Trojan:'TR/Vundo.Gen' [trojan] -->LOG File

#1 Hallo,

ich habe nun mit Hijack This einen Log File erstellt, da ich seit einiger Zeit von meinem Antivirenprogramm folgende Meldung serviert bekomme:

Beim Zugriff auf Daten der URL "hxxp://89.188.16.50/css4.dl?sid=EF545C5B4F080F0F000D54585C5B515C5C4F1F545B365F3 65936585E5E59364F0A000D545C2D5D505F5D505B2C5C585F5D5E5159515 F59592C2F515A2C592C2C2F5D2D2D4F081D545C2C2C5E515E2C28592C5B5 A58582D2D285B2A59585C5B515C5C2A2F2F2F2F2F4F1E1D545E505D5A5C5 D5B5F59584F0B005458594F04061B1901000D54698601"
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.Gen' [trojan] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

Leider kann ich ausser diese Datei zu blockieren oder in die Quarantäne zu verschieben nichts machen...der Schei... Trojaner kommt immer wieder...

Daher hier meine Log Datei:
..Bitte um weitere Ratschläge...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:59, on 19.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaywUOHB.dll,#1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matthes\AppData\Local\Temp\iifcawTm.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Programme\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Programme\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA0F32-27A4-4E3B-93D6-50690DE1C5AE}: NameServer = 213.191.74.11 213.191.92.82
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Dell Energieverwaltung der internen Netzwerkkarte (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9813 bytes





Andere Log Datei die ich mit einem anderen Befehl erstellt habe (letzten Einträge):

Verzeichnis von C:\Users\Matthes\AppData\Local\Temp

19.04.2008 23:33 31.832 Matthes.bmp
19.04.2008 20:11 489 ~9E3C38.tmp
19.04.2008 19:56 81.096 Setup Log 2008-04-19 #002.txt
19.04.2008 19:45 31.953 Uninstall Log 2008-04-19 #001.txt
19.04.2008 19:37 85.357 Setup Log 2008-04-19 #001.txt
19.04.2008 19:28 3.668 cnv4BDE.tmp
19.04.2008 19:26 9.728 bassmod.dll
19.04.2008 17:15 3.668 cnvD32.tmp
19.04.2008 17:09 43 removalfile.bat
19.04.2008 17:09 38.912 tmp0000d410
19.04.2008 17:09 38.912 jkkLEusr.dll
19.04.2008 17:09 38.912 qoMdCUkH.dll
19.04.2008 17:09 38.912 tmp0000e1e5
19.04.2008 17:09 38.912 tmp0000fce4
19.04.2008 17:09 38.912 tmp000109df
19.04.2008 17:09 38.912 tmp0000b1a2
19.04.2008 17:09 38.912 tmp0000c947
19.04.2008 17:09 38.912 efcDSJBq.dll
19.04.2008 17:09 38.912 hgGyvvtt.dll
19.04.2008 17:09 38.912 iifcawTm.dll
19.04.2008 17:09 38.912 iifgEvUm.dll
19.04.2008 17:09 38.912 jkkIBRkh.dll
19.04.2008 16:57 0 aax2537.tmp
19.04.2008 16:28 0 aaxE98D.tmp
19.04.2008 16:28 0 aaxE98C.tmp
19.04.2008 16:27 0 aaxD978.tmp
19.04.2008 16:15 0 aax36B3.tmp
19.04.2008 16:15 0 aax36B2.tmp
19.04.2008 14:12 10.341.032 Azureus3.0.5.2.jar
19.04.2008 14:10 9.658 AZU28993.tmp
19.04.2008 09:55 0 aax3111.tmp
19.04.2008 09:51 1.440 wmplog03.sqm
19.04.2008 09:48 1.704 wmplog02.sqm
19.04.2008 09:42 0 aaxEB2B.tmp
19.04.2008 09:42 0 aaxEB2A.tmp
18.04.2008 12:15 0 aax4B55.tmp
18.04.2008 12:15 0 aax3C47.tmp
18.04.2008 12:15 0 aax3C46.tmp
16.04.2008 14:35 323.584 swt-win32-3430.dll
16.04.2008 10:45 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}6598.html
16.04.2008 10:21 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}29767.html
16.04.2008 10:16 16.384 ~DF65.tmp
16.04.2008 10:16 16.384 ~DFA483.tmp
16.04.2008 10:15 1.472 wmplog01.sqm
16.04.2008 10:11 1.440 wmplog00.sqm
45 Datei(en), 11.468.749 Bytes
0 Verzeichnis(se), 71.436.660.736 Bytes frei
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 609D-0F0B

Verzeichnis von C:\Windows\prefetch

20.04.2008 00:41 85.018 CONSENT.EXE-40419367.pf
20.04.2008 00:40 17.170 SEARCHFILTERHOST.EXE-44162447.pf
20.04.2008 00:40 24.724 SEARCHPROTOCOLHOST.EXE-69C456C3.pf
20.04.2008 00:40 19.276 DLLHOST.EXE-4B6CB38A.pf
20.04.2008 00:39 25.972 NOTEPAD.EXE-C5670914.pf
20.04.2008 00:38 29.174 GUARDGUI.EXE-1720FA07.pf
20.04.2008 00:38 40.884 AVWSC.EXE-D6B5E0CB.pf
20.04.2008 00:38 33.682 RUNDLL32.EXE-9F622D71.pf
20.04.2008 00:34 2.032.772 AgGlFgAppHistory.db
20.04.2008 00:34 857.822 AgGlFaultHistory.db
20.04.2008 00:34 3.346.499 AgGlGlobalHistory.db
20.04.2008 00:34 439.544 AgRobust.db
20.04.2008 00:33 192.424 FIREFOX.EXE-66015FD1.pf
20.04.2008 00:33 25.688 REALPLAY.EXE-4416B012.pf
20.04.2008 00:26 30.492 MSNTBUP.EXE-50D6C13E.pf
20.04.2008 00:18 278.822 AVSCAN.EXE-BAA9CE1B.pf
20.04.2008 00:18 151.174 UPDATE.EXE-DA8DCB0E.pf
20.04.2008 00:18 29.180 PREUPD.EXE-10BACCDF.pf
20.04.2008 00:18 60.590 DLLHOST.EXE-576CF6B2.pf
20.04.2008 00:18 19.576 DLLHOST.EXE-6389524F.pf
20.04.2008 00:18 28.964 VERCLSID.EXE-AB0FD091.pf
20.04.2008 00:08 138.360 AVCENTER.EXE-56D8D137.pf
20.04.2008 00:03 37.962 HIJACKTHIS.EXE-FE237476.pf
20.04.2008 00:02 33.566 WMIPRVSE.EXE-E8B8DD29.pf
19.04.2008 23:59 41.628 USRREQ.EXE-A515C5E1.pf
19.04.2008 23:59 58.826 CHECKT.EXE-846CBC59.pf
19.04.2008 23:54 63.056 WINRAR.EXE-BA8CDB31.pf
19.04.2008 23:50 26.128 HJTINSTALL202.EXE-5B545C27.pf
19.04.2008 23:48 37.974 TRUSTEDINSTALLER.EXE-766EFF52.pf
19.04.2008 23:48 47.618 TASKENG.EXE-35FA9C06.pf
19.04.2008 23:46 230.232 WERCON.EXE-C87ACD13.pf
19.04.2008 23:46 36.266 WERMGR.EXE-F439C551.pf
19.04.2008 23:43 21.118 SVCHOST.EXE-6A249820.pf
19.04.2008 23:43 35.070 VSSVC.EXE-6C8F0C66.pf
19.04.2008 23:42 42.344 SYSTEMPROPERTIESPROTECTION.EX-81A2FDE2.pf
19.04.2008 23:42 36.882 CONTROL.EXE-6EA5489A.pf
19.04.2008 23:42 84.994 HELPPANE.EXE-2CB7BD18.pf
19.04.2008 23:37 20.814 WMIADAP.EXE-BB21CD77.pf
19.04.2008 23:37 80.746 AVCONFIG.EXE-74169680.pf
19.04.2008 23:36 26.472 WUAUCLT.EXE-5D573F0E.pf
19.04.2008 23:35 56.130 MOBSYNC.EXE-B307E1CC.pf
19.04.2008 23:34 44.632 MSCONFIG.EXE-690F60C3.pf
19.04.2008 23:34 75.358 WMPLAYER.EXE-D7C621F8.pf
19.04.2008 23:34 23.748 PRESENTATIONSETTINGS.EXE-EF41B35E.pf
19.04.2008 23:34 1.959.526 NTOSBOOT-B00DFAAD.pf
19.04.2008 23:31 508 PfSvPerfStats.bin
19.04.2008 23:31 921.839 AgGlUAD_P_S-1-5-21-2629739097-2921562786-1002798563-1000.db
19.04.2008 23:31 1.576.510 AgGlUAD_S-1-5-21-2629739097-2921562786-1002798563-1000.db
19.04.2008 23:31 40.058 LOGONUI.EXE-F639BD7E.pf
19.04.2008 23:06 562 LPKSETUP.EXE-BFB1F34D.pf
19.04.2008 22:44 89.728 FIXVUNDO.EXE-792F0F31.pf
19.04.2008 22:43 94.406 MSIEXEC.EXE-8FFB1633.pf
19.04.2008 22:37 107.788 WERFAULT.EXE-155C56CF.pf
19.04.2008 22:34 34.790 RSTRUI.EXE-125FC252.pf
19.04.2008 22:32 27.612 WUDFHOST.EXE-DEBBE5F1.pf
19.04.2008 22:32 30.222 DWM.EXE-314E93C5.pf
19.04.2008 22:32 36.972 RASAUTOU.EXE-B4DA4129.pf
19.04.2008 22:31 75.600 ACRORD32INFO.EXE-881F0182.pf
19.04.2008 22:31 24.448 SVCHOST.EXE-46278F65.pf
19.04.2008 22:31 5.584 DRVCTL.EXE-3AB55E84.pf
19.04.2008 22:31 49.150 PCTSTRAY.EXE-FB0A9233.pf
19.04.2008 22:29 42.736 SDLOADER.EXE-86378D07.pf
19.04.2008 22:28 70.798 PCTSGUI.EXE-2F28C794.pf
19.04.2008 21:38 252.572 REGISTRYCLEANER.EXE-DDF3DE48.pf
19.04.2008 21:38 68.704 SYSTEMOPTIMIZER.EXE-4187AF51.pf
19.04.2008 21:37 94.226 ACRORD32.EXE-3302324E.pf
19.04.2008 21:37 124.554 AVNOTIFY.EXE-90ECF30F.pf
19.04.2008 21:28 121.276 DISKCLEANER.EXE-B2014E5A.pf
19.04.2008 21:28 74.778 INTEGRATOR.EXE-775581E4.pf
19.04.2008 21:23 24.618 DLLHOST.EXE-6BFBE41F.pf
19.04.2008 21:23 32.518 SOFTWAREUPDATE.EXE-9B2A9FD1.pf
19.04.2008 21:00 1.960 WSQMCONS.EXE-4048402C.pf
19.04.2008 20:41 67.966 UPDATE.EXE-FD68A370.pf
19.04.2008 20:22 18.526 USNSVC.EXE-7CCFD67D.pf
19.04.2008 20:18 36.732 SEARCHINDEXER.EXE-1CF42BC6.pf
19.04.2008 20:18 10.790 XAUDIO.EXE-E1BCA46E.pf
19.04.2008 20:18 63.654 AVMAILC.EXE-A23237A8.pf
19.04.2008 20:18 33.598 SVCHOST.EXE-4ED41433.pf
19.04.2008 20:18 6.500 SVCHOST.EXE-6E1A6101.pf
19.04.2008 20:14 125.028 BABYLON.EXE-07A1B981.pf
19.04.2008 20:08 65.932 DLLHOST.EXE-F1317CB7.pf
19.04.2008 20:08 22.872 MSASCUI.EXE-AB5A490C.pf
19.04.2008 20:07 21.276 PCTSAUXS.EXE-39136F18.pf
19.04.2008 20:07 182.580 PCTSSVC.EXE-2C93902F.pf
19.04.2008 20:01 22.680 NICCONFIGSVC.EXE-241A56DD.pf
19.04.2008 20:01 47.210 AVWEBGRD.EXE-BACC8781.pf
19.04.2008 19:58 29.136 PATCH.EXE-EDE85BA1.pf
19.04.2008 19:56 31.618 RUNDLL32.EXE-E05400D1.pf
19.04.2008 19:51 19.168 RUNDLL32.EXE-0F93BD29.pf
19.04.2008 19:51 43.744 SDSETUP.TMP-5C9A4EBE.pf
19.04.2008 19:51 27.356 SDSETUP.EXE-100917AA.pf
19.04.2008 19:50 24.292 SDSETUP.TMP-887DA417.pf
19.04.2008 19:50 89.760 AVGUARD.EXE-C6A2DB19.pf
19.04.2008 19:50 89.752 AVFWSVC.EXE-30EF5337.pf
19.04.2008 19:49 87.530 AVESVC.EXE-8B5385BF.pf
19.04.2008 19:49 66.450 SCHED.EXE-05FB87E2.pf
19.04.2008 19:49 7.700 LICMGR.EXE-7E5013FD.pf
19.04.2008 19:48 28.410 DLLHOST.EXE-A010D183.pf
19.04.2008 19:48 15.296 AVADMIN.EXE-B5873107.pf
19.04.2008 19:42 17.724 RUNDLL32.EXE-A836D368.pf
19.04.2008 19:42 25.826 _IU14D2N.TMP-EA8F310D.pf
19.04.2008 19:42 21.758 UNINS000.EXE-23EA8192.pf
19.04.2008 19:42 24.072 DLLHOST.EXE-6CCFE7C9.pf
19.04.2008 19:36 54.918 SDSETUP.TMP-F2AB6F9C.pf
19.04.2008 19:36 25.014 SDSETUP.TMP-0D911B84.pf
19.04.2008 19:26 41.094 SETUP32.EXE-E2A5FC36.pf
19.04.2008 19:26 130.428 BABYLON7_SETUP_ENG_ENG_OXFORD-1A8055CE.pf
19.04.2008 19:26 31.410 PATCH 7.0.3.11.EXE-27C44BCF.pf
19.04.2008 19:23 69.784 EXPLORER.EXE-D5E97654.pf
19.04.2008 19:18 121.134 AZUREUS.EXE-D2D77631.pf
19.04.2008 19:11 42.954 UNINSTBB.EXE-81F83C0D.pf
19.04.2008 19:11 43.082 UNINSTBB.EXE-62085DB9.pf
19.04.2008 19:10 44.652 BABYLON.EXE-319E5442.pf
19.04.2008 19:04 132.032 BABYLON7_SETUP_ENG_ENG_OXFORD-02EEF5EE.pf
19.04.2008 18:57 33.450 TASKMGR.EXE-4C8500BA.pf
19.04.2008 18:48 44.880 UNINSTBB.EXE-E87D0250.pf
19.04.2008 17:43 98.892 STARTUPMANAGER.EXE-C29346D7.pf
19.04.2008 17:18 50.782 AVGNT.EXE-14321A1F.pf
19.04.2008 17:10 96.284 BABYLO~1.EXE-5955F910.pf
19.04.2008 17:09 7.814 CMD.EXE-0BD30981.pf
19.04.2008 17:09 22.858 UPDATE.EXE-8E7AF98F.pf
19.04.2008 17:09 64.312 BABYLON7_SETUP.EXE-ABF94E84.pf
19.04.2008 16:44 74.798 WINMAIL.EXE-4A3CA0DE.pf
19.04.2008 16:27 129.512 DIVX PLAYER.EXE-78A431C6.pf
19.04.2008 15:15 1.259.780 Layout.ini
19.04.2008 09:49 25.848 MFPMP.EXE-DAD29CCD.pf
19.04.2008 09:18 187.548 MSXML4-KB936181-ENU.EXE-2B1E5C05.pf
19.04.2008 09:17 22.864 GOOGLETOOLBAR2USER.EXE-C7DCD151.pf
19.04.2008 09:17 221.430 IEXPLORE.EXE-058FE8F5.pf
16.04.2008 10:16 220.074 ICQLITE.EXE-3E3728A9.pf
12.04.2008 22:51 680.873 AgCx_SC1.db
12.04.2008 22:50 250.042 AgCx_SC1.db.trx
03.03.2008 16:01 919.104 AgCx_SC2.db
03.09.2007 13:15 1.793.830 AgCx_Hibernate.snp.db
03.06.2007 14:02 485.276 AgCx_SC3_C7BB0095.db
03.06.2007 14:00 1.692.723 AgCx_S1_S-1-5-21-2629739097-2921562786-1002798563-1000.snp.db
04.04.2007 12:18 332.116 AgAppLaunch.db
137 Datei(en), 25.879.942 Bytes
0 Verzeichnis(se), 71.436.648.448 Bytes frei
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 609D-0F0B

Verzeichnis von C:\Windows\tasks

20.04.2008 00:26 256 Auf Updates f�r Windows Live Toolbar pr�fen.job
19.04.2008 23:33 6 SA.DAT
19.04.2008 23:31 32.534 SCHEDLGU.TXT
19.04.2008 12:24 422 User_Feed_Synchronization-{40E633F7-7F8E-40E4-8ABE-EFFEF2521F9F}.job
11.04.2008 17:35 408 1-Klick-Wartung.job
5 Datei(en), 33.626 Bytes
0 Verzeichnis(se), 71.436.652.544 Bytes frei
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 609D-0F0B

Verzeichnis von C:\Program Files

19.04.2008 23:50 <DIR> .
19.04.2008 23:50 <DIR> ..
20.03.2008 18:00 <DIR> Adobe
19.04.2008 21:23 <DIR> Apple Software Update
20.04.2008 00:18 <DIR> Avira Premium Security Suite
19.04.2008 14:48 <DIR> Azureus
19.04.2008 19:28 <DIR> Babylon
31.03.2007 16:05 <DIR> Broadcom
02.03.2008 10:54 <DIR> Common Files
31.03.2007 16:23 <DIR> CyberLink
22.11.2007 15:14 <DIR> DAEMON Tools
04.04.2007 21:56 <DIR> Dell
31.03.2007 16:18 <DIR> DellSupport
02.10.2007 14:18 <DIR> DIFX
31.03.2007 16:08 <DIR> Digital Line Detect
08.03.2008 19:10 <DIR> directx
17.12.2007 16:48 <DIR> DivX
29.03.2008 23:54 <DIR> Everest Poker
14.01.2008 16:32 <DIR> foobar2000
24.12.2007 13:20 <DIR> GIMP-2.0
29.12.2007 17:34 <DIR> Google
05.04.2007 22:10 <DIR> ICQLite
04.04.2007 21:03 <DIR> Intel
11.04.2008 18:22 <DIR> Internet Explorer
06.04.2008 10:07 <DIR> iPod
06.04.2008 10:07 <DIR> iTunes
31.03.2007 16:03 <DIR> Java
11.12.2007 20:20 <DIR> MagicISO
02.11.2006 14:37 <DIR> Microsoft Games
07.04.2007 13:58 <DIR> Microsoft Office
10.04.2008 23:37 <DIR> Microsoft Silverlight
05.05.2007 19:42 <DIR> Microsoft Works
07.04.2007 13:58 <DIR> Microsoft.NET
05.05.2007 19:42 <DIR> Modem Diagnostic Tool
02.11.2006 14:42 <DIR> Movie Maker
17.04.2008 20:03 <DIR> Mozilla Firefox
02.11.2006 14:37 <DIR> MSBuild
02.11.2006 14:37 <DIR> MSN
31.03.2007 16:02 <DIR> MSXML 4.0
31.03.2007 16:06 <DIR> NetWaiting
02.10.2007 14:18 <DIR> Nokia
02.10.2007 14:17 <DIR> PC Connectivity Solution
03.05.2007 16:56 <DIR> QuickTime
21.04.2007 11:55 <DIR> R
13.01.2008 17:36 <DIR> Real
02.11.2006 14:37 <DIR> Reference Assemblies
04.04.2007 21:02 <DIR> Roxio
19.04.2008 21:24 <DIR> Safari
21.12.2007 11:45 <DIR> SAMSUNG
26.10.2007 19:54 <DIR> SigmaTel
19.04.2008 20:07 <DIR> Spyware Doctor
10.04.2008 21:02 <DIR> Sticker Lite
31.03.2007 23:45 <DIR> Synaptics
03.12.2007 22:38 <DIR> SystemRequirementsLab
19.04.2008 23:50 <DIR> Trend Micro
29.04.2007 19:41 <DIR> TuneUp Utilities 2007
12.11.2007 15:02 <DIR> Universal Document Converter
26.04.2007 07:33 <DIR> VideoLAN
11.04.2007 23:07 <DIR> VistaCodecPack
09.04.2007 18:54 <DIR> Western Digital Technologies
31.03.2007 16:08 <DIR> WIDCOMM
10.11.2007 18:57 <DIR> Winamp
29.08.2007 16:20 <DIR> Windows Calendar
02.11.2006 14:42 <DIR> Windows Collaboration
10.04.2007 22:49 <DIR> Windows Defender
02.11.2006 14:42 <DIR> Windows Journal
02.03.2008 10:55 <DIR> Windows Live
30.11.2007 11:32 <DIR> Windows Live Toolbar
09.04.2008 21:39 <DIR> Windows Mail
10.10.2007 12:32 <DIR> Windows Media Player
04.04.2007 12:19 <DIR> Windows NT
02.11.2006 14:42 <DIR> Windows Photo Gallery
09.01.2008 12:57 <DIR> Windows Sidebar
13.12.2007 00:17 <DIR> WinRAR
0 Datei(en), 0 Bytes
74 Verzeichnis(se), 71.436.648.448 Bytes frei

#2 Hake in Hijackthis bitte folgendes an und druecke fix checked:

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaywUOHB.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matthes\AppData\Local\Temp\iifcawTm.dll,#1


Danach bitte neu starten und nutze die mit Windows gelieferte Datenträgerbereinigung(alles anhaken außer alte Dateien komprimieren) und saeubere die Systemwiederherstellung über "weitere Optionen".

http://support.microsoft.com/default.aspx?scid=kb;de;315246


Pruefe diese Datei bei Virustotal und poste das gesamte Ergebniss.
C:\Windows\system32\yaywUOHB.dll

Zuletzt bitte ein neues Hijackthis log posten.
__________
MfG Ralf
SEO-Spam Hunter

#3 Hey Ralf, danke für deine Antwort!

Habe deine Anweisungen befolgt und hier sind die Daten:

Scan mit Virustotal:[/b]

ntivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.18 -
Authentium 4.93.8 2008.04.19 -
Avast 4.8.1169.0 2008.04.19 -
AVG 7.5.0.516 2008.04.19 Generic10.MXY
BitDefender 7.2 2008.04.20 -
CAT-QuickHeal 9.50 2008.04.19 -
ClamAV 0.92.1 2008.04.20 -
DrWeb 4.44.0.09170 2008.04.19 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.19 -
F-Prot 4.4.2.54 2008.04.20 -
F-Secure 6.70.13260.0 2008.04.19 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26.0 2008.04.20 -
Kaspersky 7.0.0.125 2008.04.20 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 Trojan:Win32/Vundo.gen!D
NOD32v2 3041 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.19 -
Prevx1 V2 2008.04.20 Trojan.Vundo
Rising 20.40.62.00 2008.04.20 -
Sophos 4.28.0 2008.04.20 Sus/Behav-200
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 -
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.19 -
Webwasher-Gateway 6.6.2 2008.04.18 -
weitere Informationen
File size: 38912 bytes
MD5...: f8e045195d6c86490b3ea9cd4b7a3734
SHA1..: a5c81a9d1e74118ab341412453f47cdd4b309f9d
SHA256: c1b9a1c64ba4cd8f13708ae95b08f7b6bc51d81b4809fb9587150e3989f42d33
SHA512: 1c90d02d1c61df668f8a5570490f0b56cb6a94a2fda186ed2eafb7e10a053311
f02500145ab2cb7043f233e363a3d5de6ca1974ffe41d87a9f20836ae69185c4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10005502
timedatestamp.....: 0x4bf1af79 (Mon May 17 21:04:57 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4800 7.31 51b9186b589117ae802640fb85eab24a
.data 0x1f000 0x5000 0x4200 7.97 86c199ee09569690619602962db27d50
.rdata 0x24000 0x1000 0x400 5.81 465868c44285311cb0013d9125773e22
.idata 0x25000 0x1000 0x600 2.70 bac3445ab6cb6278ffe22a57fdb795f4

( 3 imports )
> user32.dll: OemToCharW, MessageBoxA, EndMenu, CreateCursor
> kernel32.dll: TlsGetValue, lstrlenA, lstrcmpiA, lstrcmpA, lstrcatA, EnumResourceLanguagesA, EnumResourceNamesA, ExitProcess, GetCommandLineA, GetLastError, GetVersionExA, InitializeCriticalSection
> oleaut32.dll: SafeArrayCreate, SysReAllocString, VarBstrCmp, OleTranslateColor, ClearCustData, OleLoadPicturePath


demnach hat Virustotal...vier Ergebnisse hervorgebrtacht...soll ich jetzt die yaywUHB.dll einfach löschen....?






und hier die neue Hijackthis Logdatei:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:37, on 20.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matthes\AppData\Local\Temp\cbXNHAqQ.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Programme\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Programme\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA0F32-27A4-4E3B-93D6-50690DE1C5AE}: NameServer = 213.191.74.11 213.191.92.82
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Dell Energieverwaltung der internen Netzwerkkarte (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9198 bytes

#4 Ja, die Datei kannst du loeschen?

Verschwindet dieser Eintrag nicht nach "fixen" und neustart?

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matthes\AppData\Local\Temp\cbXNHAqQ.dll,#1
__________
MfG Ralf
SEO-Spam Hunter

#5 So der neue LOGFILE:
...Scheint so als ob der Eintrag immer noch vorhanden wäre...soll ich die Datei auch mal durch Virustotal laufen lassen und bei Fund löschen?...
Oder hängt es vll. mit der Systemwiederherstellung zusammen, die ich vorher ausschalten muss, den Datenträger bereinige und dann wieder einschalte?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:36, on 20.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matthes\AppData\Local\Temp\hgGxUKdA.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Programme\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Programme\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Dell Energieverwaltung der internen Netzwerkkarte (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8964 bytes



THX

#6 Das dieser Eintrag sich mit Hilfe von Hijackthis nicht loeschen laesst, liegt daran, das Vundo eine Art Schutzmechanismus besitzt. Mit der Systemwiederherstellung hat das nichts zu tun.

Ich hatte gehoft das ohne Combofix geloescht zu bekommen. Vor Combofix versuchen wir nochmal Malwarebytes Antimalwaer. Eine Anleitung dazu findest du hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Nutze aber bitte diesen Downloadlink http://www.besttechie.net/tools/mbam-setup.exe , nicht den, der in der Anleitung aufgefuehrt ist.
__________
MfG Ralf
SEO-Spam Hunter

#7 Ok...habe malwarebytes mal durchlaufen lassen und habe anschließend nach einem Neustart einen neue LogDatei mit Hijackthis erstellt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:31, on 20.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Dell Energieverwaltung der internen Netzwerkkarte (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8740 bytes


Report Malwarebytes:

Malwarebytes' Anti-Malware 1.11
Datenbank Version: 660

Scan Art: Komplett Scan (C:\|D:\|F:\|I:\|)
Objekte gescannt: 149941
Scan Dauer: 1 hour(s), 50 minute(s), 40 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 21

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Users\Matthes\AppData\Local\Temp\urqQgfEV.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Users\Matthes\AppData\Local\Temp\urqQgfEV.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Matthes\AppData\Local\Temp\efcDSJBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\hgGyvvtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\iifgEvUm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\jkkIBRkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\jkkLEusr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\qoMdCUkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000b1a2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000c947 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000d410 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000d7f6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000d8b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000da85 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000dc0b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000e1e5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000e33c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000e6c5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000e916 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp0000fce4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tmp000109df (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Matthes\AppData\Local\Temp\tuvWnnmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Ist mein System jetzt soweit erstmal Clean, oder geht die Odyssey erstmal weiter?


MFG
Kalle

#8 Das sieht ganz ordenltich aus. Du koenntest noch url="
http://www.trojaner-board.de/51464-anleitung-ccleaner.html"
__________
MfG Ralf
SEO-Spam Hunter

#9 Sehr schön, vielen Dank für die schnelle und professionelle Betreuung!

Absolut weiterempfehlenswert.


MFG Kalle