Trojaner-Board - Riesenproblem (Bei google wechsel andere Seiten, Keine Downloads möglich, usw.]

Code:

 Malwarebytes' Anti-Malware 1.30

Datenbank Version: 1306

Windows 5.1.2600 Service Pack 2
 

23.12.2008 10:00:33

mbam-log-2008-12-23 (10-00-30).txt
 

Scan-Methode: Vollständiger Scan (C:\|D:\|)

Durchsuchte Objekte: 240229

Laufzeit: 2 hour(s), 33 minute(s), 16 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 6

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 16
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\CLSID\{618685d1-4e5a-f8ed-18f2-01b95cf4f502} (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
 

Infizierte Dateien:

C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> No action taken.

C:\Dokumente und Einstellungen\Friedel\delself.bat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\TDSScfub.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSirxy.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSktao.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSqqon.dll (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\TDSSrhym.log (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\TDSSwrhd.log (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Rootkit.Agent) -> No action taken.

Code:

ComboFix 08-12-21.04 - Torres000 2008-12-23 10:40:35.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.1023.648 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Torres000\Desktop\ComboFix.exe

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Torres000\Cookies\femorabedy.scr

c:\windows\system32\drivers\npf.sys

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\TDSSosvd.dat

c:\windows\system32\TDSSwupe.dat

c:\windows\system32\tmp75.tmp

c:\windows\system32\tmp76.tmp

c:\windows\system32\winscenter.exe

c:\windows\system32\wpcap.dll
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_TDSSSERV.SYS

-------\Service_NPF

-------\Service_TDSSserv.sys
 
 

(((((((((((((((((((((((   Dateien erstellt von 2008-11-23 bis 2008-12-23  ))))))))))))))))))))))))))))))

.
 

2008-12-23 00:54 . 2008-12-23 00:54        <DIR>        d--------        c:\programme\TeaTimer (Spybot - Search & Destroy)

2008-12-23 00:54 . 2008-12-23 00:54        <DIR>        d--------        c:\programme\SDHelper (Spybot - Search & Destroy)

2008-12-23 00:54 . 2008-12-23 00:54        <DIR>        d--------        c:\programme\Misc. Support Library (Spybot - Search & Destroy)

2008-12-23 00:54 . 2008-12-23 00:54        <DIR>        d--------        c:\programme\File Scanner Library (Spybot - Search & Destroy)

2008-12-23 00:31 . 2008-12-23 00:31        <DIR>        d--------        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\Malwarebytes

2008-12-23 00:29 . 2008-12-23 10:43        6,375,968        --ahs----        c:\windows\system32\drivers\fidbox.dat

2008-12-23 00:29 . 2008-12-23 10:45        270,368        --ahs----        c:\windows\system32\drivers\fidbox2.dat

2008-12-23 00:29 . 2008-12-23 10:43        51,940        --ahs----        c:\windows\system32\drivers\fidbox.idx

2008-12-23 00:29 . 2008-12-23 10:45        3,052        --ahs----        c:\windows\system32\drivers\fidbox2.idx

2008-12-23 00:27 . 2008-12-23 00:27        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware

2008-12-23 00:27 . 2008-12-23 00:27        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-12-23 00:27 . 2008-10-22 16:10        38,496        --a------        c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-23 00:27 . 2008-10-22 16:10        15,504        --a------        c:\windows\system32\drivers\mbam.sys

2008-12-22 23:04 . 2008-12-22 23:06        35,497        --a------        c:\windows\system32\Neu WinRAR-Archiv.rar

2008-12-22 20:41 . 2008-12-22 20:41        <DIR>        d--------        c:\programme\Trend Micro

2008-12-22 20:06 . 2008-12-22 20:06        268        --ah-----        C:\sqmdata16.sqm

2008-12-22 20:06 . 2008-12-22 20:06        244        --ah-----        C:\sqmnoopt16.sqm

2008-12-22 19:56 . 2008-12-22 20:08        <DIR>        d--------        c:\programme\Spybot - Search & Destroy

2008-12-22 19:30 . 2008-12-22 19:30        <DIR>        d--------        c:\dokumente und einstellungen\Friedel\Contacts

2008-12-21 11:24 . 2008-12-21 11:24        244        --ah-----        C:\sqmnoopt15.sqm

2008-12-21 11:24 . 2008-12-21 11:24        232        --ah-----        C:\sqmdata15.sqm

2008-12-20 11:17 . 2008-12-23 10:07        156        --a------        c:\windows\system32\BsMain.ini

2008-12-20 11:07 . 2008-12-20 11:29        <DIR>        dr-------        C:\RavBin

2008-12-20 11:07 . 2008-12-20 12:35        164,976        --a------        c:\windows\system32\drivers\HookSys.sys

2008-12-20 11:07 . 2008-12-20 12:36        63,088        --a------        c:\windows\system32\drivers\HookNtos.sys

2008-12-20 11:07 . 2008-12-20 12:36        39,024        --a------        c:\windows\system32\drivers\HOOKREG.sys

2008-12-20 11:07 . 2008-12-20 12:35        30,704        --a------        c:\windows\system32\drivers\HookHelp.sys

2008-12-20 11:07 . 2008-12-20 12:36        13,808        --a------        c:\windows\system32\drivers\HookCont.sys

2008-12-20 11:06 . 2008-12-20 11:00        1,060,864        --a------        c:\windows\system32\mfc71.dll

2008-12-20 11:06 . 2008-12-20 12:38        237,168        --a------        c:\windows\system32\bsmain.exe

2008-12-20 11:06 . 2008-12-20 12:35        113,264        --a------        c:\windows\system32\RavExt.dll

2008-12-20 11:06 . 2008-12-20 12:38        10,736        --a------        c:\windows\system32\drivers\RsNTGdi.sys

2008-12-20 11:06 . 2008-12-23 10:07        90        --a------        c:\windows\Rav.inf

2008-12-20 11:03 . 2008-12-20 11:03        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Rising

2008-12-20 11:03 . 2008-12-23 10:06        42        --a------        c:\windows\Rav.ini

2008-12-20 11:03 . 2008-12-20 11:03        27        --a------        c:\windows\Language.ini

2008-12-20 10:06 . 2008-12-20 10:06        96,976        --a------        c:\windows\system32\drivers\klin.dat

2008-12-20 10:06 . 2008-12-20 10:06        87,855        --a------        c:\windows\system32\drivers\klick.dat

2008-12-20 10:05 . 2008-12-20 10:05        <DIR>        d--------        c:\programme\Kaspersky Lab

2008-12-20 10:05 . 2008-12-23 10:45        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2008-12-20 09:56 . 2008-12-20 10:17        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

2008-12-17 18:13 . 2008-12-17 19:42        8        --a------        c:\windows\system32\nvModes.dat

2008-12-17 18:05 . 2008-12-17 18:05        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\nView_Profiles

2008-12-16 20:30 . 2008-12-23 09:59        3,174        --a------        c:\windows\wininit.ini

2008-12-15 08:29 . 2003-10-03 16:28        45,056        --a------        c:\windows\system32\vusetup.dll

2008-12-15 08:29 . 2005-06-06 17:51        11,264        --a------        c:\windows\system32\drivers\vulfntr.sys

2008-12-15 08:29 . 2005-01-05 18:02        6,912        --a------        c:\windows\system32\drivers\vulfnth.sys

2008-12-14 21:26 . 2004-08-03 22:59        49,536        --a------        c:\windows\system32\drivers\abaogpl4.sys

2008-12-14 20:40 . 2008-12-14 20:40        <DIR>        d--------        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\DAEMON Tools Pro

2008-12-14 20:40 . 2008-12-14 20:42        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro

2008-12-14 20:21 . 2008-03-13 00:38        445,504        --a------        c:\windows\system32\vp6vfw.dll

2008-12-14 17:57 . 2008-12-14 17:57        <DIR>        d--------        c:\programme\PcCloneEX

2008-12-14 17:57 . 2008-12-14 17:57        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FNET

2008-12-14 17:57 . 2008-12-14 17:57        7,040        --a------        c:\windows\system32\drivers\FNETURPX.SYS

2008-12-14 11:44 . 2000-02-25 13:43        302,592        --a------        c:\windows\mauninst.exe

2008-12-13 19:46 . 2008-12-13 19:46        <DIR>        d--------        C:\CASIO

2008-12-13 19:46 . 2002-06-13 19:07        40,672        --a------        c:\windows\system32\drivers\CESG502.sys

2008-12-12 15:44 . 2008-12-12 15:44        <DIR>        d--------        C:\Hauppauge

2008-12-12 15:13 . 2004-08-04 00:58        43,008        --a------        c:\windows\system32\ksxbar.ax

2008-12-12 15:13 . 2004-08-04 00:58        43,008        --a--c---        c:\windows\system32\dllcache\ksxbar.ax

2008-12-12 15:13 . 2004-08-04 00:58        33,280        --a------        c:\windows\system32\PsisRndr.ax

2008-12-12 15:13 . 2004-08-04 00:58        33,280        --a--c---        c:\windows\system32\dllcache\psisrndr.ax

2008-12-12 15:13 . 2004-08-04 00:58        18,432        --a--c---        c:\windows\system32\dllcache\bdaplgin.ax

2008-12-12 15:13 . 2004-08-04 00:58        18,432        --a------        c:\windows\system32\BdaPlgIn.ax

2008-12-12 15:13 . 2004-08-03 23:10        11,776        --a------        c:\windows\system32\drivers\BdaSup.sys

2008-12-12 15:13 . 2004-08-03 23:10        11,776        --a--c---        c:\windows\system32\dllcache\bdasup.sys

2008-12-11 18:30 . 2008-12-11 18:30        <DIR>        d--------        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\Nvu

2008-12-08 19:32 . 2008-12-08 20:34        101        --a------        c:\windows\CMMIXER.INI

2008-12-08 17:24 . 2008-12-08 17:24        <DIR>        d--------        c:\programme\EA Games
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-23 09:28        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2008-12-22 19:46        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater

2008-12-22 19:09        183,112        ----a-w        c:\windows\system32\PnkBstrB.exe

2008-12-22 19:09        138,184        ----a-w        c:\windows\system32\drivers\PnkBstrK.sys

2008-12-21 12:48        ---------        d-----w        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\temp

2008-12-20 14:13        ---------        d-----w        c:\programme\Webteh

2008-12-20 14:13        ---------        d-----w        c:\programme\MessengerDiscovery

2008-12-20 08:57        ---------        d-----w        c:\programme\Avira

2008-12-20 08:57        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

2008-12-18 16:17        ---------        d-----w        c:\programme\DAEMON Tools Toolbar

2008-12-18 16:17        ---------        d-----w        c:\programme\DAEMON Tools

2008-12-17 12:15        ---------        d-----w        c:\dokumente und einstellungen\Friedel\Anwendungsdaten\temp

2008-12-16 20:36        ---------        d-----w        c:\programme\Everest Poker

2008-12-13 18:46        ---------        d--h--w        c:\programme\InstallShield Installation Information

2008-12-09 13:12        66,872        ----a-w        c:\windows\system32\PnkBstrA.exe

2008-12-01 21:12        ---------        d-----w        c:\programme\guhaqdc

2008-11-22 10:10        ---------        d-----w        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\GlarySoft

2008-11-22 10:04        ---------        d-----w        c:\programme\Cheat Engine

2008-11-11 19:00        218,376        ----a-w        c:\windows\system32\klogon.dll

2008-11-11 18:58        25,601        ----a-w        c:\windows\system32\drivers\klopp.dat

2008-11-07 21:13        ---------        d--h--r        c:\dokumente und einstellungen\Friedel\Anwendungsdaten\SecuROM

2008-10-31 18:31        ---------        d---a-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2008-10-31 18:25        ---------        d-----w        c:\programme\Gemeinsame Dateien\Symantec Shared

2008-10-31 18:23        ---------        d-----w        c:\programme\Gemeinsame Dateien\AVSMedia

2008-10-31 18:23        ---------        d-----w        c:\programme\AVS4YOU

2008-10-30 13:47        107,888        ----a-w        c:\windows\system32\CmdLineExt.dll

2008-10-28 20:47        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus!

2008-10-28 20:44        ---------        d-----w        c:\programme\Messenger Plus! Live

2008-10-27 09:04        70,992        ----a-w        c:\windows\system32\XAPOFX1_2.dll

2008-10-27 09:04        514,384        ----a-w        c:\windows\system32\XAudio2_3.dll

2008-10-27 09:04        235,856        ----a-w        c:\windows\system32\xactengine3_3.dll

2008-10-27 09:04        23,376        ----a-w        c:\windows\system32\X3DAudio1_5.dll

2008-10-25 17:02        ---------        d-----w        c:\programme\SystemRequirementsLab

2008-10-23 20:47        ---------        d-----w        c:\dokumente und einstellungen\Friedel\Anwendungsdaten\OpenOffice.org

2008-10-10 03:52        452,440        ----a-w        c:\windows\system32\d3dx10_40.dll

2008-10-10 03:52        4,379,984        ----a-w        c:\windows\system32\D3DX9_40.dll

2008-10-10 03:52        2,036,576        ----a-w        c:\windows\system32\D3DCompiler_40.dll

2008-10-08 09:42        19,750        ----a-w        c:\programme\Gemeinsame Dateien\zyqy.db

2008-10-08 09:42        19,386        ----a-w        c:\windows\owidyqinor.pif

2008-10-08 09:42        19,209        ----a-w        c:\windows\gipesysufa.dll

2008-10-08 09:42        17,625        ----a-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\nyga.bat

2008-10-08 09:42        15,352        ----a-w        c:\programme\Gemeinsame Dateien\lesydoru.reg

2008-10-08 09:42        13,147        ----a-w        c:\programme\Gemeinsame Dateien\vymi.com

2008-10-08 09:42        12,895        ----a-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\budizuca.bin

2008-10-08 09:42        10,890        ----a-w        c:\windows\system32\avanol.exe

2008-10-08 09:42        10,173        ----a-w        c:\windows\wuke.scr

2008-10-08 09:42        10,113        ----a-w        c:\programme\Gemeinsame Dateien\mohyxuw.scr

2008-10-02 08:07        453,152        ----a-w        c:\windows\system32\NVUNINST.EXE

2008-09-25 17:13        22,328        ----a-w        c:\dokumente und einstellungen\Torres000\Anwendungsdaten\PnkBstrK.sys

2008-09-25 17:11        682,280        ----a-w        c:\windows\system32\pbsvc(3).exe

2008-09-24 08:56        682,280        ----a-w        c:\windows\system32\pbsvc.exe

2008-09-23 16:17        48,397        ----a-w        c:\windows\UninstVeetleTVPlayer.exe

2008-09-23 10:55        682,280        ----a-w        c:\windows\system32\pbsvc(2).exe

2008-07-16 09:22        22,328        ----a-w        c:\dokumente und einstellungen\Friedel\Anwendungsdaten\PnkBstrK.sys

2001-11-23 11:08        712,704        -c--a-w        c:\windows\inf\OTHER\AUDIO3D.DLL

2008-10-06 14:49        67,696        ----a-w        c:\programme\mozilla firefox\components\jar50.dll

2008-10-06 14:49        54,376        ----a-w        c:\programme\mozilla firefox\components\jsd3250.dll

2008-10-06 14:49        34,952        ----a-w        c:\programme\mozilla firefox\components\myspell.dll

2008-10-06 14:49        46,720        ----a-w        c:\programme\mozilla firefox\components\spellchk.dll

2008-10-06 14:49        172,144        ----a-w        c:\programme\mozilla firefox\components\xpinstal.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"DAEMON Tools Pro Agent"="d:\programme\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVP"="c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]

"RavTask"="d:\programme\Rising\Rav\RavTask.exe" [2008-12-20 211568]

"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2008-12-20 113264]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" -lang 1033

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime

"MMReminderService"=c:\programme\Mindjet\MindManager 6\MMReminderService.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\steamapps\\torres000\\counter-strike source\\hl2.exe"=

"d:\\Programme\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\GMOD10\\hl2.exe"=

"d:\\steamapps\\torres000\\half-life 2 deathmatch\\hl2.exe"=

"d:\\AR2\\game.exe"=

"d:\\Programme\\EA Games\\Nightfire\\Bond.exe"=

"d:\\Miranda IM\\miranda32.exe"=

"d:\\Programme\\MirandaFusion\\miranda32.exe"=

"d:\\QIP\\qip.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"d:\\Programme\\ICQ6\\ICQ.exe"=

"c:\\Programme\\Ubisoft\\DIE SIEDLER - Aufstieg eines Königreichs\\base\\bin\\Settlers6.exe"=

"d:\\Programme\\Codemasters\\GRID\\GRID.exe"=

"d:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"d:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"d:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Programme\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys [2008-12-20 10736]

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2008-12-14 7040]

R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-20 13808]

R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-20 63088]

R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-12-20 39024]

R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-20 164976]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S2 RsCCenter;Rising Process Communication Center;"d:\programme\Rising\Rav\CCenter.exe" [2008-12-20 162416]

S2 RsRavMon;Rising RealTime Monitor;"d:\programme\RISING\RAV\Ravmond.exe" [2008-12-20 395888]

S3 MRVW225;A/WLAN-1 Wireless LAN Dirver for Windows XP;c:\windows\system32\DRIVERS\MRVW225.sys [2008-05-04 299904]

S3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2008-12-13 40672]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe []
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0da2bf83-fd7d-11dc-a1df-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CFE05E0A-D910-DDD3-B67D-C70C0E9B94BB}]

c:\windows\iexplorer.exe

.

Inhalt des "geplante Tasks" Ordners
 

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
 

2008-12-23 c:\windows\Tasks\GlaryInitialize.job

- d:\programme\Glary Utilities\initialize.exe [2008-10-29 17:58]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

TCP: {9507004F-47D4-4460-A1CC-39AD0CD18772} = 62.220.18.8 89.246.64.8

FF - ProfilePath - c:\dokumente und einstellungen\Torres000\Anwendungsdaten\Mozilla\Firefox\Profiles\oi9klaay.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://ts-ticketshop.de

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - component: c:\programme\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np32dsw.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npdivx32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin7.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\NPSWF32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLC\npvlc.dll

FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\programme\DivX\DivX Web Player\npdivx32.dll

.
 

**************************************************************************
 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-23 10:45:38

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostarteinträge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Lavasoft\Ad-Aware\aawservice.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

d:\programme\Rising\Rav\RavMon.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2008-12-23 10:50:08 - PC wurde neu gestartet [Torres000]

ComboFix-quarantined-files.txt  2008-12-23 09:50:05
 

Vor Suchlauf: 18 Verzeichnis(se), 22,857,285,632 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 23,006,167,040 Bytes frei
 

306        --- E O F ---        2008-09-10 11:23:50

Sry für 3xFach post ! Logfiles zulang muss neue Antwort erstellen

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:56:02, on 23.12.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Mixer.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Programme\Rising\Rav\RavTask.exe

C:\Programme\Windows Live\Messenger\MsnMsgr.Exe

D:\Programme\Rising\Rav\Ravmon.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe

D:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Windows Live\Messenger\usnsvc.exe

C:\Dokumente und Einstellungen\Torres000\Desktop\qlketzd.com
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = h**p://dnl.crawler.com/support/sa_customize.aspx?TbId=60429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [RavTask] "D:\Programme\Rising\Rav\RavTask.exe" -system

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programme\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206829949250

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - h**p://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9507004F-47D4-4460-A1CC-39AD0CD18772}: NameServer = 62.220.18.8 89.246.64.8

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Programme\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe

O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\Programme\Rising\Rav\CCenter.exe

O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\PROGRAMME\RISING\RAV\Ravmond.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Programme\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Programme\Spyware Doctor\pctsSvc.exe (file missing)
 

--

End of file - 6915 bytes