TR/Vundo.Gen befall. Wie entfernen?

#0
08.07.2008, 13:56
...neu hier

Beiträge: 5
#1 Hallo erstaml an alle. Bin neu hier und habe auch sogleich das erste Problem.
Wie der Titel ausagt habe ich leider den TR/Vundo.Gen auf meinem Rechner.

Gefunden wurde es von Antivir 8. Löschen brachte nichts und auch das Symantec Tool zum entfernen des Trojaners/Virus brachte nicht den gewünschten Erfolg. Meine Hoffnung sind nun die Experten in diesem Forum.

Hier ist mein HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:29, on 08.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RAM Defrag\RAM_Defrag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Windows\Explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.stegcomputer.ch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stegcomputer.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.stegcomputer.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8244918F-F71B-4F82-8A03-290C2E55BAEB} - C:\Windows\system32\opnmNHYS.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\Windows\nqgpedlr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMghfcC.dll,#1
O4 - HKLM\..\Run: [RAM_DEFRAG] "C:\Program Files\RAM Defrag\RAM_DEFRAG.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HAKANK~1\AppData\Local\Temp\mlJArPhE.dll,#1
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O21 - SSODL: axrfgvek - {180B1E50-2AD0-48BA-8357-C805682C1177} - C:\Windows\axrfgvek.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 7485 bytes
Seitenanfang Seitenende
08.07.2008, 14:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo never28

««
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O2 - BHO: (no name) - {8244918F-F71B-4F82-8A03-290C2E55BAEB} - C:\Windows\system32\opnmNHYS.dll

O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\Windows\nqgpedlr.dll

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMghfcC.dll,#1

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HAKANK~1\AppData\Local\Temp\mlJArPhE.dll,#1

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O21 - SSODL: axrfgvek - {180B1E50-2AD0-48BA-8357-C805682C1177} - C:\Windows\axrfgvek.dll

«
scannen mit Malwarebytes + lasse alles gefundene entfernen + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

«
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 14:24
...neu hier

Themenstarter

Beiträge: 5
#3 Sabina, vielen Dank für deine Schnelle Antwort.

Ich werde die vorgegebenen Schritte ausführen. Kann ich von Combofix auch die Beta nehmen? Oder doch lieber die jetzige Version?

Beginne nun mit dem Scan mit Malwarebytes.

never28
Seitenanfang Seitenende
08.07.2008, 15:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 die beta ist o.k.
vergiss nicht, dann das log hier zu posten ;) - und das log von malwarebytes auch
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 15:15
...neu hier

Themenstarter

Beiträge: 5
#5 Hier ist das Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 931
Windows 6.0.6001 Service Pack 1

15:13:41 08.07.2008
mbam-log-7-8-2008 (15-13-41).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 153889
Scan Dauer: 17 minute(s), 21 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 26
Infizierte Registrierungswerte: 5
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 33

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Windows\System32\opnmNHYS.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\byXRHbBT.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f3461a5-46ab-4fec-850a-ce0cdb7b9ea4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7f3461a5-46ab-4fec-850a-ce0cdb7b9ea4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{101900f3-7aeb-4e3b-b4cc-dcb483b3b92f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9c7e91a9-0001-4c4e-bcc2-a56bc8329049} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a59c4135-df7a-4666-8129-478376867b3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f70c9bf7-63da-40cc-a57c-b874b07259e0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7f62b052-bbd3-476f-a8d5-aea51d86367a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80123684-a222-4009-8220-a867294d6de8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{180b1e50-2ad0-48ba-8357-c805682c1177} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20b08762-0986-46f5-80f3-1a0185418520} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5640223c-0f8e-42ae-9059-5d5a37a35820} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b101ab9-e087-4a4e-84f2-046c0016161f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cb1723f-f6ac-4df9-808b-cb234fbbb08b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80cac9d4-1e69-4e31-aab3-b03e3ed6037b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{864eee3c-a24f-46cb-bfab-d62d4e36c709} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd2a86e8-666b-4eb5-80f9-5667654badc2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8ceb075-47a1-4294-9f80-99bdc8f3631e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bxod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{80123684-a222-4009-8220-a867294d6de8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\axrfgvek (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnmnhys -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnmnhys -> Delete on reboot.

Infizierte Verzeichnisse:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\opnmNHYS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\SYHNmnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\SYHNmnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qOiFvWMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\CMWvFiOq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\CMWvFiOq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\byXRHbBT.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\qoMghfcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\nqgpedlr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\hgGyxYQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\pmnlihHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\rqRLfFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000ba49 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000d299 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000dc3a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000e4c2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00014a29 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00016dbf (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00017280 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0001843c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00024652 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp000edd63 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\qoMgfdbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\tmp00008dae (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\tmp00012876 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Hakan Koca\AppData\Local\Temp\xxyvvUMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\esrp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJDSICU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqNEvvS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvwuSM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clbdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mrvtdpqe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\axrfgvek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

herzliche Grüsse never28

Und hier ist noch der Log von Combofix Beta:

ComboFix 08-07-07.3 - Hakan Koca 2008-07-08 15:19:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1620 [GMT 2:00]
ausgeführt von:: C:\Users\Hakan Koca\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\isxwabhw.ini
C:\Windows\system32\jvrsfwuw.ini
C:\Windows\system32\neljdgql.ini
C:\Windows\system32\opnmNHYS.dll
C:\Windows\system32\qvfedpfk.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-08 bis 2008-07-08 ))))))))))))))))))))))))))))))
.

2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Malwarebytes
2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 14:28 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-08 14:28 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Windows\Recent
2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Windows\Cookies
2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Users\Recent
2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Users\Cookies
2008-07-08 12:54 . 2008-07-08 12:54 262,144 --a------ C:\Users\NtUser.dat
2008-07-08 02:37 . 2008-02-13 07:52 4,915,200 --a------ C:\Windows\RtHDVCpl.exe
2008-07-08 02:15 . 2008-07-08 02:15 <DIR> d--h----- C:\$WINDOWS.~Q
2008-07-08 02:15 . 2008-07-08 02:15 21,532 --a------ C:\Windows\System32\emptyregdb.dat
2008-07-08 02:12 . 2008-07-08 02:13 <DIR> d--h----- C:\$INPLACE.~TR
2008-07-08 02:06 . 2008-07-08 02:06 <DIR> d-------- C:\Users\Default\video
2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Videos
2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Saved Games
2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Pictures
2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Music
2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Links
2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Downloads
2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Documents
2008-07-08 01:53 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Media Center Programs
2008-07-08 01:53 . 2008-07-08 02:05 <DIR> d--h----- C:\Users\Hakan Koca\AppData
2008-07-08 01:53 . 2008-07-08 02:33 <DIR> d-------- C:\Users\Hakan Koca
2008-07-08 01:52 . 2008-07-08 01:52 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-08 01:52 . 2008-07-08 01:52 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-07-08 01:49 . 2008-07-08 01:49 <DIR> d-------- C:\Windows\System32\RTCOM
2008-07-08 01:47 . 2008-07-08 01:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-08 00:21 . 2008-07-08 00:21 <DIR> d-------- C:\restored_files
2008-07-07 23:41 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Avira
2008-07-07 23:00 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Smart PC Solutions
2008-07-07 23:00 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Smart PC Solutions
2008-07-07 22:45 . 2008-07-08 01:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-07 13:32 . 2006-11-02 10:51 6,144 --a------ C:\Windows\System32\beep.sys
2008-07-07 02:14 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\UseNeXT
2008-07-07 00:48 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\NewsLeecher
2008-07-06 23:38 . 2008-07-06 23:38 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-06 20:41 . 2008-07-06 20:41 14 --a------ C:\Windows\System32\Aero Glass aus.bat
2008-07-06 20:40 . 2008-07-06 20:40 15 --a------ C:\Windows\System32\Aero Glass ein.bat
2008-07-06 17:52 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Nvu
2008-07-06 16:09 . 2008-07-08 02:01 <DIR> d-------- C:\Windows\System32\QuickTime
2008-07-06 16:09 . 2008-05-28 04:31 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-07-06 14:27 . 2008-07-08 01:59 <DIR> d-------- C:\Program Files\Windows Media Components
2008-07-06 14:27 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Common Files\DATA BECKER Shared
2008-07-06 03:13 . 2000-08-19 19:29 268,048 --a------ C:\Windows\System32\dxtmeta2.dll
2008-07-05 18:04 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Schneider Infosystems
2008-07-05 17:08 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-05 16:46 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\a-squared Free
2008-07-05 16:44 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\UpdateStar
2008-07-05 16:39 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\nobox.de
2008-07-05 14:57 . 2008-07-05 14:57 38,608 --a------ C:\Windows\System32\drivers\PktIcpt.sys
2008-07-05 14:55 . 2008-07-05 14:55 47,184 --a------ C:\Windows\System32\drivers\MiniIcpt.sys
2008-07-05 12:42 . 2008-07-05 12:41 691,545 --a------ C:\Windows\unins000.exe
2008-07-05 12:42 . 2008-07-05 12:42 2,544 --a------ C:\Windows\unins000.dat
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Realtek RTL8168C(P) 8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Realtek High Definition Audio
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\NVIDIA GeForce 8600 GT
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech HID-Compliant Keyboard
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech HID-compliant Cordless Mouse
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech Driver Interface
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 945G GZ GC P PL Processor to I O Controller - 2770
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 945G GZ GC P PL PCI Express Root Port - 2771
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801GB GR GH (ICH7 Family) Serial ATA Storage Controller - 27C0
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801GB GR (ICH7 Family) LPC Interface Controller - 27B8
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D2
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801 PCI Bridge - 244E
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Acer AL2017
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Realtek RTL8168C(P) 8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Realtek High Definition Audio
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\NVIDIA GeForce 8600 GT
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech HID-Compliant Keyboard
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech HID-compliant Cordless Mouse
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech Driver Interface
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 945G GZ GC P PL Processor to I O Controller - 2770
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 945G GZ GC P PL PCI Express Root Port - 2771
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801GB GR GH (ICH7 Family) Serial ATA Storage Controller - 27C0
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801GB GR (ICH7 Family) LPC Interface Controller - 27B8
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D2
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801 PCI Bridge - 244E
2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Acer AL2017
2008-07-05 02:58 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\IrfanView
2008-07-03 23:53 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\MSECache
2008-07-03 23:43 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-07-03 22:46 . 2006-10-22 23:39 235,152 --a------ C:\Windows\System32\PDFMOfficeAddin.dll
2008-07-03 21:12 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-03 21:12 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-03 21:12 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-03 02:22 . 2008-07-08 02:05 <DIR> dr-h----- C:\Users\Hakan Koca\AppData\Roaming\SecuROM
2008-07-03 01:40 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\ProtectDisc
2008-07-03 01:38 . 2008-07-03 01:38 <DIR> d-------- C:\Users\All Users\DATA BECKER Downloads
2008-07-03 01:38 . 2008-07-03 01:38 <DIR> d-------- C:\ProgramData\DATA BECKER Downloads
2008-07-03 01:37 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-07-03 01:36 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\DATA BECKER
2008-07-03 01:11 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Ubisoft
2008-07-03 01:11 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\InstallShield Installation Information
2008-07-03 01:09 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Steam
2008-07-02 23:29 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Nvu
2008-07-02 23:29 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\FileZilla
2008-07-02 23:21 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\PDFCreator
2008-07-02 23:21 . 2004-03-09 00:00 662,288 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-07-02 23:21 . 2005-10-15 12:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
2008-07-02 23:21 . 1998-07-06 17:55 158,208 --a------ C:\Windows\System32\MSCMCDE.DLL
2008-07-02 23:21 . 1998-06-24 00:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
2008-07-02 23:21 . 1998-07-06 17:56 125,712 --a------ C:\Windows\System32\VB6DE.DLL
2008-07-02 23:21 . 1998-07-06 17:55 64,512 --a------ C:\Windows\System32\MSCC2DE.DLL
2008-07-02 23:21 . 1998-07-06 00:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
2008-07-02 01:26 . 2008-07-02 01:26 4,096 --a------ C:\Windows\System32\17599.sys
2008-07-02 01:26 . 2008-07-02 01:26 7 --a------ C:\Windows\System32\CurrentName.dat
2008-07-02 00:04 . 2008-07-02 00:17 196,608 --a------ C:\Windows\SPInstall.etl

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Vorlagen
2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Startmenü
2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Favoriten
2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Dokumente
2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-07-08 00:28 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2008-07-07 23:59 --------- d-----w C:\ProgramData\NVIDIA
2008-07-07 23:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-07 23:59 --------- d-----w C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-07-07 23:59 --------- d-----w C:\Program Files\Yahoo!
2008-07-07 23:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 23:58 --------- d-----w C:\Program Files\Realtek
2008-07-07 23:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-07 23:58 --------- d-----w C:\Program Files\Microsoft Works
2008-07-07 23:58 --------- d-----w C:\Program Files\Intel
2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-06 12:30 1,869,020 ----a-w C:\Windows\System32\RSA32_16.DLL
2008-06-30 21:43 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-06-30 21:43 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 04:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"RAM_DEFRAG"="C:\Program Files\RAM Defrag\RAM_DEFRAG.EXE" [2006-10-18 23:50 1253376]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [30.06.2008 23:28:41 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
"HideSCANetwork"= 1 (0x1)
"HideSCAVolume"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40902FE8-722F-4D90-8B1E-E8EBA939E8F0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E3D4B586-A5F5-48E1-BF55-5DE813DC0B34}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R2 17599;17599;C:\Windows\System32\17599.sys [2008-07-02 01:26]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-29 22:22]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

.
Inhalt des "geplante Tasks" Ordners
"2008-07-08 13:24:01 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 15:24:27
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-08 15:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 13:26:55

29 Verzeichnis(se), 416,889,913,344 Bytes frei
39 Verzeichnis(se), 417,305,264,128 Bytes frei

245

Vielen Vielen Dank Sabina für deine Super Hilfe

never28
Dieser Beitrag wurde am 08.07.2008 um 15:30 Uhr von never28 editiert.
Seitenanfang Seitenende
08.07.2008, 17:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo,

««
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

««
Virustotal http://www.virustotal.com/flash/index_en.html

C:\Windows\System32\17599.sys

C:\Program Files\nobox.de

C:\Windows\System32\beep.sys


Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren

-----------------------------------------------------------------------

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\$WINDOWS.~Q" >>files.txt
dir "C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 17:48
...neu hier

Themenstarter

Beiträge: 5
#7 Hier die Analyse von Virustotal:

MD5: ee50afab5e473da1dc5eaa5239b775f3
First received: 2007.03.10 04:23:00 (CET)
Datum 2008.07.06 14:05:02 (CET) [>2D]
Ergebnisse 0/33
Permalink: analisis/46d6d66e3f2594e04a8772be7bf72079

MD5: ac3dd1708b22761ebd7cbe14dcc3b5d7
First received: 2008.06.04 00:28:10 (CET)
Datum 2008.06.04 00:28:10 (CET) [>34D]
Ergebnisse 1/32
Permalink: analisis/ac2a037f1dd6c59d5ef60a7d59043532

Bei C:\Program Files\nobox.de kommt nur:

0 bytes size received / Se ha recibido un archivo vacio

Bei listen.bat kommt die Meldung

"Die Datei files.txt kann nicht gefunden werden
Möchten Sie eine neue Datei erstellen?"

Ist das ok so?

Ich habe auch bisher keine fehler Meldungen mehr bekommen wegen Vundo

MFG
never28

---------------------------------------------------------

Hallo Sabina

Ist es bei mir nun gut? Gibt es noch weitere schritte die ich erledigen muss?

Wäre Dankbar für weitere Instruktionen

Vielen herzlichen Dank

never28
Dieser Beitrag wurde am 08.07.2008 um 19:59 Uhr von never28 editiert.
Seitenanfang Seitenende
08.07.2008, 21:48
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 belasse es dabei, wenn es noch Probleme geben sollte, melde dich.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 22:09
...neu hier

Themenstarter

Beiträge: 5
#9 Sabina Ich danke Dir von ganzem Herzen

hast mir sehr geholfen. Absolut tolles und hilfreiches Forum hier. Die Antworten kommen schnell und absolut verständlich. Vielen Dank.

Protecus - Hier wird Dir geholfen ;)

Einen Wunderschönen Abend wünsch ich Dir und eine tolle Woche

Mit bestem Dank

never28
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: