Problem mit "Virus Alert" (neben der Uhr)

#1 Hallo zusammen!
Ich habe das Problem, dass rechts von der Uhr "VIRUS ALERT!"
steht.
des weiteren:
Systemsteuerung, Task Manager, Systemwiederherstellung, Festplatten (weden nicht angezeigt) und noch ein paar Kleinigkeiten deaktiviert.

Habe mich in Foren schon durchgelesen, aber habe nicht so viel Ahnung. Ich hoffe jemand kann mir ausführlich helfen;-)

Danke schon mal...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23: VIRUS ALERT!, on 20.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\WLAN Monitor\wlconfig.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\System32\wltrysvc.exe
c:\WINDOWS\System32\bcmwltry.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\WLAN Monitor\accwpac.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B44E59C-165C-4EE2-B3CD-4DFD348BE123} - C:\WINDOWS\system32\mlJApPGx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: {ccf8f0ec-05b0-fb9b-4f34-3d413ebc1f3a} - {a3f1cbe3-14d3-43f4-b9bf-0b50ce0f8fcc} - C:\WINDOWS\system32\bedlly.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C2346EDE-E47C-4228-95EA-2FE6EF518E33} - C:\WINDOWS\system32\qoMcbxYr.dll (file missing)
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programme\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [WLAN Quick-Starter] "C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update
O4 - HKLM\..\Run: [ctfmgr] C:\WINDOWS\ctfmgr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [2629165f] rundll32.exe "C:\WINDOWS\system32\vojiglgg.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ChkMail] =Œ
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - https://photoservice.fujicolor.de/ips-opdata/operator/19780613/activex/IPSUploader4.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O20 - Winlogon Notify: mlJApPGx - mlJApPGx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: WLTRYSVC - Unknown owner - c:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10685 bytes

#2 Arbeite bitte noch die Punkte 1-3 aus diesem Thread ab:
http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 Hallo!

Ich habe die Punkte 1 und 2 durchgeführt und sollte dann den Rechner neu starten. Das habe ich getan. Danach war alles wieder in Ordnung. Soll ich den dritten Punkt trotzdem ausführen?

Hier folgt der Bericht nach Punkt 2

Malwarebytes' Anti-Malware 1.22
Datenbank Version: 974
Windows 5.1.2600 Service Pack 2

17:23:10 21.07.2008
mbam-log-7-21-2008 (17-23-10).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 151808
Laufzeit: 28 minute(s), 25 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 16
Infizierte Verzeichnisse: 0
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3f1cbe3-14d3-43f4-b9bf-0b50ce0f8fcc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3f1cbe3-14d3-43f4-b9bf-0b50ce0f8fcc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomcbxyr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55372-OEM-0011903-00100) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\bedlly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\eone.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgjyybfu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awturrsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwjcuafn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJApPGx.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcbxYr.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rghwtyrk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwjrnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihriew.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekgqxcrn.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vojiglgg.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076679.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076683.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076770.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP209\A0076773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Matthias Hupp\Anwendungsdaten\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.

#4 Doch, Punkt 3 waere schon noch hilfreich....
__________
MfG Ralf
SEO-Spam Hunter

#5 Habe Punkt 3 durchgeführt!

Alles super danke.

Nur ein Problem nach dem hochfahren: Es erscheint sofort; Fehler beim Laden von C:\Windows\system32\vojiglgg.dll - Das angegebene Modul wurde nicht gefunden.

Wenn ich auf ok drücke geht es weg, kommt aber nach dem Neustart wieder.

Hier nochmal der Bericht!

MfG
Matthias

ComboFix 08-07-20.A0 - Matthias Hupp 2008-07-21 17:48:14.1 - [color=red]FAT32[/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.277 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Matthias Hupp\Eigene Dateien\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Matthias Hupp\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fvropfkp.ini
C:\WINDOWS\system32\gglgijov.ini
C:\WINDOWS\system32\nrcxqgke.ini
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\rYxbcMoq.ini
C:\WINDOWS\system32\rYxbcMoq.ini2
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2008-06-21 bis 2008-07-21 ))))))))))))))))))))))))))))))
.

2008-07-21 16:51 . 2008-07-21 16:51 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-21 16:51 . 2008-07-21 16:51 <DIR> d-------- C:\Dokumente und Einstellungen\Matthias Hupp\Anwendungsdaten\Malwarebytes
2008-07-21 16:51 . 2008-07-21 16:51 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-21 16:51 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-21 16:51 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-20 20:20 . 2008-07-20 20:20 <DIR> d-------- C:\Programme\Trend Micro
2008-07-20 20:12 . 2008-07-20 20:12 <DIR> d-------- C:\Downloads
2008-07-13 23:54 . 2008-07-13 23:54 <DIR> d-------- C:\Programme\Avira
2008-07-13 23:10 . 2008-07-13 23:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-13 15:03 . 2008-07-13 15:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-13 14:51 . 2008-07-13 15:10 4,636 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 14:50 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-13 14:50 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-13 14:50 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-13 14:50 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-13 14:50 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-13 14:50 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-13 14:50 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 14:50 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 14:50 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen�
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-07-13 13:54 . 2004-01-27 19:40 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-07-13 13:54 . 2004-01-27 19:40 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-07-13 13:54 . 2004-01-27 19:30 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-07-13 13:54 . 2008-07-13 13:54 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-07-13 13:54 . 2003-01-21 03:00 13,095,560 -ra------ C:\Dokumente und Einstellungen\Administrator\MpSetup.exe
2008-07-13 11:47 . 2008-07-13 11:47 <DIR> d--hs---- C:\FOUND.003
2008-07-13 11:40 . 2003-04-02 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-02 17:05 . 2008-07-02 17:05 <DIR> d-------- C:\Programme\VDE7

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 13:01 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2007-09-27 17:57 61,440 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\BEWERBUNGS-MASTER-Update.exe
2007-05-11 12:58 92,064 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmmdm.sys
2007-05-11 12:58 9,232 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmmdfl.sys
2007-05-11 12:58 79,328 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmserd.sys
2007-05-11 12:58 66,656 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmbus.sys
2007-05-11 12:58 6,208 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmcmnt.sys
2007-05-11 12:58 5,936 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmwhnt.sys
2007-05-11 12:58 4,048 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\mqdmcr.sys
2007-05-11 12:58 25,600 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\usbsermptxp.sys
2007-05-11 12:58 22,768 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\usbsermpt.sys
2007-01-12 17:53 63,176 ----a-w C:\Dokumente und Einstellungen\Matthias Hupp\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2003-01-21 01:00 13,095,560 ----a-r C:\WINDOWS\system32\config\systemprofile\MpSetup.exe
2003-01-21 01:00 13,095,560 ----a-r C:\Dokumente und Einstellungen\Matthias Hupp\MpSetup.exe
2003-01-21 01:00 13,095,560 ----a-r C:\Dokumente und Einstellungen\Default User\MpSetup.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChkMail"="=Œ" [X]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-12 05:43 401496]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 19:05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="LaunApp" [X]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 21:10 335872]
"LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [2003-04-28 15:08 184320]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 16:19 98304]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 16:18 499712]
"RemoteControl"="C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2004-01-28 17:46 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2004-02-04 11:03 45056]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2004-01-28 17:48 184320]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-02-03 08:57 49152]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2004-01-30 17:11 65536]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PE2CKFNT SE"="C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 16:39 57393]
"IndexSearch"="C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 17:01 40960]
"SetDefPrt"="C:\Programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"wlconfig"="C:\Programme\WLAN Monitor\wlconfig.exe" [2005-09-28 17:12 1347584]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 17:00 266497]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 15:41 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 17:53 65024 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MPEG"= JPEGCODE.DLL
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Elcom\\4.0\\Apps\\RTENG6.EXE"=
"C:\\Elcom\\5.0\\Apps\\rteng9.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12370:TCP"= 12370:TCP:NortonAV
"12318:TCP"= 12318:TCP:NortonAV
"12265:TCP"= 12265:TCP:NortonAV
"15156:TCP"= 15156:TCP:NortonAV
"16420:TCP"= 16420:TCP:NortonAV
"13766:TCP"= 13766:TCP:NortonAV
"15183:TCP"= 15183:TCP:NortonAV
"14438:TCP"= 14438:TCP:NortonAV
"14541:TCP"= 14541:TCP:NortonAV
"12003:TCP"= 12003:TCP:NortonAV
"17651:TCP"= 17651:TCP:NortonAV
"17657:TCP"= 17657:TCP:NortonAV
"17021:TCP"= 17021:TCP:NortonAV
"16359:TCP"= 16359:TCP:NortonAV
"17144:TCP"= 17144:TCP:NortonAV
"16157:TCP"= 16157:TCP:NortonAV
"16319:TCP"= 16319:TCP:NortonAV
"16389:TCP"= 16389:TCP:NortonAV
"18952:TCP"= 18952:TCP:NortonAV
"14202:TCP"= 14202:TCP:NortonAV
"16991:TCP"= 16991:TCP:NortonAV
"14206:TCP"= 14206:TCP:NortonAV
"14047:TCP"= 14047:TCP:NortonAV
"17467:TCP"= 17467:TCP:NortonAV
"18944:TCP"= 18944:TCP:NortonAV
"12291:TCP"= 12291:TCP:NortonAV
"16654:TCP"= 16654:TCP:NortonAV
"15560:TCP"= 15560:TCP:NortonAV
"15164:TCP"= 15164:TCP:NortonAV

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 accsvc;AccSys WiFi Component;C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe [2005-09-14 10:56]
R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-10-09 16:00]
R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2006-12-12 13:32]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 03:24]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2125f572-23f0-11dc-b156-000b6b49413f}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23978b10-a73d-11dc-b255-000b6b49413f}]
\Shell\Auto\command - E:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1f10239-ca95-11dc-b2bc-000b6b49413f}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
.
Inhalt des "geplante Tasks" Ordners
"2006-01-29 08:00:10 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE
"2008-07-08 07:00:02 C:\WINDOWS\Tasks\{E346673C-E9E7-451D-8434-81CE25425551}_HUPP_Matthias Hupp.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-06-19 14:00:02 C:\WINDOWS\Tasks\{F54B5804-BE00-4228-955F-41B75DF9FAFF}_HUPP_Matthias Hupp.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-06-06 14:00:04 C:\WINDOWS\Tasks\{2959AB18-044B-47DD-9072-C64920693724}_HUPP_Matthias Hupp.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

BHO-{1B44E59C-165C-4EE2-B3CD-4DFD348BE123} - C:\WINDOWS\system32\mlJApPGx.dll
BHO-{C2346EDE-E47C-4228-95EA-2FE6EF518E33} - C:\WINDOWS\system32\qoMcbxYr.dll
HKLM-Run-ctfmgr - C:\WINDOWS\ctfmgr.exe
HKLM-Run-2629165f - C:\WINDOWS\system32\vojiglgg.dll
ShellExecuteHooks-{1B44E59C-165C-4EE2-B3CD-4DFD348BE123} - C:\WINDOWS\system32\mlJApPGx.dll
Notify-mlJApPGx - mlJApPGx.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.arcor.de/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Window Title = Arcor AG & Co. KG
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 -: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\PROGRA~1\MICROS~4\CENetFlt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\PROGRA~1\MICROS~4\CENetFlt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\PROGRA~1\MICROS~4\CENetFlt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\PROGRA~1\MICROS~4\CENetFlt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\PROGRA~1\MICROS~4\CENetFlt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\PROGRA~1\MICROS~4\CENetFlt.dll

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxps://photoservice.fujicolor.de/ips-opdata/operator/19780613/activex/IPSUploader4.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader4.inf
C:\Programme\Java\jre1.5.0_10\bin\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 17:53:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAMME\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\PROGRAMME\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAMME\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAMME\AHEAD\INCD\INCDSRV.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAMME\CANON\CAL\CALMAIN.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-21 17:56:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 15:56:36

Pre-Run: 24 Verzeichnis(se), 26,417,364,992 Bytes frei
Post-Run: 30 Verzeichnis(se), 26,606,993,408 Bytes frei

259 --- E O F --- 2008-06-06 12:38:15

#6 Der Eintrag sollte eigentlich von Combofix geloescht worden sein. Schaue bitte, ob du unter c:\windows\system32\drivers eine Datei mit Namen beep.sys besitzt. Wenn ja, dann loesche bitte c:\windows\system32\beep.sys
__________
MfG Ralf
SEO-Spam Hunter

#7 Danke Ralf


Jetzt läuft alles!

MfG
Matthias

#8 Kannst du das einordnen?
O4 - HKCU\..\Run: [ChkMail] =Œ

Wenn nein, dann bitte in Hijackthis anhaken und fix checked druecken. Sonst sieht es gut aus...
__________
MfG Ralf
SEO-Spam Hunter