So da sind wir wieder.^^ Haben die gewünschten Tools durchlaufen lassen und posten jetzt wieder die Ergebnisse 
Gmer 1 Log ( Log des Scans der beim öffnen von Gmer automatisch startet.)
Code:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-03-19 10:44:59
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF38C3E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF38C3EE4]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----
so jetzt der Hauptlog von Gmer
Code:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-03-19 12:40:01
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF38C436E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF38C4A86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF38C560C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF38C5B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF38C4D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF38C3460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF38C5A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF38C2D0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF38C58D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF38C4102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF38C5C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF38C740E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF38C4886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF38C5976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF38C3A20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF38C3CF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF38C521C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF38C7980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF38C3E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF38C3EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF38C5016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF38C6EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF38C343C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF38C344E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF38C4030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF38C5BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF38C4B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF38C3604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF38C5AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF38C456E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF38C7438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF38C5D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF38C4492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF38C3F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF38C3BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF38C38BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF38C7128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF38C3B34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF38C30C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF38C609E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF38C5F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF38C6C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF38C3224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF38C7860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF38C2EC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF38C5312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF38C4984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF38C65F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF38C6FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF38C74C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF38C3744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF38C75A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF38C76D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF38C6DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF38C46EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF38C463C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF38C47C8]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60 80503A34 16 Bytes [02, 41, 8C, F3, 72, 5C, 8C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 80503AF0 12 Bytes [A6, 6E, 8C, F3, 3C, 34, 8C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E98 80503C6C 16 Bytes [34, 3B, 8C, F3, C2, 30, 8C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F8C 80503D60 12 Bytes [A6, 75, 8C, F3, D2, 76, 8C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F9C 80503D70 8 Bytes JMP 3CF38C46
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6E22820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6E22820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hier der Malwarebyteslog^^
Code:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3885
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
19.03.2010 13:49:32
mbam-log-2010-03-19 (13-49-32).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 277610
Laufzeit: 46 minute(s), 52 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
Und noch der HJT-log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:45, on 19.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: p6_19_erinnerung.lnk = C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8758 bytes
Hoffe es is alles so drin wie es sein sollte ^.~
LG, nipi
Zitat von nipi
AW: Rootkit-problem ist es wirklich weg?
