reg. Ent. found: hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noactivedesktop
33:26 Sys. f. inf. with backdoor (ircbot) trojans Spyware/Adware (hkey_current_user\software\microsoft\windows\currentversion\policies\explorer/noactivedesktop)!

33:33 Checking MountPoints2 Registry Key...
33:33 Checking CLSID Reference Entries...
33:34 Entry "HKCR\Adobe.Illustrator.dwg" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".

33:34 Entry "HKCR\Adobe.Illustrator.dxf" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".

33:34 Entry "HKCR\Adobe.Illustrator.pict" verw. Obj. "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}".
33:37 Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" verw. Obj. "".

33:37 Checking Shared DLL Entries...
33:38 Checking Installer Entries...
33:44 Checking Shared Tools Entries...
33:44 Checking File Extension Entries...
33:44 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mdf".

33:44 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mds".

33:44 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".mpq".

33:44 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".w3m".

33:44 Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" verw. Obj. ".w3x".

39:14 Datei C:\Dokumente und Einstellungen\Bene\Anwendungsdaten\Thunderbird\Profiles\aemvo1sg.default\Mail\Local Folders\Trash//[From Pansy <Pansy@netspeedway.com>][Date Thu, 10 Aug 2006 20:28:21 +0300]/UNNAMED//[From drone1563@wargamer-project.de][Date Thu, 10 Aug 2... infiziert von "Trojan-Downloader.Win32.Agent.bmr" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.

Nun das HijackThis log:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:48, on 04.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\FlashGet\FlashGet.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\VMware\VMware Workstation\hqtray.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\DAEMON Tools Pro\DTProAgent.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\Programme\Iconoid\iconoid.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.BIN
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\xampp\apache\bin\apache.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Flashget] "C:\Programme\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a devices
O4 - HKCU\..\Run: [Iconoid] "C:\Programme\Iconoid\iconoid.exe"
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: bmlvqkn - {4D93C02E-67E1-4F8D-81F5-9CC35EEEDD43} - (no file)
O21 - SSODL: agrlmvp - {74E74DB4-6D1A-4800-9492-865325991CCE} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10597 bytes

lasse gerade nochmal kaspersky auf hoch durchlaufen!