[Trojan:Win32/Vundo.gen!H] Wie entferne ich ihn?

eXecutor · 11.07.2008, 22:06

Guten Abend,

ich habe folgendes Problem:
Seit etwa zwei Tagen habe ich einen Trojaner auf dem Computer. Gemeldet wird mir das durch Windows Defender von Windows Vista (mein GDATA TotalCare meldet nix, Bild im Anhang). Außerdem will der Windows Explorer seit diesem Virus bei jedem Systemstart die Registrierungsdatenbank zwei mal ändern:

Code:

ATTFilter

Die Anwendung "Windows-Explorer" versucht
die Registrierungsdatenbank zu ändern.

Möchten Sie die Änderung zulassen? 

Eintrag: \REGISTRY\USER\S-1-5-21-2902914837-3246739430-1013117945-1007\Software\Microsoft\Windows\CurrentVersion\Run
Schlüssel: MSServer

Information:
Dieser Eintrag bindet eine neue Anwendung ein, die beim Start des Systems ausgeführt wird.

[] Auf alle anwenden

[	Ja	]  [	Nein	]

Hier hab ich immer mit Ja geantwortet. Im Laufe der Betriebszeit taucht dieses Fenster nicht mehr auf.

Ich habe erfolglos versucht mit den Methoden dieser Seite den Virus zu entfernen.
Bei Methode 1:
Bin ich nicht zurecht gekommen weil ich Begriffe wie Schirm und Instanz nicht verstanden habe.
Bei Methode 2:
Wird nichts gefunden

Code:

ATTFilter

[07/11/2008, 22:19:46] - VirtumundoBeGone v1.5 ( "C:\Users\*****\Desktop\vundo\VirtumundoBeGone.exe" )
[07/11/2008, 22:19:56] - Detected System Information:
[07/11/2008, 22:19:56] -  Windows Version: 6.0.6000, 
[07/11/2008, 22:19:56] -  Current Username: ***** (Admin)
[07/11/2008, 22:19:56] -  Windows is in SAFE mode with Networking.
[07/11/2008, 22:19:56] - Searching for Browser Helper Objects:
[07/11/2008, 22:19:56] -  BHO 1: {0124123D-61B4-456f-AF86-78C53A0790C5} (G DATA WebFilter)
[07/11/2008, 22:19:56] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader)
[07/11/2008, 22:19:56] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2008, 22:19:56] - Finished Searching Browser Helper Objects
[07/11/2008, 22:19:56] - Finishing up...
[07/11/2008, 22:19:56] - Nothing found! Exiting...

Bei Methode 3:
Das Programm findet ebenfalls nichts.
Bei Methode 4:
Das Programm findet viele Dateien (über 600 warens..), hab auch alles behoben. Windows Defender meldet sich nach dem Neustart immernoch mit dem selben Virus.
Bei Methode 5:
Zu viel Aufwand
Bei Methode 6:
Das Programm findet drei *.dll Dateien. Wenn ich sie aber löschen will, sagt mir das Programm dass diese nicht gelöscht werden konnten. Ich soll sie nach dem neustart löschen. Wenn ich das aber mache, kommt immer wieder das selbe.

Falls es hilft hab ich noch ein Logfile von HiJackThis:

Code:

ATTFilter

Logfile of HijackThis v1.99.1
Scan saved at 23:01:27, on 11.07.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe
C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\explorer.exe
C:\Users\niko2\Desktop\vundo\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity totalcare\avkkid\avkcks.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiffDTLe.dll,#1
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Update] C:\Windows\system32\antivirus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVK Tuner Service - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Ich benutze Windows Vista Home Premium. Nach längerem Arbeiten mit dem Pc wird der Computer immer langsamer. Ich starte dann immer neu, damit ich normal weiterarbeiten kann...

Kann mir jemand helfen? Wäre sehr dankbar!!

trojan-death · 12.07.2008, 11:16

Hi und

Bitte erstelle als erstes ein HijackThis Logfile (mit der neuesten Version

)
Vorher lässt du aber Malwarebytes laufen, lässt alles gefunde löschen und postest das Logfile

Weiter erstellst du bitte ein Logfile mit RunScanner und postest es ebenfalls

eXecutor · 12.07.2008, 14:12

Okay. Hier das von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 941
Windows 6.0.6000 

15:04:18 12.07.2008
mbam-log-7-12-2008 (15-04-18).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 335293
Scan Dauer: 2 hour(s), 20 minute(s), 19 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 32

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6d24bea-4078-4218-a917-f9aefa905462} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ff9ec787-86c2-4f83-967e-da1a680fdde5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a5db8e7-2b26-4b0a-ab00-a42dd0899d11} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60849e3f-4118-4f36-9590-c15d882c41ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f4cc6aa2-4546-45cf-abd8-37a9436e7e1a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoaccesscodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\VideoAccessCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\iiffDTLe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\byXPJCSm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\byXQIYSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\efcAQIbX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\fccbYrqO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\geBssrPi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\khfCrQIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\mlJBUMDu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\pmnoNHXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\qoMcbxUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\ssqNGVoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00011f52 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00013062 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00013458 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00013e56 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp0001446e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00015530 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp000155ec (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp0001c4b5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tmp00020702 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\tuvWqQkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\urqPfCSK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\AppData\Local\Temp\yayxwUlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\niko2\GAMES & PROGGIS\Battlefield 2\Battlefield.2.Keygen-ViTALiTY\vtl-bf2k.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\VundoFix Backups\iiffDTLe.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ljJDTNEV.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\rqRHwULb.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJDTNEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRHwULb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec\install.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\VideoAccessCodec\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Das Log von Runscanner:

Code:

ATTFilter

Runscanner logfile http://www.runscanner.net 

* = signed file
- = file not found

000 General info
----------------
Computer name : NIKO-PC
Creation time : 12.07.2008 15:07:27
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16681
OS : Windows Vista (TM) Home Premium
OS Build : 6000
OS SP : 
RunScanner Version : 1.6.3.0
User Language : Deutsch (Deutschland)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\windows\system32\services.exe (Microsoft Corporation)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
* c:\program files\ashampoo\ashampoo magical defrag\bin\adefragctrl.exe
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\program files\g data internetsecurity totalcare\avk\avkwctl.exe (G DATA Software AG)
c:\program files\bonjour\mdnsresponder.exe (Apple Computer, Inc.)
c:\program files\home cinema\tv enhance\kernel\tv\tvecapsvc.exe
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
c:\program files\home cinema\tv enhance\kernel\tv\tvesched.exe
c:\program files\home cinema\tv enhance\tveservice.exe (CyberLink Corp.)
* c:\windows\system32\dwm.exe (Microsoft Corporation)
* c:\windows\system32\notepad.exe (Microsoft Corporation)
c:\program files\intel\intel matrix storage manager\iaanotif.exe (Intel Corporation)
* c:\program files\mozilla firefox 3 beta 3\firefox.exe (Mozilla Corporation)
* c:\program files\common files\g data\avkproxy\avkproxy.exe (G DATA Software AG)
* c:\program files\g data internetsecurity totalcare\avk\avkservice.exe (G DATA Software AG)
* c:\program files\g data internetsecurity totalcare\avktray\avktray.exe (G DATA Software AG)
* c:\program files\g data internetsecurity totalcare\firewall\gdfwsvc.exe (G DATA Software AG)
* c:\program files\g data internetsecurity totalcare\firewall\gdfirewalltray.exe (G DATA Software AG)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\windows\rthdvcpl.exe (Realtek Semiconductor)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\program files\icq6\icq.exe (ICQ, Inc.)
* c:\program files\java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\windows\system32\lsm.exe (Microsoft Corporation)
c:\program files\common files\lightscribe\lssrvc.exe (Hewlett-Packard Company)
c:\windows\system32\drivers\cdac11ba.exe (Macrovision)
* c:\windows\system32\searchfilterhost.exe (Microsoft Corporation)
* c:\windows\system32\searchindexer.exe (Microsoft Corporation)
* c:\windows\system32\searchprotocolhost.exe (Microsoft Corporation)
* c:\windows\system32\vssvc.exe (Microsoft Corporation)
* c:\windows\system32\slsvc.exe (Microsoft Corporation)
c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)
c:\program files\common files\ahead\lib\nmindexingservice.exe (Nero AG)
c:\program files\common files\ahead\lib\NMIndexStoreSvr.exe (Nero AG)
c:\program files\razer\lachesis\osd.exe (razercfg MFC Application)
* c:\windows\system32\pnkbstra.exe
c:\program files\intel\intel matrix storage manager\iaantmon.exe (Intel Corporation)
c:\program files\razer\lachesis\razerofa.exe (Razer Inc.)
c:\program files\razer\lachesis\razerhid.exe
c:\program files\razer\lachesis\razertra.exe
c:\program files\cyberlink\shared files\richvideo.exe
* c:\runscanner.exe (Runscanner.net)
c:\program files\sceneo\bonavista\services\pvr\pvrservice.exe (Buhl Data Service GmbH)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\program files\daemon tools\daemon.exe (DT Soft Ltd.)
* c:\program files\windows defender\msascui.exe (Microsoft Corporation)
* c:\windows\system32\wudfhost.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* c:\program files\windows media player\wmpnscfg.exe (Microsoft Corporation)
* c:\program files\windows media player\wmpnetwk.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\rundll32.exe (Microsoft Corporation)
* c:\windows\system32\wininit.exe (Microsoft Corporation)
c:\progra~1\common~1\x10\common\x10nets.exe (X10)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\g data internetsecurity totalcare\avktray\avktray.exe (G DATA Software AG)
* c:\program files\daemon tools\daemon.exe (DT Soft Ltd.)
c:\program files\intel\intel matrix storage manager\iaanotif.exe (Intel Corporation)
c:\program files\common files\installshield\updateservice\issch.exe (InstallShield Software Corporation)
c:\program files\razer\lachesis\razerhid.exe
c:\program files\common files\ahead\lib\nerocheck.exe (Nero AG)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\sceneo\bonavista\services\odsbc\odsbcapp.exe (ODSoft multimedia)
c:\program files\home cinema\tv enhance\tveservice.exe (CyberLink Corp.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)
c:\fraps\fraps.exe (Beepa P/L)
* c:\program files\icq6\icq.exe (ICQ, Inc.)

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
* c:\progra~1\ashampoo\ashamp~1\bin\adefra~1.exe
* c:\progra~1\gdatai~1\firewall\gdfire~1.exe (G DATA Software AG)

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
* c:\progra~1\ashampoo\ashamp~1\bin\adefra~1.exe
* c:\progra~1\gdatai~1\firewall\gdfire~1.exe (G DATA Software AG)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\program files\bonjour\mdnsresponder.exe (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##)
* c:\program files\common files\aol\acs\aolacsd.exe (AOL Connectivity Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\program files\ashampoo\ashampoo magical defrag\bin\adefragservice.exe (Ashampoo Defrag Service)
* c:\program files\g data internetsecurity totalcare\avk\avkservice.exe (AVK Service)
* c:\program files\g data internetsecurity totalcare\avktuner\avktunerservice.exe (AVK Tuner Service)
* c:\program files\g data internetsecurity totalcare\avk\avkwctl.exe (AVK Wächter)
* c:\program files\common files\g data\avkproxy\avkproxy.exe (AVKProxy)
- c:\program files\common files\avm\de_serv.exe (AVM FRITZ!web Routing Service)
c:\windows\system32\drivers\cdac11ba.exe (C-DillaCdaC11BA)
c:\program files\cyberlink\shared files\richvideo.exe (Cyberlink RichVideo Service(CRVS))
c:\magix\common\database\bin\fbserver.exe (Firebird Server - MAGIX Instance)
c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe (FLEXnet Licensing Service)
* c:\program files\g data internetsecurity totalcare\firewall\gdfwsvc.exe (G DATA Personal Firewall)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\program files\intel\intel matrix storage manager\iaantmon.exe (Intel(R) Matrix Storage Event Monitor)
* c:\program files\ipod\bin\ipodservice.exe (iPod-Dienst)
c:\program files\common files\lightscribe\lssrvc.exe (LightScribeService Direct Disc Labeling Service)
c:\program files\nero\nero 7\nero backitup\nbservice.exe (NBService)
c:\program files\common files\ahead\lib\nmindexingservice.exe (NMIndexingService)
* c:\windows\system32\pnkbstra.exe (PnkBstrA)
c:\program files\sceneo\bonavista\services\pvr\pvrservice.exe (Sceneo PVR Service)
* C:\Windows\system32\sfrem01.exe (SF FrontLine Drivers Auto Removal (v1))
c:\program files\home cinema\tv enhance\kernel\tv\tvecapsvc.exe (TVEnhance Background Capture Service (TBCS))
c:\program files\home cinema\tv enhance\kernel\tv\tvesched.exe (TVEnhance Task Scheduler (TTS)))
c:\progra~1\common~1\x10\common\x10nets.exe (X10 Device Network Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\ab37erb4.sys (ab37erb4)
- c:\windows\system32\drivers\asinshelp32.sys (ASInsHelp)
C:\Windows\system32\drivers\atksgt.sys (atksgt)
- c:\windows\system32\drivers\netfwdsl.sys (AVM FRITZ!web DSL PPP)
c:\windows\system32\drivers\cdac15ba.sys (CdaC15BA)
* C:\Windows\system32\drivers\gdwfpcd32.sys (G DATA WFP CD)
* c:\windows\system32\drivers\miniicpt.sys (GDMnIcpt)
* c:\windows\system32\drivers\pkticpt.sys (GDPkIcpt)
* c:\windows\system32\drivers\gdtdiicpt.sys (GDTdiInterceptor)
* C:\Windows\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\Windows\system32\drivers\hamachi.sys (Hamachi Network Interface)
* c:\windows\system32\drivers\hookcentre.sys (HookCentre)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
C:\Windows\system32\drivers\lirsgt.sys (lirsgt)
C:\Windows\system32\drivers\usbsermpt.sys (Motorola USB Modem Driver for MPT)
* C:\Windows\system32\drivers\npf.sys (Netgroup Packet Filter)
C:\Windows\system32\drivers\se27bus.sys (Sony Ericsson Device 039 Driver driver (WDM))
C:\Windows\system32\drivers\se27nd5.sys (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS))
C:\Windows\system32\drivers\se27unic.sys (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM))
C:\Windows\system32\drivers\se27mgmt.sys (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM))
C:\Windows\system32\drivers\se27mdm.sys (Sony Ericsson Device 039 USB WMC Modem Driver)
C:\Windows\system32\drivers\se27mdfl.sys (Sony Ericsson Device 039 USB WMC Modem Filter)
C:\Windows\system32\drivers\se27obex.sys (Sony Ericsson Device 039 USB WMC OBEX Interface)
C:\Windows\system32\drivers\sptd.sys (sptd)
* C:\Windows\system32\drivers\sfdrv01.sys (StarForce Protection Environment Driver (version 1.x))
c:\windows\system32\drivers\prodrv06.sys (StarForce Protection Environment Driver v6)
C:\Windows\system32\drivers\sfhlp01.sys (StarForce Protection Helper Driver)
* C:\Windows\system32\drivers\sfhlp02.sys (StarForce Protection Helper Driver (version 2.x))
C:\Windows\system32\drivers\prohlp02.sys (StarForce Protection Helper Driver v2)
* C:\Windows\system32\drivers\sfsync02.sys (StarForce Protection Synchronization Driver (version 2.x))
C:\Windows\system32\drivers\prosync1.sys (StarForce Protection Synchronization Driver v1)
* C:\Windows\system32\drivers\sfvfs02.sys (StarForce Protection VFS Driver (version 2.x))
* c:\windows\system32\drivers\vaxscsi.sys (vaxscsi)
* C:\Windows\system32\drivers\x10hid.sys (X10 Hid Device)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

032 HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
-----------------------------------------------------------------------------------
- rdpclip

033 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
-----------------------------------------------------------------------
* c:\program files\g data internetsecurity totalcare\avkkid\avkcks.exe

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
- c:\windows\system32\antivirus.exe {FF7637BD-AF04-D060-AF28-E08C500AB9AD}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\g data internetsecurity totalcare\webfilter\avkwebie.dll (G DATA Software AG) {0124123D-61B4-456f-AF86-78C53A0790C5}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
* c:\program files\icq6\icq.exe (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\g data internetsecurity totalcare\webfilter\avkwebie.dll (G DATA Software AG) {0124123D-61B4-456f-AF86-78C53A0790C5}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
GUID / CLSID not found {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\Windows\system32\avmprmon.dll (AVM Berlin GmbH)
C:\Windows\system32\hpzlnt03.dll (HP)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : www.msn.de
Start Page HKCU : http://www.google.de/

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Nach Microsoft E&xel exportieren : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
c:\program files\bonjour\mdnsnsp.dll (Apple Computer, Inc.)

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{5a79367f-669c-11dc-a5ce-00038a000015} : E:\autorun.exe
{5a793685-669c-11dc-a5ce-00038a000015} : H:\RunGame.exe
{f398f161-ddf8-11db-bb20-806e6f6e6963} : J:\Start.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\g data internetsecurity totalcare\avk\shellext.dll (G DATA Software AG) {CAF4C320-32F5-11D3-A222-004095200FF2}
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
c:\program files\g data internetsecurity totalcare\avk\shellext.dll (G DATA Software AG) {CAF4C320-32F5-11D3-A222-004095200FF2}
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
GUID / CLSID not found
GUID / CLSID not found
c:\program files\g data internetsecurity totalcare\avk\shellext.dll (G DATA Software AG) {CAF4C320-32F5-11D3-A222-004095200FF2}
c:\program files\g data internetsecurity totalcare\avk\shellext.dll (G DATA Software AG) {CAF4C320-32F5-11D3-A222-004095200FF2}
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
* c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
GUID / CLSID not found {73B24247-042E-4EF5-ADC2-42F62E6FD654}
c:\windows\system32\shellext\cryptext.dll {990a81a0-b289-11cf-a800-00a0c903a2a6}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
GUID / CLSID not found OpenOffice.org Column Handler

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

eXecutor · 12.07.2008, 14:13

Und das von HiJackThis:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:07, on 12.07.2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe
C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFirewallTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Users\niko2\Desktop\hijackthis+\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity totalcare\avkkid\avkcks.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVK Tuner Service - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10549 bytes

trojan-death · 12.07.2008, 19:23

Ok

Bitte lade folgende Dateien bei VirusTotal hoch und poste das Ergebnis

c:\program files\home cinema\tv enhance\kernel\tv\tvecapsvc.exe
C:\Windows\system32\sfrem01.exe
c:\windows\system32\drivers\netfwdsl.sys

Lass bitte auch mal CCleaner laufen

Auch die Funktion um die Registry zu cleanen benutzen

Mach dies bis keine Fehler mehr gefunden werden.

eXecutor · 13.07.2008, 12:07

tvecapsvc.exe
Im ersten Teil steht bei Ergenis immer ein -
Hier das andere:

Code:

ATTFilter

weitere Informationen
File size: 290908 bytes
MD5...: b5a12fe3da880d2c5e1bb35942d64f06
SHA1..: cfef0f73efebde7e5b036bf43262177fadcf55c3
SHA256: a448cec82fd9ea926526b7b43f060ea5369d0a2eebe460bd2670f196f76cd711
SHA512: 7c340339e1c31b0d5bfcb8e6cbc2b2025209cd96e9c4a1c2e0b88b6a0dadd359
b8eae1f00f170531910fb1da55ce232e6cff0e86aaebc851dd13b204f172fb9a
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41e8b1
timedatestamp.....: 0x45a25761 (Mon Jan 08 14:38:25 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x28056 0x29000 6.47 2d28f7d4688bf045d96340571dc7f7bc
.rdata 0x2a000 0x6438 0x7000 4.15 022a49fd74bbfccc96df4bad03ea36ae
.data 0x31000 0xa11c 0x7000 3.92 298b752c796c444caed8c7b87f10b9c1
.rsrc 0x3c000 0xe500 0xf000 4.82 285bd7ad90d7274b4f5e0a62f8499f7b

( 9 imports )
> SHLWAPI.dll: PathFileExistsW
> PSAPI.DLL: GetProcessImageFileNameA, EnumProcesses
> SHELL32.dll: ShellExecuteA, ShellExecuteExW
> KERNEL32.dll: lstrlenW, GetShortPathNameA, WideCharToMultiByte, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcpynA, IsDBCSLeadByte, lstrcpyA, lstrcatA, GetCurrentThread, GetSystemTime, OutputDebugStringW, GetModuleFileNameW, ReadFile, SetEndOfFile, CreateFileA, FlushFileBuffers, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetFilePointer, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, GetFileType, GetModuleFileNameA, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, WriteFile, HeapSize, IsBadWritePtr, VirtualAlloc, lstrlenA, GetCommandLineA, lstrcmpiA, GetCurrentThreadId, InterlockedDecrement, CreateMutexA, GetLastError, OutputDebugStringA, DeleteFileW, CopyFileW, ExpandEnvironmentStringsA, GetVersionExA, CloseHandle, OpenProcess, GetExitCodeProcess, TerminateProcess, MultiByteToWideChar, Sleep, GetDiskFreeSpaceExW, GetDriveTypeW, WaitForSingleObject, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LoadLibraryA, GetProcAddress, FreeLibrary, GetModuleHandleA, GetCurrentProcess, GetPrivateProfileSectionW, MoveFileW, WritePrivateProfileStringW, InterlockedIncrement, VirtualFree, HeapCreate, HeapDestroy, GetOEMCP, GetACP, GetCPInfo, UnhandledExceptionFilter, TlsGetValue, SetLastError, TlsAlloc, RaiseException, ExitProcess, GetVersion, GetStartupInfoA, HeapAlloc, HeapReAlloc, HeapFree, ExitThread, TlsSetValue, CreateThread, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetStdHandle, InterlockedExchange, RtlUnwind, GetTimeZoneInformation, GetLocalTime
> USER32.dll: GetWindowLongA, SetTimer, SetWindowLongA, PostQuitMessage, GetClassInfoA, RegisterClassExA, ShowWindow, MessageBoxA, IsWindow, GetMessageA, DispatchMessageA, PostThreadMessageA, CharNextA, FindWindowA, IsWindowVisible, PostMessageA, LoadStringA, DefWindowProcA, KillTimer, DestroyWindow, UnregisterClassA, LoadCursorA, RegisterClassA, CreateWindowExA
> ADVAPI32.dll: StartServiceCtrlDispatcherA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExA, GetTokenInformation, OpenThreadToken, OpenProcessToken, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetLengthSid, CopySid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegEnumValueA, RegQueryInfoKeyA, RegEnumKeyExA, RegDeleteKeyA, DeleteService, CreateServiceA, RegDeleteValueA, SetServiceStatus, RegisterServiceCtrlHandlerA, RegisterEventSourceA, ReportEventA, DeregisterEventSource, OpenSCManagerA, CloseServiceHandle, OpenServiceA, ControlService, RegCloseKey
> ole32.dll: CoInitialize, CoCreateInstance, CoInitializeSecurity, CoDisconnectObject, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CoRegisterClassObject, CoRevokeClassObject, CoUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> CLSchRecordMonitor.dll: _SetCallback@CSchRecordMonitor@@QAEHPAUICallback@@@Z, __0CSchRecordMonitor@@QAE@XZ, _StopMonitorPath@CSchRecordMonitor@@QAEHXZ, _FindConflictSchedule@CSchRecordMonitor@@QAEHJJ@Z, _IsTunerAvailable@CSchRecordMonitor@@QAEHXZ, _StartMonitorPath@CSchRecordMonitor@@QAEHPBDK@Z, __1CSchRecordMonitor@@QAE@XZ

( 0 exports )

sfrem01.exe
Im ersten Teil steht bei Ergebnis immer ein -
Hier das andere:

Code:

ATTFilter

weitere Informationen
File size: 353912 bytes
MD5...: 7b1197a1a684c3fa8bea75fe4ef54443
SHA1..: d6a96926c5111f44b54beae9fea9a753fe5534fe
SHA256: da4392e4311fea99206881febe383e71154c4a451f4bec7c323702330b4fa488
SHA512: 1b139d2c0079fa0a77f9c4d26b46d1bde6d0c67a34adea02a3bda2a7217b14af
54334c93e894b7adde856a453ce596c4b5067857a6e1daefd6897924a3064e5b
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x416fc3
timedatestamp.....: 0x4461b963 (Wed May 10 09:58:59 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3578c 0x36000 6.60 156e5f7f0cfb6e39f65c54946a844685
.rdata 0x37000 0x17470 0x18000 4.71 09b879ede26eb503cb6b3559279c0aa8
.data 0x4f000 0x6898 0x5000 4.63 c0068cd204334df37e032782061f0b4d
.rsrc 0x56000 0x434 0x1000 3.76 70c8912f2a452398137f3f95ff4b4646

( 4 imports )
> KERNEL32.dll: CreateFileW, GetModuleFileNameA, CreateFileMappingA, CreateFileMappingW, CreateMutexA, CreateMutexW, GetSystemDirectoryA, GetSystemDirectoryW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetDriveTypeW, FindFirstFileA, FindFirstFileW, GetEnvironmentVariableW, GetModuleHandleW, WriteConsoleW, CreateProcessA, CreateProcessW, GetFileAttributesA, GetFileAttributesW, CreateFileA, SetFileAttributesW, DeleteFileA, DeleteFileW, CloseHandle, SystemTimeToFileTime, GetSystemTime, GetCurrentProcess, AreFileApisANSI, GetOEMCP, GetACP, FreeLibrary, GetFileSize, ReadFile, WriteFile, SetFileTime, MapViewOfFile, UnmapViewOfFile, FindClose, DeviceIoControl, GetExitCodeProcess, WaitForSingleObject, GetCommandLineA, LoadLibraryW, LoadLibraryA, GetVersionExW, GetVersionExA, ReleaseMutex, WaitForMultipleObjectsEx, QueryDosDeviceW, GetFullPathNameW, SetLastError, WideCharToMultiByte, GetCPInfo, GetModuleHandleA, GetProcAddress, LCMapStringW, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, GetTickCount, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetEnvironmentVariableA, GetStdHandle, WriteConsoleA, VirtualFree, VirtualAlloc, GetLastError, SetFileAttributesA, SetEndOfFile, RtlUnwind, RaiseException, HeapFree, HeapAlloc, GetProcessHeap, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, HeapSize, LCMapStringA, GetLocaleInfoA, HeapReAlloc, GetConsoleOutputCP, SetFilePointer, SetStdHandle, GetStringTypeA, GetStringTypeW
> USER32.dll: MessageBoxA, MessageBoxW
> ADVAPI32.dll: RegCloseKey, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegQueryValueExW, RegQueryValueExA, RegDeleteValueW, RegSetValueExW, RegSetValueExA, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExW, RegOpenKeyExA, RegCreateKeyExW, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, StartServiceW, ChangeServiceConfigW, QueryServiceConfigW, CreateServiceW, OpenServiceW, OpenSCManagerW, SetServiceStatus, CloseServiceHandle, DeleteService, ControlService
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

( 0 exports )

Die Datei netfwdsl.sys gibt es bei mir nicht. Nur ein netbios.sys, netbt.sys und ein netio.sys

Und mal so nebenbei:
Der Windows Defender meldet sich beim Systemstart nicht mehr, und der Windows Explorer will die Registrierungsdatenbank auch nicht mehr ändern.
Ist der Virus jetzt weg?

eXecutor

trojan-death · 13.07.2008, 12:54

Zitat:

Zitat von eXecutor

[b]
Und mal so nebenbei:
Der Windows Defender meldet sich beim Systemstart nicht mehr, und der Windows Explorer will die Registrierungsdatenbank auch nicht mehr ändern.
Ist der Virus jetzt weg?

eXecutor

Hast du CCleaner laufen lassen?
Bitte poste noch ein HijackThis Logfile

Aber eigentlich sollte es das gewesen sein

eXecutor · 13.07.2008, 14:58

Ja, CCleaner findet keine Fehler in der Registry mehr.

Log von HiJackThis:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:13, on 13.07.2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe
C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\eMule.de 0.48a v18\emule.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\niko2\Desktop\vundo\hijackthis+\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity totalcare\avkkid\avkcks.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity TotalCare\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVK Tuner Service - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\AVK\AVKWCtl.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10741 bytes

Wenn das jetzt alles war dann bedanke ich mich bei dir!

trojan-death · 13.07.2008, 15:23

Ok gut, wenn du keine Probleme mehr hast, sollte es das gewesen sein

pollipop5 · 14.07.2008, 12:39

Hallo! ich hab genau dasselbe problem,

[edit]

Bitte eröffne, wie jeder andere hier auch, für dein Problem einen eigenen Beitrag.
Nur so wird sichergestellt as jedem User übersichtlich und individuell geholfen werden kann.

Zitat:

Zitat von Nutzungsbedingungen beachten!

5. Beschreibe Dein Problem genau und nenne alle erforderlichen Details. Dazu gehören Dein Betriebssystem, wortgetreue Wiedergaben von Fehlermeldungen, und Pfadangaben bei Schädlingsbefall. Fehlen diese Angaben, kann Dir niemand helfen.

Danke.
Sunny
[/edit]

S01arizZ · 01.08.2008, 02:35

ahoy!
hatte fast exakt das gleiche problem!
hab die tools runtergeladen wie beschrieben laufen lassen und alles ist spitze! und 25gb mehr platz auf C:/ !
also vielen dank nochmal! ihr seid spitze! :aplaus:

[Trojan:Win32/Vundo.gen!H] Wie entferne ich ihn?

Plagegeister aller Art und deren Bekämpfung: [Trojan:Win32/Vundo.gen!H] Wie entferne ich ihn?