Hilfe bei TR/Vundo und TR/Crypt.XPACK

Ank · 25.08.2008, 01:57

hallo zusammen!

ich bräuchte eure hilfe beim löschen der trojanischen pferden : TR/Vundo.Gen und TR/Crypt.XPACK.Gen
Jedesmal wenn der pc hochfährt,jedesmal wenn ich das netz aktiviere,jedesmal wenn ich den explorer öffne...naja...fast die ganze zeit meldet sich AntiVir,aber löschbar sind die beiden so jedenfalls mal nicht.Habe hier gelesen das man HijackThis sich holen soll eine list machen soll und es hier dann posten soll.Die profis unter euch werden wahrscheinlich noch mehr schädlinge finden,denke ich mal.
naja...ich versuche es dann mal...hier die list :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:54:48, on 25.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE12.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Steganos Safe 8\SAFE8.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe -auto
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [dmknx.exe] C:\WINDOWS\system32\dmknx.exe
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -boot
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [888 Updater] "C:\PROGRA~1\CASINO~1\888 Updater\888updater.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KVG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\yahoo.2\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\yahoo.2\MESSEN~1\YPager.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124799663718
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A904053-9AB6-4A37-A564-5A59FB368201}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{964D4A1C-C446-4DE6-9FFA-7F9E798BEF50}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{97B4746F-3563-47D4-8BEC-13C161DF5234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: 76.dll
O22 - SharedTaskScheduler: uj38ehfh7efefefds98jkefn - {C5AF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\djfgj93jkd.dll (file missing)
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virtual Memory Protector - Unknown owner - C:\DOKUME~1\BLACKS~1\LOKALE~1\Temp\kb2499200.exe (file missing)

--
End of file - 13301 bytes

undoreal · 25.08.2008, 08:57

Halli hallo Ank

Wo wird der Trojaner gefunden? Es ist sehr wichtig, dass du so postest wie es in den NUBs steht..
Die genauen Pfadangaben sind wichtig. Der AntiVir Bericht würde uns am meisten Aufschluss geben..

Ank · 25.08.2008, 15:31

hallo,dachte ich mir das ich was vergessen hatte

also ....
In der Datei 'C:\WINDOWS\system32\tuvsrpqq.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

und

In der Datei 'C:\WINDOWS\system32\ssqNHaYS.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

undoreal · 25.08.2008, 15:38

Dankeschön.

Um alle weiteren Hilfeleistungen zu erleichtern und deine Systemsicherheit zu erhöhen arbeite bitte folgendes gründlich ab:

Software Updates aller installierten Programme auf die neueste Version (Secunia PSI kann hier wertvolle Hilfe leisten).
.
Update der Viren-Signaturen deines Anti-Viren Programmes.
.
Treiberupdate der Hardware (Grafikkarte, Soundkarte).
.
Windows Update -> Der Frischmacher.
.
Installation des aktuellen ServicePacks:
- XP_ ServicePack3
- Vista_ ServicePack1
.
Vernünftige Ordneransicht -> Einstellungen.
.
Abschalten unnötiger Dienste:
- XP_ dingens.org
- Vista_ TechNET
.
Firewall aktivieren: (Wenn beim installiertem AV-Prog eine Firewall dabei ist so kann diese verwendet werden!)
- XP_ Firewall
- Vista_ Firewall
.
Internetoptionen sicher gestallten: Start->Systemsteuerung->Internetoptionen
- Sicherheit: -> höchste Stufe
- Datenschutz: -> alle Cookies blockieren
Nutze nicht den MS-InternetExplorer sondern einen alternativen Browser wie FireFox, Opera o.ä..
.
Räume mit cCleaner auf; Punkte 1&2.
.
Oben genannte Konfigurationen sind grundlegend wichtig! Führe sie also gewissenhaft durch und poste wenn es zu Problemen gekommen ist die du nicht selbstständig mit Hilfe der Boardsuche, Google oder Freunden lösen konntest.

Häufig gestellte Fragen: XP | Vista

Folge bitte dieser Anleitung. Schritte 1 und 2 durchführen. (1.Suche - 2.Bereinigung) Wiederhole diese Schritte so oft bis nichts mehr gefunden wird!

Danach führe dieses Tool im abgesicherten Modus aus.

Poste bitte die logs von VF, VBG und CF sowie ein frisches HijackThis logfile.

Ank · 25.08.2008, 20:53

so,erstmal dankeschön für die anleitung!

zur info,mein virenscanner schlägt nicht mehr an,nachdem ich alle punkte durchgegangen bin.Aber wärendem schlug er bestimmt 200X an

logfiles kann ich nur von VirtumundoBeGone & Hijackthis geben,von den anderen beiden,sprich Vundofix & CCleaner weiß ich nicht wie oder wo ich ne logfile erstellen soll.War aber beim zweiten mal alles positiv.

....................Hijackthis.................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49, on 2008-08-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE12.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Steganos Safe 8\SAFE8.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\Secunia\PSI (RC3)\psi.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1A75F101-126E-46A3-97B1-91A96D161C15} - (no file)
O2 - BHO: (no name) - {3DAD782B-D538-4501-BCD6-BED957BF5880} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {74800AC7-32DD-4578-BFCA-4D1ACA0F2AB0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O2 - BHO: (no name) - {FD4BC596-FC84-4161-AA97-3D917783FEA6} - (no file)
O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -boot
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SAFE8] "C:\Programme\Steganos Safe 8\SAFE8.exe" -firstboot (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Programme\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KVG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124799663718
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219681154750
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A904053-9AB6-4A37-A564-5A59FB368201}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{964D4A1C-C446-4DE6-9FFA-7F9E798BEF50}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{97B4746F-3563-47D4-8BEC-13C161DF5234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvsrpqq - tuvsrpqq.dll (file missing)
O22 - SharedTaskScheduler: uj38ehfh7efefefds98jkefn - {C5AF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe

--
End of file - 14153 bytes

..............VirtumundoBeGone..................

[08/25/2008, 21:10:31] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Blackscorpion\Desktop\VirtumundoBeGone.exe" )
[08/25/2008, 21:10:40] - Detected System Information:
[08/25/2008, 21:10:40] - Windows Version: 5.1.2600, Service Pack 3
[08/25/2008, 21:10:40] - Current Username: Blackscorpion (Admin)
[08/25/2008, 21:10:40] - Windows is in SAFE mode with Networking.
[08/25/2008, 21:10:40] - Searching for Browser Helper Objects:
[08/25/2008, 21:10:40] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} ()
[08/25/2008, 21:10:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:40] - No filename found. Continuing.
[08/25/2008, 21:10:40] - BHO 2: {1A75F101-126E-46A3-97B1-91A96D161C15} ()
[08/25/2008, 21:10:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:40] - No filename found. Continuing.
[08/25/2008, 21:10:41] - BHO 3: {3DAD782B-D538-4501-BCD6-BED957BF5880} ()
[08/25/2008, 21:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:41] - No filename found. Continuing.
[08/25/2008, 21:10:41] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 21:10:41] - BHO 5: {74800AC7-32DD-4578-BFCA-4D1ACA0F2AB0} ()
[08/25/2008, 21:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:41] - No filename found. Continuing.
[08/25/2008, 21:10:41] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 21:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:41] - No filename found. Continuing.
[08/25/2008, 21:10:41] - BHO 7: {C5AF49A2-94F3-42BD-F434-3604812C897D} ()
[08/25/2008, 21:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:41] - No filename found. Continuing.
[08/25/2008, 21:10:41] - BHO 8: {FD4BC596-FC84-4161-AA97-3D917783FEA6} ()
[08/25/2008, 21:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 21:10:41] - No filename found. Continuing.
[08/25/2008, 21:10:41] - Finished Searching Browser Helper Objects
[08/25/2008, 21:10:41] - Finishing up...
[08/25/2008, 21:10:41] - Nothing found! Exiting...

Ank · 25.08.2008, 23:25

..mir ist ein fehler unterlaufen.

CF heißt nicht CCleaner sondern Combofix
und die logfile hab ich natürlich,hier ist sie :

ComboFix 08-08-23.03 - Blackscorpion 2008-08-25 23:53:31.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.603 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Blackscorpion\Desktop\ComboFix.exe

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_VIRTUAL_MEMORY_PROTECTOR
-------\Legacy_XPROTECTOR
-------\Service_NPF
-------\Service_Virtual Memory Protector
-------\Service_XPROTECTOR

((((((((((((((((((((((( Dateien erstellt von 2008-07-25 bis 2008-08-25 ))))))))))))))))))))))))))))))
.

2008-08-25 18:51 . 2008-04-14 07:52 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-25 18:51 . 2008-04-14 07:52 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-25 18:51 . 2008-04-14 07:27 93,184 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-25 18:51 . 2008-04-14 07:27 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-25 18:45 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-25 18:45 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-25 18:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005229_.tmp
2008-08-25 18:32 . 2008-08-25 18:32 <DIR> d-------- C:\Programme\CCleaner
2008-08-25 17:12 . 2008-08-25 17:12 <DIR> d-------- C:\Dokumente und Einstellungen\Blackscorpion\Anwendungsdaten\skypePM
2008-08-25 17:12 . 2008-08-25 17:12 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-25 17:09 . 2008-08-25 17:09 <DIR> d-------- C:\Programme\Skype
2008-08-25 17:09 . 2008-08-25 17:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-08-25 16:52 . 2008-08-25 16:52 <DIR> d-------- C:\Programme\Secunia
2008-08-25 16:33 . 2008-08-25 16:35 <DIR> d-------- C:\Programme\SPYWAREfighter
2008-08-25 16:33 . 2008-08-25 16:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Application
2008-08-25 02:34 . 2008-08-25 02:34 <DIR> d-------- C:\Programme\Trend Micro
2008-08-24 03:26 . 2008-08-24 03:26 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 21:59 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-25 21:59 --------- d-----w C:\Programme\WLAN Monitor
2008-08-25 21:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-08-25 17:08 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-08-25 16:57 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9901.sys
2008-08-25 16:14 --------- d-----w C:\Programme\IrfanView
2008-08-25 16:09 --------- d-----w C:\Programme\Java
2008-08-25 15:52 --------- d-----w C:\Programme\XnView
2008-08-25 15:51 --------- d-----w C:\Programme\Winamp
2008-08-25 15:50 --------- d-----w C:\Dokumente und Einstellungen\Blackscorpion\Anwendungsdaten\Winamp
2008-08-25 15:46 --------- d-----w C:\Programme\QuickTime
2008-08-25 15:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-08-25 15:42 --------- d-----w C:\Dokumente und Einstellungen\Blackscorpion\Anwendungsdaten\Skype
2008-08-25 15:26 --------- d-----w C:\Dokumente und Einstellungen\Blackscorpion\Anwendungsdaten\Shareaza
2008-08-25 15:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-08-24 01:02 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-08-18 21:21 --------- d-----w C:\Programme\PokerStars
2008-08-18 20:56 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-08-18 20:52 --------- d-----w C:\Programme\Gemeinsame Dateien\Teleca Shared
2008-08-18 20:49 --------- d-----w C:\Programme\Online TV Player
2008-08-18 20:46 --------- d-----w C:\Programme\WinXMedia
2008-08-18 20:45 --------- d-----w C:\Programme\Pegasys Inc
2008-08-18 20:45 --------- d-----w C:\Programme\Macrogaming
2008-08-18 20:43 --------- d-----w C:\Programme\InterVideo
2008-08-18 20:43 --------- d-----w C:\Programme\Gemeinsame Dateien\InterVideo
2008-08-18 20:41 --------- d-----w C:\Programme\Free FLV Converter
2008-08-18 20:34 --------- d-----w C:\Programme\Windows Media Bonus Pack for Windows XP
2008-08-18 20:32 --------- d-----w C:\Programme\EmpirePokerMaster
2008-08-12 17:34 --------- d-----w C:\Programme\eMCrypt v4.1
2008-07-15 21:10 --------- d-----w C:\Programme\DivX
2008-07-07 13:22 --------- d-----w C:\Programme\PartyGaming
2008-06-27 08:36 691,545 ----a-w C:\WINDOWS\unins001.exe
2007-02-07 13:33 92,064 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmmdm.sys
2007-02-07 13:33 9,232 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmmdfl.sys
2007-02-07 13:33 79,328 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmserd.sys
2007-02-07 13:33 66,656 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmbus.sys
2007-02-07 13:33 6,208 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmcmnt.sys
2007-02-07 13:33 5,936 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmwhnt.sys
2007-02-07 13:33 4,048 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\mqdmcr.sys
2007-02-07 13:33 25,600 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\usbsermptxp.sys
2007-02-07 13:33 22,768 ----a-w C:\Dokumente und Einstellungen\Blackscorpion\usbsermpt.sys
2006-03-31 16:04 774,144 ----a-w C:\Programme\RngInterstitial.dll
2004-10-01 13:00 40,960 ----a-w C:\Programme\Uninstall_CDS.exe
2003-06-03 15:49 448,256 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-06-03 15:48 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 15:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"SAFE8"="C:\Programme\Steganos Safe 8\SAFE8.exe" [2005-08-02 11:55 2056192]
"SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 20:57 40960]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:09 1211176]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"Veoh"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 18:06 3660848]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\ypager.exe" [2004-07-06 11:26 2502656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47 7311360]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-28 23:53 266497]
"SweetIM"="C:\Programme\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 20:57 40960]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"wlconfig"="C:\Programme\WLAN Monitor\wlconfig.exe" [2006-03-06 14:45 1347584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 14:47 86016]
"spywarefighterguard"="C:\Programme\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"Dit"="Dit.exe" [2004-01-29 09:31 86016 C:\WINDOWS\Dit.exe]
"nwiz"="nwiz.exe" [2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 07:52 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SAFE8"="C:\Programme\Steganos Safe 8\SAFE8.exe" [2005-08-02 11:55 2056192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=76.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.DVSD"= pdvcodec.dll
"vidc.I263"= i263_32.drv
"VIDC.VX1K"= VX1000S.DLL
"msacm.g723"= g723.acm
"msacm.imc"= imc32.acm
"aux1"= 7165321471.CPX

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\eMCrypt v4.1\\eMCrypt.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"= C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"= C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule 2
"4672:UDP"= 4672:UDP:emule 4
"4665:UDP"= 4665:UDP:emule 3
"4661:TCP"= 4661:TCP:emule 1
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-24 11:18]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-28 23:53]
R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2005-09-12 16:13]
R2 accsvc;AccSys WiFi Component;C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe [2006-01-11 11:06]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-09-30 12:13]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-09-30 12:13]
R2 SLEE_12_DRIVER;Steganos Live Encryption Engine 12 [Driver];C:\WINDOWS\system32\drivers\SLEE12.sys [2005-08-01 12:06]
R2 SLEE_12_SERVICE;Steganos Live Encryption Engine 12 [Service];C:\WINDOWS\system32\SLEE12.exe [2005-08-01 12:06]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-05 00:16]
R3 SpyFighter;SpyFighter Guard Device;C:\Programme\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Programme\SPYWAREfighter\spfprc.exe [2008-02-21 15:37]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-09-30 13:12]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-25 23:59]
S3 pfsvgae;pfsvgae;C:\DOKUME~1\BLACKS~1\LOKALE~1\Temp\pfsvgae.sys []
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 10:31]
S4 Apppotnim;Apppotnim;C:\WINDOWS\system32\drivers\rndismpx.sys [2008-04-14 00:26]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

BHO-{1A75F101-126E-46A3-97B1-91A96D161C15} - (no file)
BHO-{3DAD782B-D538-4501-BCD6-BED957BF5880} - (no file)
BHO-{74800AC7-32DD-4578-BFCA-4D1ACA0F2AB0} - (no file)
BHO-{C5AF49A2-94F3-42BD-F434-3604812C897D} - (no file)
BHO-{FD4BC596-FC84-4161-AA97-3D917783FEA6} - (no file)
HKCU-Run-PowerBar - (no file)
ShellExecuteHooks-{1A75F101-126E-46A3-97B1-91A96D161C15} - (no file)
Notify-tuvsrpqq - tuvsrpqq.dll

.
------- Zus„tzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.de/
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.arcor.de
R0 -: HKLM-Main,Start Page = hxxp://www.arcor.de
R0 -: HKLM-Main,Window Title = Arcor AG & Co. KG
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 -: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 -: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe
O9 -: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O17 -: HKLM\CCS\Interface\{3A904053-9AB6-4A37-A564-5A59FB368201}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{964D4A1C-C446-4DE6-9FFA-7F9E798BEF50}: NameServer = 192.168.1.1
O17 -: HKLM\CCS\Interface\{97B4746F-3563-47D4-8BEC-13C161DF5234}: NameServer = 208.67.220.220,208.67.222.222
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 23:59:56
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

C:\WINDOWS\system32\7165321471.CPX 110080 bytes executable
C:\WINDOWS\system32\71653214721.CPX 404 bytes
C:\WINDOWS\system32\71653214751.CPX 9087 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 3

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Secunia\PSI (RC3)\psi.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-26 0:05:20 - PC wurde neu gestartet [Blackscorpion]
ComboFix-quarantined-files.txt 2008-08-25 22:05:14

Pre-Run: 6,135,070,720 Bytes frei
Post-Run: 6,060,736,512 Bytes frei

229 --- E O F --- 2008-01-03 02:38:51

............
so...mal schauen was die profis jetzt sagen.

25.08.2008, 08:57	#2
undoreal /// AVZ-Toolkit Guru	Hilfe bei TR/Vundo und TR/Crypt.XPACK Halli hallo Ank Wo wird der Trojaner gefunden? Es ist sehr wichtig, dass du so postest wie es in den NUBs steht.. Die genauen Pfadangaben sind wichtig. Der AntiVir Bericht würde uns am meisten Aufschluss geben.. __________________ __________________

Hilfe bei TR/Vundo und TR/Crypt.XPACK

Log-Analyse und Auswertung: Hilfe bei TR/Vundo und TR/Crypt.XPACK