Bei virenScan fund Trojaner TR/Vundo.GEN

#1 Ich hab das Problem das mein Antivir bei der Überprüfung meines Systems immer auf diesen Trojaner stößt ihn aber nicht löscht bzw. es bei einem nochmaligen Scan nach bereinigung aller Temp's etc. neue Datein sind worin der Trojaner enthalten sein soll.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:56, on 21.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www14.einfachstarten.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF141E4-0D24-464B-A005-573590131AFB}: NameServer = 192.168.2.1
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


###########################################

ComboFix 08-04-20.5 - ersguterjunge 2008-04-21 19:32:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1002 [GMT 2:00]
ausgeführt von:: C:\Users\ersguterjunge\Desktop\Download\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-21 bis 2008-04-21 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 16:34 --------- d-----w C:\Program Files\Yahoo!
2008-04-21 16:34 --------- d-----w C:\Program Files\CCleaner
2008-04-21 16:13 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-04-19 19:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-19 19:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-16 19:44 --------- d-----w C:\Program Files\ICQ6
2008-04-16 03:51 28,095 ----a-w C:\Users\ersguterjunge\AppData\Roaming\nvModes.dat
2008-04-08 17:49 --------- d-----w C:\Program Files\Java
2008-03-31 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 18:44 --------- d-----w C:\Users\ersguterjunge\AppData\Roaming\Winamp
2008-03-28 17:48 --------- d-----w C:\Program Files\Winamp
2008-03-20 19:15 --------- d-----w C:\Users\ersguterjunge\AppData\Roaming\DivX
2008-03-12 14:49 27,715 ----a-w C:\Users\Bushido99\AppData\Roaming\nvModes.dat
2008-03-10 18:48 --------- d-----w C:\Program Files\MTA San Andreas
2008-03-10 17:39 --------- d-----w C:\Program Files\Rockstar Games
2008-03-06 17:50 1,420,288 ----a-w C:\Windows\Internet Logs\xDB91C3.tmp
2008-03-04 19:47 0 ----a-w C:\Users\ersguterjunge\AppData\Roaming\wklnhst.dat
2008-03-03 13:06 279,440 ----a-w C:\Windows\system32\drivers\vsdatant.sys
2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc0407.dll
2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-03-01 19:19 1,411,072 ----a-w C:\Windows\Internet Logs\xDB8D60.tmp
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-22 12:27 --------- d-----w C:\ProgramData\Sonic
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-15 11:39 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 11:36 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 11:36 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 11:36 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-01-29 21:34 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-29 21:34 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-29 21:34 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-29 21:32 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-29 21:32 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-29 21:32 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-29 21:32 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-29 21:32 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-29 21:32 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-29 21:31 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-29 21:31 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-29 21:31 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-29 21:31 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-01-29 21:31 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-29 21:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-29 21:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-29 21:30 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-01-29 21:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-29 21:29 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-29 21:29 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-29 21:29 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-01-29 21:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-29 21:29 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-29 21:27 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-29 21:27 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-01-29 21:27 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-01-29 21:25 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-29 21:25 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-29 21:25 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-29 21:24 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-29 17:39 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-29 17:39 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-29 17:39 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-29 17:39 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-29 17:38 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-29 17:38 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-29 17:38 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-29 17:37 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-29 17:37 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-12-19 21:44 22,328 ----a-w C:\Users\ersguterjunge\AppData\Roaming\PnkBstrK.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-29 23:29 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 22:26 484904]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 10:10 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 03:11 176128]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-13 04:36 323216]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 20:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 20:54 50696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 22:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 01:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 23:31 262401]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-657363346-3752852834-3364722564-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3AABD80B-337E-4F0D-813A-D7118F789BD3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{05740BE2-72EF-429B-9E5D-2B6FEECA0B28}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05BDDA5F-4286-4DFC-B442-95E340ADA878}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{954B0EEF-56B4-40D7-8E5B-268F2C65C905}"= UDP:\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{BD2E3BB5-3D81-45B6-865B-0074BF54AE57}"= TCP:\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{FDEA4AE5-CBB5-475A-8FD3-9F5C5F16A936}"= UDP:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{4FA2AE17-0625-4F1B-8C3F-5B5869DC625D}"= TCP:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F173F277-DB44-4E47-9F19-82A2D9A6E911}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{AA8FBC69-7A18-453D-997A-D1818BBDFE40}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0FAA2123-3BC8-4063-9655-4A03456D61C2}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{0F335C7C-0E48-4D31-877C-3FA4B12F8F1F}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{10434AB4-4E14-44B7-BB7A-2A77027FFA00}"= UDP:\Games\Juiced 2\Juiced2_HIN.exe:Juiced2_HIN
"{32BE5D1F-F586-4B3F-9CB4-8C679897E9CF}"= TCP:\Games\Juiced 2\Juiced2_HIN.exe:Juiced2_HIN

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 18:31]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 18:30]
R1 Asapi;Asapi;C:\Windows\system32\drivers\Asapi.sys [2002-04-17 21:27]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 18:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 01:50]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 17:43]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 19:36:40
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-21 19:37:51
ComboFix-quarantined-files.txt 2008-04-21 17:37:46

Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.

187 --- E O F --- 2008-04-18 10:30:08


############### datfind.bat ########################

Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 543B-40CC

Verzeichnis von C:\Windows\system32

21.04.2008 19:46 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
21.04.2008 19:46 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
21.04.2008 18:20 618.470 perfh009.dat
21.04.2008 18:20 107.614 perfc009.dat
21.04.2008 18:20 651.350 perfh007.dat
21.04.2008 18:20 121.114 perfc007.dat
21.04.2008 18:20 1.488.910 PerfStringBackup.INI
09.04.2008 17:32 343.976 FNTCACHE.DAT
08.04.2008 19:49 6.591 jupdate-1.6.0_05-b13.log
06.04.2008 07:56 19.836.024 mrt.exe
24.03.2008 15:41 11.142 vsconfig.xml
03.03.2008 15:05 54.672 vsutil_loc0407.dll
03.03.2008 15:05 1.086.952 zpeng24.dll
03.03.2008 15:04 99.816 vsxml.dll
03.03.2008 15:04 83.432 zlcomm.dll
03.03.2008 15:04 71.144 zlcommdb.dll
03.03.2008 15:04 493.032 vsutil.dll
03.03.2008 15:04 46.568 vswmi.dll
03.03.2008 15:04 95.720 vsdata.dll
03.03.2008 15:04 165.352 vsinit.dll
03.03.2008 15:04 103.912 vsmonapi.dll
03.03.2008 15:04 71.144 vsregexp.dll
03.03.2008 15:04 275.944 vspubapi.dll
29.02.2008 08:51 19.000 kd1394.dll
29.02.2008 08:39 40.960 srclient.dll
29.02.2008 08:39 371.712 srcore.dll
29.02.2008 08:38 16.384 srdelayed.exe
29.02.2008 08:38 313.856 rstrui.exe
29.02.2008 08:35 6.656 kbd106n.dll
29.02.2008 08:34 7.168 f3ahvoas.dll
29.02.2008 06:16 2.027.008 win32k.sys
22.02.2008 02:33 139.264 javaws.exe
22.02.2008 01:23 135.168 javaw.exe
22.02.2008 01:23 135.168 java.exe
21.02.2008 06:43 826.368 wininet.dll
21.02.2008 06:43 1.159.680 urlmon.dll
21.02.2008 06:43 44.544 pngfilt.dll
21.02.2008 06:43 671.232 mstime.dll
21.02.2008 06:43 478.208 mshtmled.dll
21.02.2008 06:43 3.591.680 mshtml.dll
21.02.2008 06:43 27.648 jsproxy.dll
21.02.2008 06:43 56.320 iesetup.dll
21.02.2008 06:43 180.736 ieui.dll
21.02.2008 06:43 44.544 iernonce.dll
21.02.2008 06:43 6.066.176 ieframe.dll
21.02.2008 06:43 383.488 ieapfltr.dll
21.02.2008 06:43 63.488 icardie.dll
21.02.2008 06:43 296.448 gdi32.dll
21.02.2008 06:43 347.136 dxtmsft.dll
21.02.2008 06:43 214.528 dxtrans.dll
21.02.2008 06:43 124.928 advpack.dll
21.02.2008 06:43 26.624 ieUnatt.exe
21.02.2008 06:43 70.656 ie4uinit.exe
21.02.2008 06:42 1.831.424 inetcpl.cpl
21.02.2008 02:53 1.383.424 mshtml.tlb
19.02.2008 07:10 620.088 ci.dll
15.02.2008 13:39 194.560 WebClnt.dll
15.02.2008 13:37 613.888 wpd_ci.dll
15.02.2008 13:37 224.824 clfs.sys
15.02.2008 13:37 19.456 cfgmgr32.dll
15.02.2008 13:37 101.888 drvinst.exe
15.02.2008 13:37 221.696 umpnpmgr.dll
15.02.2008 13:37 260.096 dpx.dll
15.02.2008 13:37 558.080 oleaut32.dll
15.02.2008 13:37 1.585.664 setupapi.dll
15.02.2008 13:37 12.800 batt.dll
15.02.2008 13:37 35.328 dispci.dll
15.02.2008 13:37 905.400 winresume.exe
15.02.2008 13:37 23.552 nshhttp.dll
15.02.2008 13:37 39.424 lodctr.exe
15.02.2008 13:37 32.256 unlodctr.exe
15.02.2008 13:37 115.200 loadperf.dll
15.02.2008 13:37 17.408 prflbmsg.dll
15.02.2008 13:37 595.456 schedsvc.dll
15.02.2008 13:36 24.064 netcfg.exe
15.02.2008 13:36 167.424 tcpipcfg.dll
15.02.2008 13:36 22.016 netiougc.exe
15.02.2008 01:19 944.184 winload.exe
29.01.2008 23:34 39.424 ACCTRES.dll
29.01.2008 23:34 205.824 msoeacct.dll
29.01.2008 23:34 87.040 msoert2.dll
29.01.2008 23:32 392.192 FirewallAPI.dll
29.01.2008 23:32 396.800 MPSSVC.dll
29.01.2008 23:32 86.016 icfupgd.dll
29.01.2008 23:32 16.896 wfapigp.dll
29.01.2008 23:32 61.952 cmifw.dll
29.01.2008 23:32 178.688 iphlpsvc.dll
29.01.2008 23:31 8.147.968 wmploc.DLL
29.01.2008 23:31 10.617.344 wmp.dll
29.01.2008 23:31 7.680 spwmp.dll
29.01.2008 23:31 4.096 dxmasf.dll
29.01.2008 23:31 4.096 msdxm.ocx
29.01.2008 23:31 1.191.936 msxml3.dll
29.01.2008 23:31 2.048 msxml3r.dll
29.01.2008 23:30 1.327.104 quartz.dll
29.01.2008 23:30 9.728 LAPRXY.DLL
29.01.2008 23:30 2.048 asferror.dll
29.01.2008 23:30 223.232 WMASF.DLL
29.01.2008 23:29 1.335.296 msxml6.dll
29.01.2008 23:29 2.048 msxml6r.dll
29.01.2008 23:29 84.480 INETRES.dll
29.01.2008 23:29 737.792 inetcomm.dll
29.01.2008 23:29 11.776 sbunattend.exe
29.01.2008 23:28 2.455.488 ieapfltr.dat
29.01.2008 23:27 788.992 rpcrt4.dll
29.01.2008 23:27 5.120 wmi.dll
29.01.2008 23:27 152.576 imagehlp.dll
29.01.2008 23:25 3.504.824 ntkrnlpa.exe
29.01.2008 23:25 3.470.520 ntoskrnl.exe
29.01.2008 23:25 2.048 tzres.dll
29.01.2008 23:24 750.080 qmgr.dll
29.01.2008 19:39 1.524.224 wucltux.dll
29.01.2008 19:39 43.352 wups2.dll
29.01.2008 19:39 53.080 wuauclt.exe
29.01.2008 19:39 1.712.984 wuaueng.dll
29.01.2008 19:38 80.896 wudriver.dll
29.01.2008 19:38 33.624 wups.dll
29.01.2008 19:38 549.720 wuapi.dll
29.01.2008 19:37 163.000 wuwebv.dll
29.01.2008 19:37 31.232 wuapp.exe
29.01.2008 19:25 16 coh.cache
08.01.2008 03:16 630.784 divxdec.ax
04.01.2008 23:59 524.288 DivXsm.exe
04.01.2008 23:59 10.152 dsm_de.qm
04.01.2008 23:59 4.816 divxsm.tlb
04.01.2008 23:58 3.596.288 qt-dx331.dll
04.01.2008 23:58 187.128 PxMas.dll
04.01.2008 23:58 1.628.920 PxSFS.DLL
04.01.2008 23:58 88.824 VXBLOCK.dll
04.01.2008 23:58 518.904 pxdrv.dll
04.01.2008 23:58 551.672 Px.dll
04.01.2008 23:58 129.784 PxAFS.DLL
04.01.2008 23:58 379.640 PxWave.dll
04.01.2008 23:58 1.044.480 libdivx.dll
04.01.2008 23:58 200.704 ssldivx.dll
04.01.2008 23:57 196.608 dtu100.dll
04.01.2008 23:57 416 dpl100.dll.manifest
04.01.2008 23:57 416 dtu100.dll.manifest
04.01.2008 23:57 81.920 dpl100.dll
04.01.2008 23:57 53.248 dpuGUI10.dll
04.01.2008 23:57 57.344 dpv11.dll
04.01.2008 23:57 294.912 dpu11.dll
04.01.2008 23:57 294.912 dpu10.dll
04.01.2008 23:57 344.064 dpus11.dll
04.01.2008 23:57 593.920 dpuGUI11.dll
04.01.2008 23:57 823.296 divx_xx07.dll
04.01.2008 23:57 682.496 DivX.dll
04.01.2008 23:57 802.816 divx_xx11.dll
04.01.2008 23:57 823.296 divx_xx0c.dll
04.01.2008 23:56 156.992 DivXCodecVersionChecker.exe
04.01.2008 23:56 12.288 DivXWMPExtType.dll
04.01.2008 23:56 8.523 dpude.qm
04.01.2008 23:56 3.136 dtu_de.qm

Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 543B-40CC

Verzeichnis von C:\Users\ERSGUT~1\AppData\Local\Temp

21.04.2008 19:52 124.219 datfind.txt
21.04.2008 19:49 0 JETA1E9.tmp
21.04.2008 19:48 31.832 ersguterjunge.bmp
21.04.2008 19:44 1.472 ehmsas.txt
4 Datei(en), 157.523 Bytes
0 Verzeichnis(se), 160.784.941.056 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 543B-40CC

Verzeichnis von C:\Windows

21.04.2008 19:51 1.522.315 WindowsUpdate.log
21.04.2008 19:46 67.584 bootstat.dat
21.04.2008 19:45 802 PFRO.log
21.04.2008 19:36 215 system.ini
19.04.2008 21:33 143 wininit.ini
31.03.2008 19:47 281 vtmb.ini
29.01.2008 19:35 0 nsreg.dat
20.08.2007 11:02 111.045 hpqins13.dat
20.08.2007 10:41 12 CSUP.txt
08.02.2007 03:57 33.820 WMPrfDeu.prx
02.11.2006 15:04 144 win.ini
02.11.2006 14:50 749 WindowsShell.Manifest
02.11.2006 14:35 316.640 WMSysPr9.prx
02.11.2006 14:34 49.680 twunk_16.exe
02.11.2006 14:34 31.232 twunk_32.exe
02.11.2006 14:34 50.688 twain_32.dll
02.11.2006 14:34 94.784 twain.dll
02.11.2006 14:34 151.040 notepad.exe
02.11.2006 11:45 9.216 winhlp32.exe
02.11.2006 11:45 134.656 regedit.exe
02.11.2006 11:45 497.152 HelpPane.exe
02.11.2006 11:45 14.848 hh.exe
02.11.2006 11:45 13.312 fveupdate.exe
02.11.2006 11:45 2.923.520 explorer.exe
02.11.2006 11:44 50.176 bfsvc.exe
02.11.2006 09:46 43.131 mib.bin
19.09.2006 13:41 8.328 HomePremium.xml
18.09.2006 23:43 707 _default.pif
18.09.2006 23:43 256.192 winhelp.exe
18.09.2006 23:30 1.405 msdfmap.ini
31.08.2000 08:00 136.704 swsc.exe
31.08.2000 08:00 98.816 sed.exe
31.08.2000 08:00 28.160 Nircmd.exe
31.08.2000 08:00 161.792 swreg.exe
31.08.2000 08:00 212.480 swxcacls.exe
31.08.2000 08:00 49.152 VFind.exe
31.08.2000 08:00 68.096 zip.exe
31.08.2000 08:00 80.412 grep.exe
31.08.2000 08:00 73.728 fdsv.exe
29.10.1998 17:45 306.688 IsUninst.exe
06.11.1996 13:05 302.592 unin0407.exe
41 Datei(en), 7.902.437 Bytes
0 Verzeichnis(se), 160.784.941.056 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 543B-40CC

Verzeichnis von C:\Windows\temp

21.04.2008 19:46 256 ZLT028d4.TMP
21.04.2008 19:46 256 ZLT00896.TMP
2 Datei(en), 512 Bytes
0 Verzeichnis(se), 160.784.936.960 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 543B-40CC

Verzeichnis von C:\Windows\Downloaded Program Files

27.02.2008 16:00 262.144 fscax.dll
27.02.2008 15:59 541 ca.pub
27.02.2008 15:59 495.616 daas_s.dll
27.02.2008 15:59 290.816 auc_lib.dll
27.02.2008 15:59 614 fscax.inf
27.02.2008 15:59 588.392 gatelauncher.exe
18.09.2006 23:26 65 desktop.ini
16.05.2006 11:58 484.272 isusweb.dll
16.05.2006 11:58 196.608 dwusplay.exe
16.05.2006 11:58 24.576 dwusplay.dll
20.01.2005 15:53 171 ampx.inf
11 Datei(en), 2.343.815 Bytes
0 Verzeichnis(se), 160.784.936.960 Bytes frei

#2 Wo wird Antivir denn fündig? In der Systemwiederherstellung?

#3 also ich hab keinen plan mehr.hab mein virenprogrmm nochmal durchlaufen lassen und jetzt ist es nicht mehr da.finda cool.war bestimmt der adobe reader,oder wie der heisst.hab den entfernt,seitdem ists weg. :-) hoffe es bleibt so!

#4 Schön, warten wir ab.