Trojaner-Board - bitte kurzen Blick auf Log-Files,vielen dank!

Sehr geehrte Spezialisten!:)
Nach einem CopyShop Besuch hat F-Secure ständig „Trojan-GameThief.Win32.OnLineGames.bktw“ gefunden, konnte das Ding aber weder löschen noch desinfizieren etc.
Nachdem ich CCleaner und Malwarebytes ausgeführt habe, scheint alles wieder zu funktionieren. Nur der Bildschirm flackert beim Starten. Vermutlich hat das nichts damit zu tun, aber ich poste trotzdem mal die Logfiles und wäre Euch sehr dankbar wenn ihr kurz einen Blick darauf werfen könntet, ob denn wirklich wieder alles in Ordnung ist!
Vielen herzlichen Dank!!
Lieben Gruß!

Code:

Malwarebytes' Anti-Malware 1.38

Datenbank Version: 2358

Windows 5.1.2600 Service Pack 2
 

01.07.2009 15:07:06

mbam-log-2009-07-01 (15-07-06).txt
 

Scan-Methode: Vollständiger Scan (C:\|D:\|)

Durchsuchte Objekte: 218325

Laufzeit: 1 hour(s), 34 minute(s), 46 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 2

Infizierte Verzeichnisse: 2

Infizierte Dateien: 12
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BNDMSS (Trojan.Backdoor) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\programme\lame_enc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851\vse432.0xe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851\vse432.1xe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP413\A0611679.0xe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP414\A0611830.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP415\A0612425.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP415\A0612437.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP416\A0612660.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{c4fce84d-a0e5-4e05-aceb-64f10ac56126}\RP416\A0612991.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\isew32.0xe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\programme\lame_enc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:16:22, on 01.07.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE

C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programme\F-Secure Internet Security\Common\FCH32.EXE

C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Programme\F-Secure Internet Security\FSPC\fspc.exe

C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Programme\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programme\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programme\HP\QuickPlay\QPService.exe

C:\Programme\Hp\HP Software Update\HPWuSchd2.exe

C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe

C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\Winamp\winampa.exe

C:\Programme\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Programme\Skype\Phone\Skype.exe

C:\Programme\ICQ6\ICQ.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programme\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Skype\Plugin Manager\skypePM.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.net/de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q306&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = journals.meduniwien.ac.at:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?

O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=Q306&bd=pavilion&pf=laptop

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – h**p://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Update Service (gupdate1c9b3e817c322be) (gupdate1c9b3e817c322be) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

--

End of file - 12750 bytes