Trojaner-Board - Vundo.Gen + Crypt.XPACK.Gen Befall

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Vundo.Gen + Crypt.XPACK.Gen Befall (https://www.trojaner-board.de/51710-vundo-gen-crypt-xpack-gen-befall.html)

Vundo.Gen + Crypt.XPACK.Gen Befall

Habe mir gestern Trojaner eingefangen und weiß jetzt nicht was ich tun soll.
Ähnliche Themen habe ich bereits gelesen, bin aber daraus nicht wirklich schlau geworden.
Bitte um Hilfe!
Welche Daten oder Logs werden benötigt um das Problem zu beheben?

Hallo und Herzlich Willkommen

Bitte erstelle als erstes ein HIjackthis Logfile (Link ist in meiner Signatur):daumenhoc

Vielen Dank für die rasche Antwort!

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:30:40, on 20.04.2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal
 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Thomson\ST330\service\st330service.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\msinfo32.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\kbd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ht**://www.ebay.at/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=71&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=71&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: dpevflbg - {87F195A2-E583-4FE1-9649-3333E6FE1A61} - C:\Windows\dpevflbg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:de

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Hofer_FotoSuite_Download] "C:\Program Files\Hofer Foto Service\Hofer_Foto_Service\FotoSuite.exe" /autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvTllLD.dll,#1

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O13 - Gopher Prefix: 

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h**ps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} (AldiAtActiveFormX Element) - h**ps://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O21 - SSODL: wdpoefan - {59BEB489-71DA-4FE2-A30E-50A0FCD61F1F} - C:\Windows\wdpoefan.dll

O21 - SSODL: vadokmxt - {97C1DBDA-143E-42BF-A45A-45506EE45C51} - C:\Windows\vadokmxt.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 

--

End of file - 15676 bytes

Also bitte fixe als erstes folgende Einträge:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=71&bd=Pavilion &pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=71&bd=Pavilion &pf=desktop
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll,#1
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvTllLD.dll,#1
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O21 - SSODL: wdpoefan - {59BEB489-71DA-4FE2-A30E-50A0FCD61F1F} - C:\Windows\wdpoefan.dll
O21 - SSODL: vadokmxt - {97C1DBDA-143E-42BF-A45A-45506EE45C51} - C:\Windows\vadokmxt.dll
Lass bitte folgende Dateien hier online scanne und poste den Report:

C:\Windows\dpevflbg.dll
C:\Windows\system32\tuvTllLD.dll,#1
C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll,#1
C:\Windows\wdpoefan.dll
C:\Windows\vadokmxt.dll

Danach bitte auch neues Logfile posten, danke:daumenhoc

Die Einträge hab ich gefixt und die angegebenen Dateien gescannt:

Datei dpevflbg.dll empfangen 2008.04.20 20:51:48 (CET)
Status: Beendet
Ergebnis: 9/32 (28.13%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.20 ADSPY/AdSpy.Gen
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 -
AVG 7.5.0.516 2008.04.20 Downloader.Zlob.SE
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 AdWare.Vapsup.dvz (Not a Virus)
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.20 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 Win32/Pripecs!generic
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.20 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26.0 2008.04.20 AdWare.NetAdware.CW
Kaspersky 7.0.0.125 2008.04.20 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 -
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.20 Downloader.Zlob
Rising 20.40.62.00 2008.04.20 AdWare.Win32.Agent.zya
Sophos 4.28.0 2008.04.20 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 Downloader.Zlob!gen.2
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.20 Ad-Spyware.AdSpy.Gen
weitere Informationen
File size: 155648 bytes
MD5...: ca29847dc4722d79847cb3843ac30318
SHA1..: be20c0e536f0f2ca8f2a5c897cd33722c59506da
SHA256: 6655785df4e0ad22b3c2ffbf63473cf913038795fd8409d5d1587cfeb5e6733f
SHA512: 7459099f8f172910c43050c012024f2ce5500e1d287fc430c9b9aaa8f452a98e
580d9aba059dd806b70bd24b74815f18a917e0d47c340d2c8a2515b4c6439b6b
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000ac61
timedatestamp.....: 0x4809c6a0 (Sat Apr 19 10:17:04 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16539 0x17000 6.57 514c7ba15369ff7cf890fc0c8ca78915
.rdata 0x18000 0x66a5 0x7000 5.05 72fb97b9b10ca8250100b2342c66bc1f
.data 0x1f000 0x3860 0x2000 3.64 f11805ebdc0ad2dfaae98ab283c8c38b
.rsrc 0x23000 0x1d20 0x2000 4.32 c73ab0b3e6b77cb5b8aa2acc3e890b31
.reloc 0x25000 0x2512 0x3000 4.00 9843e06caa8a987be1efc576f77ffdcc

( 6 imports )
> COMCTL32.dll: ImageList_SetBkColor, ImageList_Destroy, ImageList_Create, ImageList_ReplaceIcon
> KERNEL32.dll: GetLastError, lstrcmpiW, GetModuleFileNameW, InterlockedIncrement, FreeLibrary, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, GetModuleHandleW, DisableThreadLibraryCalls, FlushInstructionCache, GetCurrentProcess, DeleteCriticalSection, SetLastError, FlushFileBuffers, CloseHandle, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, InterlockedDecrement, LoadLibraryW, GetProcAddress, GetCurrentThreadId, GetStringTypeW, GetStringTypeA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetVersionExA, InterlockedCompareExchange, HeapFree, GetProcessHeap, HeapAlloc, LoadLibraryA, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, LocalFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, HeapReAlloc, GetCommandLineA, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, HeapDestroy, HeapCreate, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, GetOEMCP, LCMapStringA, WideCharToMultiByte, LCMapStringW, Sleep, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA
> USER32.dll: GetWindowLongW, ShowWindow, CreateWindowExW, UnregisterClassA, LoadCursorW, GetClassInfoExW, GetClientRect, CharNextW, GetSysColor, CallWindowProcW, RegisterClassExW, SetWindowLongW, DefWindowProcW, DestroyWindow, IsWindow, SendMessageW
> ADVAPI32.dll: RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegDeleteKeyW
> ole32.dll: CoTaskMemFree, CoCreateInstance, StringFromGUID2, CoTaskMemAlloc, CoTaskMemRealloc
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E6AA490D00DDAB21600302484E1720008551A8D7

Datei tuvTllLD.dll empfangen 2008.04.20 20:56:47 (CET)
Status: Beendet
Ergebnis: 7/32 (21.88%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.20 -
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 -
AVG 7.5.0.516 2008.04.20 -
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 -
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.20 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.20 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26.0 2008.04.20 Trojan.Win32.Vundo.D
Kaspersky 7.0.0.125 2008.04.20 not-a-virus:AdWare.Win32.Virtumonde.pmr
McAfee 5277 2008.04.18 Vundo
Microsoft 1.3408 2008.04.20 Trojan:Win32/Vundo.gen!D
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.20 Trojan.Vundo
Rising 20.40.62.00 2008.04.20 Trojan.Win32.VUNDO.bct
Sophos 4.28.0 2008.04.20 Mal/Generic-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.20 -
weitere Informationen
File size: 38400 bytes
MD5...: 17429758849bb0b25b4d3058a6650716
SHA1..: 75c4aea9b998fc66eef833447e0f0d8d87f95371
SHA256: cab40b27e0b26f0a844cb33a89cb58912ced5ecb25d860cd0c8b8c656113e3b8
SHA512: 5ee17c61ff738f55e1f4de16a479a890c74e073e715029d998f409bbf5a077e5
fb835042c5aac2647ac819ee74e616572d717d92767598b1239a6acec9cf9e25
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100051a8
timedatestamp.....: 0x51177b30 (Sun Feb 10 10:49:20 2013)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4600 7.24 52d72ddae97ee3816d0a1dea3ef7acdd
.data 0x1f000 0x5000 0x4200 7.97 108cba9202cdd8cc0012cdea5eb524ce
.rdata 0x24000 0x1000 0x400 5.84 fc23e9c096e341bb54f1cfd2d8ed4bd4
.idata 0x25000 0x1000 0x600 3.18 557d9fc65551684114193a3f82c76b16

( 3 imports )
> user32.dll: ShowWindow, ShowOwnedPopups, ShowCursor, OffsetRect, LoadIconA, LoadAcceleratorsA, GetMenu, DrawCaption, CreateCursor, CopyImage
> kernel32.dll: TlsSetValue, lstrcatA, VirtualAlloc, UnmapViewOfFile, GetVersionExA, GetFileSize, GetDateFormatA, ExitThread, lstrcpyA
> oleaut32.dll: OleIconToCursor, OleLoadPicture, OleLoadPicturePath, RevokeActiveObject, SafeArrayAllocData, SafeArrayDestroy, VarBstrCat, VarBstrCmp, ClearCustData

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=95FD8B9C003BFDA39618003F70B944005C1EDEA3

Datei ssqOGwTl.dll empfangen 2008.04.20 21:00:18 (CET)
Status: Beendet
Ergebnis: 7/32 (21.88%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.20 -
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 -
AVG 7.5.0.516 2008.04.20 -
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 -
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.20 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.20 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26 2008.04.20 Trojan.Win32.Vundo.D
Kaspersky 7.0.0.125 2008.04.20 not-a-virus:AdWare.Win32.Virtumonde.pmr
McAfee 5277 2008.04.18 Vundo
Microsoft 1.3408 2008.04.20 Trojan:Win32/Vundo.gen!D
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.20 Trojan.Vundo
Rising 20.40.62.00 2008.04.20 Trojan.Win32.VUNDO.bct
Sophos 4.28.0 2008.04.20 Mal/Generic-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.20 -
weitere Informationen
File size: 38400 bytes
MD5...: 17429758849bb0b25b4d3058a6650716
SHA1..: 75c4aea9b998fc66eef833447e0f0d8d87f95371
SHA256: cab40b27e0b26f0a844cb33a89cb58912ced5ecb25d860cd0c8b8c656113e3b8
SHA512: 5ee17c61ff738f55e1f4de16a479a890c74e073e715029d998f409bbf5a077e5
fb835042c5aac2647ac819ee74e616572d717d92767598b1239a6acec9cf9e25
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100051a8
timedatestamp.....: 0x51177b30 (Sun Feb 10 10:49:20 2013)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4600 7.24 52d72ddae97ee3816d0a1dea3ef7acdd
.data 0x1f000 0x5000 0x4200 7.97 108cba9202cdd8cc0012cdea5eb524ce
.rdata 0x24000 0x1000 0x400 5.84 fc23e9c096e341bb54f1cfd2d8ed4bd4
.idata 0x25000 0x1000 0x600 3.18 557d9fc65551684114193a3f82c76b16

( 3 imports )
> user32.dll: ShowWindow, ShowOwnedPopups, ShowCursor, OffsetRect, LoadIconA, LoadAcceleratorsA, GetMenu, DrawCaption, CreateCursor, CopyImage
> kernel32.dll: TlsSetValue, lstrcatA, VirtualAlloc, UnmapViewOfFile, GetVersionExA, GetFileSize, GetDateFormatA, ExitThread, lstrcpyA
> oleaut32.dll: OleIconToCursor, OleLoadPicture, OleLoadPicturePath, RevokeActiveObject, SafeArrayAllocData, SafeArrayDestroy, VarBstrCat, VarBstrCmp, ClearCustData

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=95FD8B9C003BFDA39618003F70B944005C1EDEA3

Datei wdpoefan.dll empfangen 2008.04.20 21:06:54 (CET)
Status: Beendet
Ergebnis: 9/30 (30%)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.20 ADSPY/Agent.PB
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 Win32:Agent-LTS
AVG 7.5.0.516 2008.04.20 Downloader.Adload.FR
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 -
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.20 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 Win32/Pripecs!generic
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26 2008.04.20 AdWare.Agent.PB
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 Trojan:Win32/Zlob.AI
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.20 Downloader.Adload.EC
Rising 20.40.62.00 2008.04.20 -
Sophos 4.28.0 2008.04.20 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 suspected of Downloader.Zlob.5 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.20 Ad-Spyware.Agent.PB
weitere Informationen
File size: 233472 bytes
MD5...: 0a02e3b6c3db3c9b5778aeff81e554eb
SHA1..: c391b6eecac5c8a443f4c2a2447a24834e9d5c89
SHA256: 8a43e3885970fcabb5aad755c29368875d638aa3f0e43cea66776823f04607cb
SHA512: 27b87ef44f4cb5ca56488b6f65dd14805fa6db8fbc988c9ae41e842531abfa6e
c3ff3054b38f2c603de02b5ac39a9b8dcc5a4a7fd3310fcdfb67a6b74e6d35ba
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100107da
timedatestamp.....: 0x4809c39d (Sat Apr 19 10:04:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c534 0x2d000 6.56 fbf0c97aae0b2f70a0c9c72fb35b8bab
.data 0x2e000 0x3160 0x2000 2.42 e99df4495b60c72633a00cf3388cb53f
.rsrc 0x32000 0x51e0 0x6000 4.10 d82217261329aefffa92eba4faa7e2bd
.reloc 0x38000 0x2362 0x3000 3.93 653624419784c84abbf5f150fadb74f4

( 5 imports )
> KERNEL32.dll: CreateDirectoryW, MoveFileW, WaitForSingleObject, Sleep, FindFirstFileW, FindClose, GetProcAddress, LoadLibraryW, GetLastError, MultiByteToWideChar, CloseHandle, SetFilePointer, SystemTimeToFileTime, GetFileAttributesW, ReadFile, GetCurrentDirectoryW, LocalFileTimeToFileTime, WideCharToMultiByte, SetFileTime, SetEndOfFile, WriteFile, CreateFileW, lstrcpynW, GetSystemTime, GetLocaleInfoA, FindNextFileW, FileTimeToSystemTime, FileTimeToLocalFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetProcessHeap, RaiseException, RtlUnwind, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetConsoleCP, GetConsoleMode, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, GetModuleFileNameA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetTimeZoneInformation, HeapSize, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetEnvironmentVariableW, LoadLibraryA, InitializeCriticalSection, SetStdHandle, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetStringTypeA, GetStringTypeW, CreateFileA
> USER32.dll: MessageBoxW, GetDesktopWindow, GetWindow
> ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW
> ole32.dll: CoInitialize
> SHLWAPI.dll: SHDeleteKeyW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=856B8602005F1778902403691417C0005C6DA06D

Datei vadokmxt.dll empfangen 2008.04.20 21:28:45 (CET)
Status: Beendet
Ergebnis: 10/32 (31.25%)
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.20 ADSPY/AdSpy.Gen
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 -
AVG 7.5.0.516 2008.04.20 Downloader.Adload.FS
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 -
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.20 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 Win32/Pripecs!generic
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.20 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26.0 2008.04.20 AdWare.NetAdware.S
Kaspersky 7.0.0.125 2008.04.20 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 Trojan:Win32/Zlob.AI
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.20 Trojan.Vundo
Rising 20.40.62.00 2008.04.20 Trojan.DL.Win32.QQHelper.bdp
Sophos 4.28.0 2008.04.20 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 Downloader.Zlob!gen.2
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 suspected of Downloader.Zlob.8
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.20 Ad-Spyware.AdSpy.Gen
weitere Informationen
File size: 200704 bytes
MD5...: 49d148c08fa97be80849308a4fd71375
SHA1..: 7416535b02c47e50d287e79ae3b7d65a5056cb23
SHA256: c9ac052815a1abbfaac9eef594c27ebbb2c3e93f1c024b4824323da89af8b4cd
SHA512: e37051afcc98d5a10fabb56bf02cff812176d84d0b8fef6a9c0fa27faaec3a39
835e4218a61a75bf402c438e6e1e927c1b583ca5dac8fa91b0bb50955be6fae2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000d50a
timedatestamp.....: 0x4809c195 (Sat Apr 19 09:55:33 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x290ee 0x2a000 6.45 9db567b6ce7d3bb747c777f27ef17229
.data 0x2b000 0x2e84 0x2000 1.57 f4c056b9154b258f550051ded7e6ca8d
.rsrc 0x2e000 0x10 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.reloc 0x2f000 0x23ce 0x3000 3.89 e0638daa5ef77f80e973c58ee347dda1

( 4 imports )
> KERNEL32.dll: Sleep, GetLastError, CloseHandle, GetSystemTime, CreateEventW, WaitForSingleObject, MultiByteToWideChar, LoadLibraryW, SystemTimeToFileTime, GetFileAttributesW, CreateFileW, ReadFile, GetCurrentDirectoryW, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, GetProcAddress, FindClose, SetFilePointer, FindFirstFileW, SetEndOfFile, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetProcessHeap, RaiseException, RtlUnwind, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetConsoleCP, GetConsoleMode, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, GetModuleFileNameA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetEnvironmentVariableW, LoadLibraryA, InitializeCriticalSection, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, CreateFileA
> ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW
> ole32.dll: CoInitialize
> SHLWAPI.dll: SHDeleteKeyW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E3C799B100227EF2108703DEBDA201009575193F

Neues Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:06:16, on 20.04.2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal
 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Thomson\ST330\service\st330service.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\kbd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.ebay.at/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: dpevflbg - {87F195A2-E583-4FE1-9649-3333E6FE1A61} - C:\Windows\dpevflbg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:de

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Hofer_FotoSuite_Download] "C:\Program Files\Hofer Foto Service\Hofer_Foto_Service\FotoSuite.exe" /autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix: 

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h**ps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} (AldiAtActiveFormX Element) - h**ps://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 

--

End of file - 14893 bytes

Also bitte lade dir KillBox (in meiner Signatur) und lösche die infizierten Dateien "on reboot":daumenhoc

Lade dir auch dieses Tool und lasse es laufen.

Dann bitte noch diese Einträge fixen:

O3 - Toolbar: dpevflbg - {87F195A2-E583-4FE1-9649-3333E6FE1A61} - C:\Windows\dpevflbg.dll
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll,#1

Nun auch nochmals ein neues Hijackthis Logfile:daumenhoc

Welche Dateien sind die infizierten? Die hier?:
C:\Windows\dpevflbg.dll
C:\Windows\system32\tuvTllLD.dll,#1
C:\Users\GRUBWI~1\AppData\Local\Temp\ssqOGwTl.dll, #1
C:\Windows\wdpoefan.dll
C:\Windows\vadokmxt.dll

Also, die infizierten Datein hab ich gelöscht.

Bei dem VundoFix hat er gemeldet, dass er nichts gefunden hat.

Den 1. Eintrag hab ich gefixt, aber der 2. war nicht vorhanden.

Hier das neue Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:11:55, on 21.04.2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal
 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Thomson\ST330\service\st330service.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\kbd.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Windows\system32\svchost.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\sdclt.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.ebay.at/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:de

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Hofer_FotoSuite_Download] "C:\Program Files\Hofer Foto Service\Hofer_Foto_Service\FotoSuite.exe" /autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GRUBWI~1\AppData\Local\Temp\vtUmMcyx.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix: 

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h**ps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} (AldiAtActiveFormX Element) - h**ps://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 

--

End of file - 14728 bytes

Bitte lade dir Filelist lass es laufen, danach wird sich ein Editor öffnen, bitte den gesamten inhalt posten.

Bitte scanne noch diese Datei online:
C:\Users\GRUBWI~1\AppData\Local\Temp\vtUmMcyx.dll,#1
Wie es aussieht wird die Datei von rundll32.exe ausgeführt...

Wenn du diese Seite nicht kennst bitte fixen:

O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} (AldiAtActiveFormX Element) - h**ps://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab

Bitte lade dir Malwarebytes (signatur) lasse es laufen, lösche alles gefundene und poste den Report bitte.:daumenhoc

Das mit Filelist klappt nicht. Da steht "not supported windows version". Kann es damit zu tun haben, weil ich Vista hab?

Die gescannte Datei:

Datei vtUmMcyx.dll empfangen 2008.04.21 20:08:38 (CET)
Status: Beendet

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.22.0 2008.04.21 -
AntiVir 7.8.0.8 2008.04.21 ADSPY/Virtumonde.pmr
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.21 -
AVG 7.5.0.516 2008.04.21 -
BitDefender 7.2 2008.04.21 -
CAT-QuickHeal 9.50 2008.04.21 AdWare.Virtumonde.pmr (Not a Virus)
ClamAV 0.92.1 2008.04.21 -
DrWeb 4.44.0.09170 2008.04.21 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5720 2008.04.21 -
Ewido 4.0 2008.04.21 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.21 -
FileAdvisor 1 2008.04.21 -
Fortinet 3.14.0.0 2008.04.21 -
Ikarus T3.1.1.26 2008.04.21 Trojan.Win32.Vundo.D
Kaspersky 7.0.0.125 2008.04.21 not-a-virus:AdWare.Win32.Virtumonde.pmr
McAfee 5277 2008.04.18 Vundo
Microsoft 1.3408 2008.04.21 Trojan:Win32/Vundo.gen!D
NOD32v2 3043 2008.04.21 Win32/Adware.Virtumonde
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 -
Prevx1 V2 2008.04.21 Trojan.Vundo
Rising 20.41.02.00 2008.04.21 Trojan.Win32.VUNDO.bct
Sophos 4.28.0 2008.04.21 Mal/Generic-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.21 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.21 -
Webwasher-Gateway 6.6.2 2008.04.21 Ad-Spyware.Virtumonde.pmr
weitere Informationen
File size: 38400 bytes
MD5...: 17429758849bb0b25b4d3058a6650716
SHA1..: 75c4aea9b998fc66eef833447e0f0d8d87f95371
SHA256: cab40b27e0b26f0a844cb33a89cb58912ced5ecb25d860cd0c8b8c656113e3b8
SHA512: 5ee17c61ff738f55e1f4de16a479a890c74e073e715029d998f409bbf5a077e5
fb835042c5aac2647ac819ee74e616572d717d92767598b1239a6acec9cf9e25
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100051a8
timedatestamp.....: 0x51177b30 (Sun Feb 10 10:49:20 2013)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4600 7.24 52d72ddae97ee3816d0a1dea3ef7acdd
.data 0x1f000 0x5000 0x4200 7.97 108cba9202cdd8cc0012cdea5eb524ce
.rdata 0x24000 0x1000 0x400 5.84 fc23e9c096e341bb54f1cfd2d8ed4bd4
.idata 0x25000 0x1000 0x600 3.18 557d9fc65551684114193a3f82c76b16

( 3 imports )
> user32.dll: ShowWindow, ShowOwnedPopups, ShowCursor, OffsetRect, LoadIconA, LoadAcceleratorsA, GetMenu, DrawCaption, CreateCursor, CopyImage
> kernel32.dll: TlsSetValue, lstrcatA, VirtualAlloc, UnmapViewOfFile, GetVersionExA, GetFileSize, GetDateFormatA, ExitThread, lstrcpyA
> oleaut32.dll: OleIconToCursor, OleLoadPicture, OleLoadPicturePath, RevokeActiveObject, SafeArrayAllocData, SafeArrayDestroy, VarBstrCat, VarBstrCmp, ClearCustData

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=95FD8B9C003BFDA39618003F70B944005C1EDEA3

Die angegebene Seite kenn ich, soll ich sie trotzdem fixen?

Malwarebytes läuft gerade.

Zitat:

Zitat von blaueraffe (Beitrag 334486)

Das mit Filelist klappt nicht. Da steht "not supported windows version". Kann es damit zu tun haben, weil ich Vista hab?

Genau damit hat es zu tun;) BataAlexander hat mich auch gleich drauf angewiesen:bussi:

Vistafindbat

- download von VistaFindbat. zip auf Deinen desktop
- öffne mit einem doppelklick die zip datein
- starte mit einem rechtsklick auf die datei vistafind.bat (als administrator starten) das stapelverarbeitungsprogramm
- Dein bevorzugtes textverarbeitungsprogramm wird sich öffnen
- markiere den inhalt und füge in hier im forum in deinem beitrag ein.
wichtig: logfile bitte im tag (das Raute Symbol) posten
- formatiere nun Deinen beitrag vor dem speichern, in dem du alle texte, die ein älteres datum besitzen, als die letzten 30 tage, aus der liste löscht

das sind alle verzeichnisse, die mit dieserVistaFind.bat ausgelesen werden. Verzeichnis von C:\
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\WINDOWS\system
Verzeichnis von C:\WINDOWS\system32 --> von hier bitte alles posten
Verzeichnis von C:\USER\Name\Temp
Verzeichnis von C:\WINDOWS\Prefetch
Verzeichnis von C:\WINDOWS\tasks
Verzeichnis von C:\USER\Name\Temp
Verzeichnis von C:\Program Files\ --> hier alles posten
lösche die datei vistafind.txt

Wenn du die Seite kennst ist es nicht nötig;)
Bitte benütze mal diese Tool hier.

Code:

Verzeichnis von C:\Windows\system32
 

21.04.2008  19:43             3.584 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

21.04.2008  19:43             3.584 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

20.04.2008  12:09           609.944 perfh009.dat

20.04.2008  12:09           103.726 perfc009.dat

20.04.2008  12:09           641.106 perfh007.dat

20.04.2008  12:09           116.500 perfc007.dat

20.04.2008  12:09         1.461.736 PerfStringBackup.INI

19.04.2008  19:14            38.400 qoMdBRJA.dll

10.04.2008  09:55           774.056 FNTCACHE.DAT

06.04.2008  07:56        19.836.024 mrt.exe

31.03.2008  23:25           161.096 DivXCodecVersionChecker.exe

31.03.2008  23:25           823.296 divx_xx0c.dll

31.03.2008  23:25           823.296 divx_xx07.dll

31.03.2008  23:25           831.488 divx_xx0a.dll

31.03.2008  23:25           802.816 divx_xx11.dll

31.03.2008  23:25           682.496 DivX.dll

26.03.2008  02:52            73.728 ElbyVCD.dll

24.03.2008  21:45           630.784 divxdec.ax

21.03.2008  22:30             4.816 divxsm.tlb

21.03.2008  22:30            10.152 dsm_de.qm

21.03.2008  22:30           524.288 DivXsm.exe

21.03.2008  22:30         3.596.288 qt-dx331.dll

21.03.2008  22:30         1.044.480 libdivx.dll

21.03.2008  22:30           200.704 ssldivx.dll

21.03.2008  22:28           196.608 dtu100.dll

21.03.2008  22:28               416 dpl100.dll.manifest

21.03.2008  22:28            81.920 dpl100.dll

21.03.2008  22:28               416 dtu100.dll.manifest

21.03.2008  22:28             3.051 dtu_de.qm

21.03.2008  22:28            53.248 dpuGUI10.dll

21.03.2008  22:28           294.912 dpu11.dll

21.03.2008  22:28            57.344 dpv11.dll

21.03.2008  22:28           294.912 dpu10.dll

21.03.2008  22:28           593.920 dpuGUI11.dll

21.03.2008  22:28           344.064 dpus11.dll

21.03.2008  22:28            12.288 DivXWMPExtType.dll

21.03.2008  22:28             8.523 dpude.qm

20.03.2008  18:06         1.480.232 LegitCheckControl.DLL

Code:

Verzeichnis von C:\Program Files
 

21.04.2008  20:09    <DIR>          .

21.04.2008  20:09    <DIR>          ..

11.02.2008  16:00    <DIR>          Adobe

17.12.2007  19:10    <DIR>          AGEIA Technologies

08.10.2007  15:54    <DIR>          Animake

21.04.2008  15:07    <DIR>          AntiVir PersonalEdition Classic

05.10.2007  15:15    <DIR>          Apple Software Update

08.01.2007  12:04    <DIR>          ATI

08.01.2007  12:04    <DIR>          ATI Technologies

20.03.2008  16:01    <DIR>          Azureus

08.02.2007  17:10    <DIR>          BearShare Applications

29.03.2008  16:29    <DIR>          Bluefish Games

04.09.2007  16:52    <DIR>          Cbsinstall

22.03.2008  19:11    <DIR>          Common Files

08.02.2007  19:26    <DIR>          CoPilot

04.12.2007  21:59    <DIR>          CrossADe

19.01.2008  16:31    <DIR>          Datel

01.04.2008  17:21    <DIR>          Dekovir.com

16.04.2008  18:21    <DIR>          DivX

20.10.2007  16:44    <DIR>          DVD Rip Master

11.03.2008  21:31    <DIR>          DVDVideoSoft

04.02.2007  10:20    <DIR>          EA GAMES

16.04.2008  17:09    <DIR>          Elaborate Bytes

22.03.2008  19:22    <DIR>          Electronic Arts

06.09.2007  15:07    <DIR>          Google

15.12.2007  17:16    <DIR>          Hewlett-Packard

17.08.2007  18:38    <DIR>          Hofer Foto Service

17.08.2007  18:38    <DIR>          Hofer Fotobuch und Kalender Druck Service

15.12.2007  17:16    <DIR>          HP

08.01.2007  12:06    <DIR>          Intel

10.04.2008  09:50    <DIR>          Internet Explorer

23.03.2008  19:36    <DIR>          iPod

11.03.2008  22:01    <DIR>          iPod(37)

23.03.2008  19:36    <DIR>          iTunes

11.03.2008  22:02    <DIR>          iTunes(38)

22.03.2008  19:11    <DIR>          Jasc Software Inc

12.02.2008  11:24    <DIR>          Java

08.01.2007  12:04    <DIR>          MainConcept

21.04.2008  20:10    <DIR>          Malwarebytes' Anti-Malware

29.01.2008  16:03    <DIR>          Microsoft CAPICOM 2.1.0.2

02.11.2006  14:37    <DIR>          Microsoft Games

14.09.2007  14:12    <DIR>          Microsoft Office

04.02.2007  16:57    <DIR>          Microsoft Visual Studio

04.02.2007  16:57    <DIR>          Microsoft Works

04.02.2007  16:57    <DIR>          Microsoft.NET

22.02.2007  18:42    <DIR>          mobile PhoneTools

23.06.2007  19:43    <DIR>          Mobile Video Converter

08.01.2007  20:52    <DIR>          Movie Maker

16.02.2008  16:12    <DIR>          Mozilla Firefox

02.11.2006  14:37    <DIR>          MSBuild

02.11.2006  14:37    <DIR>          MSN

03.02.2007  17:33    <DIR>          MSXML 4.0

30.10.2007  17:00    <DIR>          Nero

11.02.2007  17:00    <DIR>          Nokia

29.01.2008  16:10    <DIR>          Norton Security Scan

08.01.2007  12:13    <DIR>          Online-Dienste

08.01.2007  12:20    <DIR>          PC-Doctor 5 for Windows

04.02.2007  12:31    <DIR>          phase5

04.04.2008  09:43    <DIR>          Picasa2

17.03.2008  13:36    <DIR>          QuickTime

11.03.2008  22:00    <DIR>          QuickTime(47)

29.03.2008  17:42    <DIR>          Real

08.01.2007  12:05    <DIR>          Realtek

02.11.2006  14:37    <DIR>          Reference Assemblies

29.03.2008  17:41           774.144 RngInterstitial.dll

08.01.2007  12:08    <DIR>          Roxio

23.03.2008  19:38    <DIR>          Safari

11.03.2007  13:38    <DIR>          Sony

11.03.2007  13:13    <DIR>          Sony Corporation

21.04.2008  15:27    <DIR>          Spyware Doctor

04.04.2007  11:26    <DIR>          Steinberg

23.03.2007  21:39    <DIR>          Thomson

20.04.2008  11:39    <DIR>          Trend Micro

06.05.2007  13:18    <DIR>          TuneUp Utilities 2007

01.04.2008  17:12    <DIR>          WildGames

30.08.2007  11:42    <DIR>          Windows Calendar

08.01.2007  20:52    <DIR>          Windows Collaboration

13.04.2007  09:07    <DIR>          Windows Defender

08.01.2007  20:52    <DIR>          Windows Journal

28.01.2008  19:17    <DIR>          Windows Live

10.04.2008  09:50    <DIR>          Windows Mail

11.10.2007  07:50    <DIR>          Windows Media Player

03.02.2007  17:19    <DIR>          Windows NT

08.01.2007  20:52    <DIR>          Windows Photo Gallery

10.01.2008  09:28    <DIR>          Windows Sidebar

21.03.2008  17:40    <DIR>          WinRAR

07.02.2007  18:29    <DIR>          WinZip

25.12.2007  12:08    <DIR>          Xilisoft

21.03.2008  17:15    <DIR>          Xvid

               1 Datei(en),        774.144 Bytes

              88 Verzeichnis(se), 144.982.761.472 Bytes frei

Wo kann ich die Datei vistafind.txt löschen? Ich find die nicht.

Report von Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.11

Datenbank Version: 666
 

Scan Art: Komplett Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)

Objekte gescannt: 229167

Scan Dauer: 1 hour(s), 54 minute(s), 56 second(s)
 

Infizierte Speicher Prozesse: 0

Infizierte Speicher Module: 1

Infizierte Registrierungsschlüssel: 8

Infizierte Registrierungswerte: 2

Infizierte Datei Objekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 13
 

Infizierte Speicher Prozesse:

(Keine Malware Objekte gefunden)
 

Infizierte Speicher Module:

c:\Users\***\AppData\Local\Temp\vtUmMcyx.dll (Trojan.Vundo) -> Unloaded module successfully.
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\CLSID\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6d422996-4f55-407c-828e-059d2c312f5e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{6d1e583a-d2aa-4aca-ace8-451f73c609f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dpevflbg.bvst (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dpevflbg.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{87f195a2-e583-4fe1-9649-3333e6fe1a61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Quarantined and deleted successfully.
 

Infizierte Datei Objekte der Registrierung:

(Keine Malware Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine Malware Objekte gefunden)
 

Infizierte Dateien:

c:\Users\grubwieser\AppData\Local\Temp\vtUmMcyx.dll (Trojan.Vundo) -> Delete on reboot.

C:\!KillBox\tuvTllLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\!KillBox\tuvTllLD.dll( 2) (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\iifcCutq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tmp0000c7ef (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tmp0000e0eb (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tmp0000e493 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tmp0000e58d (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tmp0000e703 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\***\AppData\Local\Temp\tuvVLdBr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\olgdqarf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\qoMdBRJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\wxvgsdbq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ich bekomme jetzt immer eine Fehlermeldung wenn ich den PC hochfahre:
http://img72.imageshack.us/img72/5093/fehlerqg1.jpg