Trojaner-Board - Virus? psched.sys, Antivirensysteme geblockt

hier ist der log von ComboFix:
Code:
ComboFix 08-03-25.4 - Administrator 2008-03-26 20:59:09.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.130 [GMT 1:00]

ausgeführt von:: J:\ComboFix.exe

 * Neuer Wiederherstellungspunkt wurde erstellt

 * Resident AV is active
 
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat

H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat

H:\Programme\download plugin
 

----- BITS: Possible infected sites -----
 

hxxp://flycodecs.com

.

(((((((((((((((((((((((   Dateien erstellt von 2008-02-26 bis 2008-03-26  ))))))))))))))))))))))))))))))

.
 

2008-03-26 20:46 . 2008-03-26 20:46        <DIR>        d--------        H:\Programme\Yahoo!

2008-03-26 20:46 . 2008-03-26 20:46        <DIR>        d--------        H:\Programme\CCleaner

2008-03-25 21:02 . 2008-03-25 21:03        <DIR>        d--------        H:\Programme\Sophos

2008-03-25 21:02 . 2008-03-25 21:02        <DIR>        d--------        H:\Programme\Gemeinsame Dateien\Cisco Systems

2008-03-25 21:02 . 2008-03-25 21:02        <DIR>        d--------        H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos

2008-03-25 21:02 . 2006-05-08 12:00        15,872        --a------        H:\WINDOWS\system32\SophosBootTasks.exe

2008-03-25 21:01 . 2006-01-05 17:43        80,128        --a------        H:\WINDOWS\system32\drivers\savonaccesscontrol.sys

2008-03-25 21:01 . 2006-01-05 17:43        24,064        --a------        H:\WINDOWS\system32\drivers\savonaccessfilter.sys

2008-03-24 19:01 . 2008-03-24 19:01        <DIR>        d--------        H:\VundoFix Backups

2008-03-24 18:24 . 2008-03-24 18:36        <DIR>        d--------        H:\WINDOWS\system32\ActiveScan

2008-03-24 18:24 . 2008-03-24 18:46        30,590        --a------        H:\WINDOWS\system32\pavas.ico

2008-03-24 18:24 . 2008-03-24 18:46        1,406        --a------        H:\WINDOWS\system32\Help.ico

2008-03-24 16:54 . 2008-03-24 16:54        <DIR>        d--------        H:\Programme\Lavasoft

2008-03-24 16:54 . 2008-03-24 16:54        <DIR>        d--------        H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft

2008-03-24 16:53 . 2008-03-24 16:53        <DIR>        d--------        H:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2008-03-24 10:31 . 2008-03-24 10:31        <DIR>        d--------        H:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\McAfee

2008-03-23 12:55 . 2008-03-23 12:55        29        --a------        H:\WINDOWS\system32\gdsftuwi.tmp

2008-03-23 12:53 . 2008-03-23 12:53        0        --ah-----        H:\WINDOWS\system32\BIT173.tmp

2008-03-23 12:51 . 2008-03-23 14:43        <DIR>        d--------        H:\key

2008-03-22 12:15 . 2008-03-22 12:15        70,671        --a------        H:\WINDOWS\system32\INFEKT.dll

2008-03-21 18:38 . 2008-03-26 20:44        54,156        --ah-----        H:\WINDOWS\QTFont.qfn

2008-03-21 18:38 . 2008-03-21 18:38        1,409        --a------        H:\WINDOWS\QTFont.for

2008-03-21 18:37 . 2008-03-21 18:37        <DIR>        d--------        H:\Programme\iPod

2008-03-21 18:30 . 2001-08-18 04:54        53,760        --a------        H:\WINDOWS\system32\sw_wheel.dll

2008-03-21 18:30 . 2001-08-18 04:54        53,760        --a--c---        H:\WINDOWS\system32\dllcache\sw_wheel.dll

2008-03-21 18:30 . 2001-08-18 04:54        41,472        --a------        H:\WINDOWS\system32\sw_effct.dll

2008-03-21 18:30 . 2001-08-18 04:54        41,472        --a--c---        H:\WINDOWS\system32\dllcache\sw_effct.dll

2008-03-21 18:30 . 2001-08-17 14:02        35,200        --a------        H:\WINDOWS\system32\drivers\msgame.sys

2008-03-21 18:30 . 2001-08-17 14:02        35,200        --a--c---        H:\WINDOWS\system32\dllcache\msgame.sys

2008-03-20 10:35 . 2006-06-26 03:19        2,388,176        --a------        H:\WINDOWS\system\d3dx9_30.dll

2008-03-16 22:49 . 2008-03-16 22:51        <DIR>        d--------        H:\Programme\AV Vcs 4.0 DIAMOND

2008-02-29 15:45 . 2008-02-29 15:45        <DIR>        d--------        H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

2008-02-29 15:43 . 2008-02-29 15:43        <DIR>        d--------        H:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom

2008-02-29 15:38 . 2008-02-29 15:38        <DIR>        d--------        H:\Programme\TomTom HOME 2

2008-02-29 15:36 . 2008-02-29 15:36        <DIR>        d--------        H:\Programme\TomTom DesktopSuite
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 14:28        ---------        d-----w        H:\Programme\PantsOff

2008-03-24 09:31        ---------        d-----w        H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee

2008-03-22 18:00        ---------        d-----w        H:\Programme\FlashFXP

2008-03-21 17:37        ---------        d-----w        H:\Programme\iTunes

2008-03-20 09:24        ---------        d--h--w        H:\Programme\InstallShield Installation Information

2008-03-19 18:52        ---------        d-----w        H:\Programme\Miranda IM

2008-02-21 12:35        ---------        d-----w        H:\Programme\McAfee

2008-02-20 14:33        ---------        d-----w        H:\Programme\Mozilla Thunderbird

2008-02-18 13:51        ---------        d-----w        H:\Programme\QuickTime

2008-02-10 17:15        ---------        d-----w        H:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TransRender

2008-02-01 16:30        ---------        d-----w        H:\Programme\ICQLite

2008-01-27 19:58        ---------        d-----w        H:\Programme\LeechGet 2007

2008-01-10 18:01        442,376        ----a-w        H:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2006-09-19 20:26        8,304        ----a-w        H:\Programme\quick.dat

.
 

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]

                        H:\WINDOWS\system32\ssa.dll
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC51043B-AFFB-5A7D-CFA9-946E443F3C8C}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="H:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"TomTomHOME.exe"="H:\Programme\TomTom HOME 2\HOMERunner.exe" [2008-02-18 11:58 206184]

"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMixerTray"="H:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 13:30 131072]

"mcagent_exe"="H:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"iTunesHelper"="H:\Programme\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"MSConfig"="H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:58 160768]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="H:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]

"Nokia.PCSync"="H:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\INFEKT]

H:\WINDOWS\system32\INFEKT.dll 2008-03-22 12:15 70671 H:\WINDOWS\system32\INFEKT.dll
 

[HKLM\~\startupfolder\H:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Registration-PCTV.lnk]

path=H:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Registration-PCTV.lnk

backup=H:\WINDOWS\pss\Registration-PCTV.lnkStartup
 

[HKLM\~\startupfolder\H:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]

path=H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk

backup=H:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
 

[HKLM\~\startupfolder\H:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk]

path=H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk

backup=H:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
 

[HKLM\~\startupfolder\H:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

path=H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

backup=H:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
 

[HKLM\~\startupfolder\H:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk]

path=H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Scheduler.lnk

backup=H:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]

--a------ 2005-11-23 01:05 344064 H:\WINDOWS\system32\atiptaxx.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bone camp play flag]

H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\deafjoybonecamp\Five bash.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:57 15360 H:\WINDOWS\system32\ctfmon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]

--a------ 2004-08-26 21:43 56320 H:\WINDOWS\system32\delttray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

--a------ 2005-10-23 00:00 385024 H:\Programme\SyncroSoft\Pos\H2O\cledx.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hide ace]

H:\DOKUME~1\ADMINI~1\ANWEND~1\METABO~1\01 4 creative.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

--a------ 2006-05-07 17:49 3139164 H:\Programme\ICQLite\ICQLite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 13:10 267048 H:\Programme\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

H:\WINDOWS\system32\dumprep 0 -k
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--------- 2007-02-07 16:21 54832 H:\Programme\CyberLink\PowerDVD\Language\Language.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

--a------ 2002-04-09 19:25 36943 H:\Programme\ICQ\NDetect.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 17:24 1694208 H:\Programme\Messenger\msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 H:\WINDOWS\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-03-23 12:20 227328 H:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-31 23:13 385024 H:\Programme\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-03-14 21:01 71216 H:\Programme\CyberLink\PowerDVD\PDVDServ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

H:\Programme\SiteAdvisor\6172\SiteAdv.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-06-12 16:33 20002856 H:\Programme\Skype\Phone\Skype.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]

--a------ 2004-10-20 23:05 160256 H:\Programme\Softick\PPP\Bin\PPPGate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 12:03 36975 H:\Programme\Java\jre1.5.0_06\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

H:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"H:\\Programme\\ICQ\\Icq.exe"=

"H:\\Programme\\Miranda IM\\miranda32.exe"=

"H:\\Program Files\\mIRC\\mirc.exe"=

"H:\\Programme\\ICQLite\\ICQLite.exe"=

"K:\\Programme\\Steam\\SteamApps\\***@gmx.de\\counter-strike\\hl.exe"=

"K:\\WoW-1.9.4-deDE-Installer-downloader.exe"=

"K:\\Programme\\Steam\\SteamApps\\***@gmx.de\\half-life\\hl.exe"=

"K:\\Programme\\Steam\\SteamApps\\***@gmx.de\\day of defeat\\hl.exe"=

"H:\\Programme\\FlashFXP\\flashfxp.exe"=

"H:\\Programme\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"=

"K:\\Programme\\Steam\\SteamApps\\***@gmx.de\\half-life 2 deathmatch\\hl2.exe"=

"K:\\Programme\\Steam\\SteamApps\\***@gmx.de\\half-life 2\\hl2.exe"=

"H:\\Programme\\Skype\\Phone\\Skype.exe"=

"K:\\01 Filme Serien\\LimeWire\\LimeWire.exe"=

"H:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"H:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"H:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"H:\\Programme\\iTunes\\iTunes.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader
 

R1 atitray;atitray;H:\Programme\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [2006-01-24 19:32]

R1 SAVOnAccess Control;SAVOnAccess Control;H:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2006-01-05 17:43]

R1 SAVOnAccess Filter;SAVOnAccess Filter;H:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2006-01-05 17:43]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};H:\Programme\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]

R3 pctvvbi;PCTVVBI;H:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);H:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;H:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;H:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

{BDD0D2A1-17BD-47b5-A803-7E58A24073D9}
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{964dbdfc-e6d3-11dc-a5a7-000ea61fb43b}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
 

.

Inhalt des "geplante Tasks" Ordners

"2008-03-26 20:00:00 H:\WINDOWS\Tasks\A51299B4918D15FC.job"

- h:\dokume~1\admini~1\anwend~1\metabo~1\DASHINFOJUNK.exe

"2008-03-11 17:01:02 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- H:\Programme\Apple Software Update\SoftwareUpdate.exe

"2008-01-15 00:00:04 H:\WINDOWS\Tasks\McDefragTask.job"

- H:\WINDOWS\system32\defrag.exe

"2008-03-01 00:01:21 H:\WINDOWS\Tasks\McQcTask.job"

- h:\programme\mcafee\mqc\QcConsol.exe.4158 0

.

**************************************************************************
 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2008-03-26 21:03:11

Windows 5.1.2600 Service Pack 2 NTFS
 

Scanne versteckte Prozesse...
 

Scanne versteckte Autostart Einträge...
 

Scanne versteckte Dateien...
 

Scan erfolgreich abgeschlossen 

versteckte Dateien: 0 
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\H:\Programme\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

PROCESS: H:\WINDOWS\system32\winlogon.exe

-> H:\WINDOWS\system32\INFEKT.dll

.

Zeit der Fertigstellung: 2008-03-26 21:03:59

ComboFix-quarantined-files.txt  2008-03-26 20:03:50

.

2008-03-12 10:43:45        --- E O F ---