AV-Guard meldet TR/Crypt.XPACK.Gen; komplette Suche von AV findet nichts

#1 Hallo,

bin schon des öfteren auf Eurer Seite gewesen, um mir den ein oder anderen Rat aus Eurem sehr ausführlichen und interessanten Forum herauszusuchen. Zu meinem Problem habe ich zwar im Prinzip auch den ein oder anderen Treffer im Forum finden können. Aber im Speziellen bringen mich die dort aufgelisteten Lösungen nicht weiter, da sie sich doch auf die individuellen Systeme beziehen.

Seit ein paar Tagen poppt der AV-Guard mit der Meldung des Trojaners "TR/Crypt.XPACK.Gen" auf. Dieser soll sich in der Datei 'C:\Windows\System32\gaopdxeqimitrd.dll' finden. Ich habe die Datei die ersten Male löschen lassen, die Meldung taucht aber immer wieder auf. Zuletzt habe ich den Virus in Quarantäne verschieben lassen. Kurios finde ich allerdings, dass ein Suchlauf von AV keine Viren-Treffer ergibt. Und auch die benannte .dll findet scih nicht in dem oben benannten Verzeichnis. Update-Funktionen von Windows-Defender, Windows, und AV und ähnlichen Programmen bekommen keine Verbindung ins Internet mehr und können entsprechend keine Updates oder Definitionen laden.

Anbei schicke ein Hijackthis log. Ich hoffe ihr könnt mir helfen.
Eine Online-Auswertung hat ergeben, dass sich Verdächtige IP-Adressen im Log befinden.

Viele Grüße

Don


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:22, on 07.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Duden\Duden Korrektor\DKTray.exe
C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Duden\Duden Korrektor\DKCore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Office-Bibliothek\officebib.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\chef\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06B176C6-2B29-4202-92E4-F0328FA04F7E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E45AB77-B13D-43A8-8618-CCFB89572352}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{06B176C6-2B29-4202-92E4-F0328FA04F7E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13904 bytes

EDIT:

Gerade ist noch Malwarebytes fündig gfeworden. Kann ich bedenklos das gefundene löschen?

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1749
Windows 6.0.6001 Service Pack 1

08.03.2009 01:10:29
mbam-log-2009-03-08 (01-10-21).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 177189
Laufzeit: 2 hour(s), 19 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 12
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06b176c6-2b29-4202-92e4-f0328fa04f7e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e45ab77-b13d-43a8-8618-ccfb89572352}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.227 -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\autorun.inf (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-5-7-80-100012962-100025061-100011039-6574.com (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\gaopdxyethrwqh.sys (Trojan.Agent) -> No action taken.

#2 Deine Internetverbindung wurde in die Ukraine umgeleitet:

Zitat

85.255.112.227
org-name: UkrTeleGroup Ltd.
address: UkrTeleGroup Ltd.
address: Mechnikova 58/5 65029 Odessa

>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

>>
wende fixwareout an und poste nach neustart den scanreport
http://virus-protect.org/artikel/tools/fixwareout.html

>>
Poste ein neues Hijackthis-Log

Gruss Swiss

#3 Hi Swiss,

vielen Dank für Deine freundliche Unterstützung. Im Anschluss die Log-Files von ComboFix und HiJackthis. FixWareout läuft unter Vista leider nicht...
Es sieht ja jetzt wieder recht sauber aus. Aber wie sicher kann ich mir da sein. Sind ja schon einige vertrauliche Daten, die über meinen Rechner laufen. Von Finanzgeschäften mal ganz zu schweigen... ein mulmiges Gefühl bleibt irgendwie...

EDIT: Habe gerade Spybot durchlaufen lassen, der auch prompt 11 Einträge gefunden hat, die eindeutig zu dem Virus gehörten. Nehme mal an, dass es eine 100%ige Sicherheit nicht geben wird.


ComboFix 09-03-06.02 - chef 2009-03-08 18:36:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2045.1213 [GMT 1:00]
ausgeführt von:: c:\users\chef\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documentation\_desktop.ini
c:\documentation\Documentation\_desktop.ini
c:\documentation\Documentation\CS\_desktop.ini
c:\documentation\Documentation\DE\_desktop.ini
c:\documentation\Documentation\EN\_desktop.ini
c:\documentation\Documentation\ES\_desktop.ini
c:\documentation\Documentation\FI\_desktop.ini
c:\documentation\Documentation\FR\_desktop.ini
c:\documentation\Documentation\GR\_desktop.ini
c:\documentation\Documentation\IT\_desktop.ini
c:\documentation\Documentation\NL\_desktop.ini
c:\documentation\Documentation\PO\_desktop.ini
c:\documentation\Documentation\RU\_desktop.ini
c:\documentation\Documentation\SV\_desktop.ini
c:\documentation\Leaflets\_desktop.ini
c:\documentation\Leaflets\CS\_desktop.ini
c:\documentation\Leaflets\DE\_desktop.ini
c:\documentation\Leaflets\EN\_desktop.ini
c:\documentation\Leaflets\ES\_desktop.ini
c:\documentation\Leaflets\FI\_desktop.ini
c:\documentation\Leaflets\FR\_desktop.ini
c:\documentation\Leaflets\GR\_desktop.ini
c:\documentation\Leaflets\IT\_desktop.ini
c:\documentation\Leaflets\NL\_desktop.ini
c:\documentation\Leaflets\PO\_desktop.ini
c:\documentation\Leaflets\RU\_desktop.ini
c:\documentation\Leaflets\SV\_desktop.ini
c:\windows\system32\gaopdxcounter
D:\Autorun.inf
d:\recycler\S-5-7-80-100012962-100025061-100011039-6574.com

.
((((((((((((((((((((((( Dateien erstellt von 2009-02-08 bis 2009-03-08 ))))))))))))))))))))))))))))))
.

2009-03-08 12:49 . 2009-03-08 12:49 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-07 23:21 . 2009-03-07 23:21 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\users\chef\AppData\Roaming\Malwarebytes
2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-07 22:49 . 2009-03-07 22:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 22:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-07 22:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-07 21:57 . 2009-03-08 18:16 <DIR> d-------- c:\programdata\Lavasoft
2009-03-05 21:17 . 2009-03-05 21:17 <DIR> d-------- c:\program files\Toshiba
2009-03-05 00:40 . 2009-03-05 00:40 <DIR> d-------- c:\programdata\Macrovision
2009-03-05 00:39 . 2009-03-05 00:39 <DIR> d-------- c:\program files\Macromedia
2009-03-05 00:39 . 2009-03-05 00:39 <DIR> d-------- c:\program files\Common Files\Macromedia Shared
2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\users\chef\AppData\Roaming\ScanSoft
2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\programdata\ScanSoft
2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\programdata\InstallShield
2009-03-03 00:28 . 2009-03-03 00:28 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-03-03 00:28 . 2009-03-03 00:28 416 --a------ c:\windows\MAXLINK.INI
2009-03-03 00:27 . 2009-03-03 00:27 <DIR> d-------- c:\program files\ScanSoft
2009-03-03 00:26 . 2009-03-03 00:26 <DIR> d-------- c:\program files\Common Files\CANON
2009-03-03 00:24 . 2009-03-03 00:24 <DIR> d--h----- c:\windows\System32\CanonIJ Uninstaller Information
2009-03-03 00:24 . 2009-03-03 00:24 <DIR> d--h----- c:\programdata\CanonBJ
2009-03-03 00:23 . 2006-09-12 21:00 197,632 --a------ c:\windows\System32\CNMLM83.DLL
2009-03-03 00:22 . 2009-03-03 00:22 <DIR> d--h----- c:\program files\CanonBJ
2009-03-03 00:22 . 2006-07-20 07:51 1,298,432 --a------ c:\windows\System32\CNCC160.DLL
2009-03-03 00:22 . 2006-05-26 02:54 135,168 --a------ c:\windows\System32\CNCL160.DLL
2009-03-03 00:22 . 2006-06-29 06:29 106,496 --a------ c:\windows\System32\cnco160.dll
2009-03-03 00:22 . 2006-07-20 07:51 57,344 --a------ c:\windows\System32\CNCI160.DLL
2009-03-03 00:21 . 2009-03-03 00:30 <DIR> d-------- c:\program files\Canon
2009-03-01 22:28 . 2009-03-01 22:28 <DIR> d-------- c:\programdata\Nokia
2009-03-01 22:24 . 2009-03-01 22:24 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-03-01 22:21 . 2009-03-01 22:24 <DIR> d-------- c:\users\chef\AppData\Roaming\PC Suite
2009-03-01 22:21 . 2009-03-02 00:30 <DIR> d-------- c:\users\chef\AppData\Roaming\Nokia
2009-03-01 22:21 . 2009-03-01 22:24 <DIR> d-------- c:\programdata\PC Suite
2009-03-01 22:20 . 2009-03-01 22:20 <DIR> d-------- c:\program files\DIFX
2009-03-01 22:20 . 2009-03-01 22:20 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-01 22:20 . 2009-03-01 22:27 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-01 22:20 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-03-01 22:19 . 2009-03-08 18:16 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-03-01 22:19 . 2009-03-01 22:19 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-03-01 22:17 . 2009-03-01 22:27 <DIR> d-------- c:\program files\Nokia
2009-03-01 22:17 . 2008-02-01 15:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2009-03-01 22:16 . 2009-03-01 22:26 <DIR> d-------- c:\programdata\Installations
2009-03-01 21:25 . 2009-03-01 21:25 <DIR> d-------- c:\program files\TOM-Productions
2009-02-27 17:42 . 2009-02-27 17:42 <DIR> d-------- C:\Update
2009-02-24 15:01 . 2009-02-24 15:01 <DIR> d-------- c:\programdata\BIFAB
2009-02-24 15:01 . 2009-02-24 15:01 <DIR> d-------- c:\program files\Duden
2009-02-24 14:58 . 2009-02-24 15:01 <DIR> d-------- c:\program files\Office-Bibliothek
2009-02-22 01:11 . 2009-02-22 01:11 <DIR> d-------- c:\program files\Microsoft SharedView
2009-02-18 01:10 . 2008-02-22 05:47 53,248 --a------ c:\windows\System32\davclnt.dll
2009-02-18 00:03 . 2009-02-18 00:03 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-17 22:46 . 2006-12-09 03:04 2,981,888 --a------ c:\windows\System32\iplw7.dll
2009-02-17 22:46 . 2006-12-09 03:04 2,973,696 --a------ c:\windows\System32\ipla6.dll
2009-02-17 22:46 . 2006-12-09 03:04 2,785,280 --a------ c:\windows\System32\iplm6.dll
2009-02-17 22:46 . 2006-12-09 03:04 2,686,976 --a------ c:\windows\System32\iplm5.dll
2009-02-17 22:46 . 2006-12-09 03:04 2,531,328 --a------ c:\windows\System32\iplp6.dll
2009-02-17 22:46 . 2006-12-09 03:04 2,502,656 --a------ c:\windows\System32\iplpx.dll
2009-02-17 22:46 . 2006-12-09 03:04 53,248 --a------ c:\windows\System32\ipl.dll
2009-02-17 22:46 . 2006-12-09 03:04 19,968 --a------ c:\windows\System32\Cpuinf32.dll
2009-02-17 22:44 . 2009-03-01 20:57 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-17 22:44 . 2009-02-17 22:44 <DIR> d-------- c:\program files\Microsoft
2009-02-17 22:34 . 2007-02-06 12:35 339,968 --a------ c:\windows\System32\setasio.cpl
2009-02-17 22:34 . 2008-05-09 13:02 45,056 --a------ c:\windows\System32\asiovist.dll
2009-02-17 22:33 . 2009-02-17 22:33 <DIR> d-------- c:\program files\SigmaTel
2009-02-17 22:33 . 2008-05-09 13:05 650,240 --a------ c:\windows\System32\drivers\stwrt.sys
2009-02-17 22:33 . 2008-05-09 13:05 314,880 --a------ c:\windows\System32\stcplx.dll
2009-02-17 22:33 . 2008-05-09 13:02 243,712 --a------ c:\windows\System32\stapi32.dll
2009-02-17 21:43 . 2009-02-17 21:43 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-17 21:35 . 2009-02-17 23:00 <DIR> d-------- c:\program files\Google
2009-02-17 21:05 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-17 21:05 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-17 21:05 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-17 21:05 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-17 21:05 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-17 21:05 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-17 21:05 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-17 21:04 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-17 20:56 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-17 20:56 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-17 20:56 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-17 20:56 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-17 20:56 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\program files\QIP
2009-02-17 19:45 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 19:45 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 19:45 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 19:45 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 19:45 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-17 19:44 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-17 19:44 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-17 19:21 . 2009-02-17 19:21 <DIR> d-------- c:\program files\CCleaner
2009-02-09 06:51 . 2008-05-10 04:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2009-02-09 06:51 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll
2009-02-09 06:51 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-02-09 06:51 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe
2009-02-09 06:51 . 2008-05-09 23:22 9,127 --a------ c:\windows\System32\RacUR.xml
2009-02-09 06:51 . 2008-05-09 23:22 153 --a------ c:\windows\System32\RacUREx.xml

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 00:08 --------- d-----w c:\users\chef\AppData\Roaming\Azureus
2009-03-04 23:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 23:28 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-02 13:41 --------- d-----w c:\program files\Common Files\Adobe
2009-03-02 13:21 --------- d-----w c:\users\chef\AppData\Roaming\Skype
2009-02-17 22:28 --------- d-----w c:\program files\Sony
2009-02-17 22:26 --------- d-----w c:\programdata\Sony Corporation
2009-02-17 21:24 --------- d-----w c:\users\chef\AppData\Roaming\Sony Corporation
2009-02-17 21:11 --------- d-----w c:\program files\Windows Mail
2009-02-17 20:53 --------- d-----w c:\programdata\Microsoft Help
2009-02-17 20:34 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-17 16:51 --------- d-----w c:\programdata\FLEXnet
2009-01-30 09:55 --------- d-----w c:\users\chef\AppData\Roaming\vlc
2009-01-30 09:55 --------- d-----w c:\program files\Azureus
2009-01-30 09:37 --------- d-----w c:\programdata\Avira
2009-01-30 09:37 --------- d-----w c:\program files\Avira
2009-01-30 01:55 --------- d-----w c:\users\chef\AppData\Roaming\dvdcss
2009-01-30 01:20 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-12 15:44 --------- d-----w c:\programdata\Ahead
2009-01-12 12:24 --------- d-----w c:\program files\Common Files\Ahead
2009-01-12 12:22 --------- d-----w c:\programdata\Nero
2009-01-12 12:22 --------- d-----w c:\program files\Nero
2009-01-12 01:01 --------- d-----w c:\users\chef\AppData\Roaming\gtk-2.0
2009-01-12 00:51 --------- d-----w c:\program files\Avidemux 2.4
2009-01-11 22:05 --------- d-----w c:\programdata\SlySoft
2009-01-11 21:55 --------- d-----w c:\program files\SlySoft
2009-01-11 21:44 --------- d-----w c:\program files\Elaborate Bytes
2009-01-11 21:41 --------- d-----w c:\program files\VideoLAN
2009-01-08 18:16 --------- d-----w c:\program files\Java
2009-01-08 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-06 14:31 174 --sha-w c:\program files\desktop.ini
2009-01-06 14:03 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-06 14:03 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-05 16:31 269,312 ----a-w c:\windows\System32\es.dll
2009-01-05 16:13 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-05 16:13 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-05 16:13 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-05 16:13 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-05 16:11 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-05 16:11 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-05 16:11 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-05 16:03 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-05 15:59 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-05 15:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-05 15:59 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-05 15:59 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-05 15:59 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-05 15:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-05 15:59 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-05 15:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-05 15:59 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-05 15:58 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-05 15:57 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-05 15:57 2,032,640 ----a-w c:\windows\System32\win32k.sys
2009-01-05 15:57 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-05 15:53 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-05 15:48 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-05 15:26 188,393,303 ----a-w c:\windows\DUMP71f4.tmp
2009-01-05 15:22 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2009-01-05 15:19 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-05 15:19 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-05 15:19 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-05 15:19 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-05 15:19 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-05 15:19 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-05 15:19 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-05 15:19 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-05 15:19 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-05 15:19 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-05 15:16 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-05 15:16 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-05 15:16 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-05 15:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-05 15:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-05 15:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-05 15:12 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-05 15:12 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-05 15:12 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-05 15:12 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-05 15:12 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-05 15:12 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-05 15:12 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-05 15:11 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-05 15:11 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-05 15:10 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-05 15:10 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-05 15:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-05 15:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-05 15:08 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-05 15:08 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-05 14:13 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-05 14:13 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-05 14:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-05 14:13 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-05 14:12 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-05 14:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-05 14:12 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-05 14:11 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-05 14:11 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-02-07 21:17 27,744 ----a-w c:\users\chef\AppData\Roaming\nvModes.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden Korrektor\DKTray.exe" [2008-05-28 582360]
"Google Update"="c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-20 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-12-20 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 10:36 73728 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-01-05 16:12 133104 c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-09-29 13:41 20053544 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-08 19:13 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1A384AA2-6FF3-4FDB-AA0D-D6E75E420DC6}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{2EAA16BF-A500-43CA-AF88-5AA6342C5B59}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{4BDA63A2-008B-4EB9-9473-BE93FF718928}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D3848F60-5621-4851-994A-5614E5E07508}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7A634B84-5A37-483E-89BB-5F246436DAA7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{84509104-7A49-4844-AAF6-23254D86E2CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A6FAAA3A-A34F-4AB7-8E6C-810F4168BF45}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{199D38C9-E065-448E-BDE8-A05FE4E48FA4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{ADAF42F6-9B8D-40AB-9552-14B8EE48A00F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{3DC024FB-477C-438B-8110-4A2BE57DACB6}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{77E749BC-9982-4EAC-8285-527506E8CF14}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{F8486A39-0557-46E1-BF7B-3D3F80ACFCFD}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{1EF7F7B8-98B3-478A-8706-1B5B4751F341}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{3268CD22-23C0-48C3-BFFA-1E06239E9904}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{F3278D50-CD48-4029-AAEA-EF8142AFF7CC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{3582D191-E911-4BE5-9982-DB5F9DC26BB9}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{7C4BB6D9-D33D-4CBB-8389-E263E4E01F5E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{90E4A8C4-17BB-4609-B4A5-327291613A27}c:\\users\\chef\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\chef\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{D90E19BC-28AA-45D2-BF53-54BDC394492E}c:\\users\\chef\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\chef\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{D1DC21C8-97F9-467C-B782-8E2ED2633033}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{6F539E00-4E81-4BAE-9008-D73FC5487236}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"7d8aebeb-d99d-44eb-85d6-c55b6bc33bff"= %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\update.exe:avira
"578dca18-fdd0-4823-bb36-00df375a66ec"= %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe:avira 2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2006-11-30 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2006-11-30 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2006-11-30 30976]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2006-11-30 227328]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2009-02-17 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2009-01-05 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2009-01-05 1089536]
.
Inhalt des "geplante Tasks" Ordners

2009-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062564656-855884977-2114474704-1003.job
- c:\users\chef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-05 16:12]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: RSS-Support-Site zu VAIO Information FLOW hinzufügen - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:39:38
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-03-08 18:41:18
ComboFix-quarantined-files.txt 2009-03-08 17:41:15

Vor Suchlauf: 19 Verzeichnis(se), 13.207.789.568 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 12,964,425,728 Bytes frei

372 --- E O F --- 2009-03-08 17:15:27









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:55, on 08.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Duden\Duden Korrektor\DKTray.exe
C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Duden\Duden Korrektor\DKCore.exe
C:\Program Files\Office-Bibliothek\officebib.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\chef\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11901 bytes

#4

Zitat

Von Finanzgeschäften mal ganz zu schweigen... ein mulmiges Gefühl bleibt irgendwie...

Wenn Du wirklich wichtige Daten auf dem System hast und dazu noch Ebanking machst dann ist evtl sicherer das System neu aufzusetzen.
WObei zu sagen ist, dass es sich bei der Infektion nicht um etwas schlimmes gehandelt hat:
http://www.avira.com/de/threats/section/details/id_vir/3488/tr_crypt.xpack.gen.html

Man kann also auch ohne schlechtes gewissen reinigen da es sich weder um einen Backdoor, noch um Rootkitviren handelt. Entscheiden musst natürlich Du.

Falls Du reinigen willst:

>>
Combofix entfernen:
Ausführen bei Vista : Windows Taste + R drücken
Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint
http://virus-protect.org/artikel/tools/sdfix.html

>>
Mach ein Onlinescan mit Bitdefender und poste das Log:
http://virus-protect.org/artikel/tools/bitdefender.html

Gruss Swiss

#5 Hi,
SDfix funktioniert leider nicht unter Vista. BitDefender hat keine Bedrohungen gefunden.

Vielen Dank für Deine Hilfe. Allerdings bin ich mir nicht sicher, ob ich den Rechner nicht doch neu mache. Mal sehen :-)

Gibt es noch irgendein Programm, das ich durchlaufen lassen könnte?




BitDefender Online Scanner - Real Time Virus Report



Generated at: Mon, Mar 09, 2009 - 15:19:55


--------------------------------------------------------------------------------





Scan Info



Scanned Files
307810

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#6 Ich denke bei der Unsicherheit vorallem mit heiklen Daten ist das Neuaufsetzen die sinnvollste Lösung.

Gruss Swiss