Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Vundo.gen

TR/Vundo.gen


Log-Analyse und Auswertung: TR/Vundo.gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.04.2008, 21:25   #1
Atsuki
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Ich habe zwar die Suche schon bemüht und einige Threads zu dem Thema gelesen, allerdings bin ich nicht wirklich daraus schlau geworden^^°
Darum bitte ich um Hilfe für einen Anfänger in Sachen Trojanern.

Zumindest habe ich das mit der Logfile etwas verstanden.
Das Problem ist, das Antivir alle paar Momente eine Virenmeldung ausspuckt mit jeweils wechelnden .dll Dateien in system32 und einer css4... Datei in den Temporary Internet Files von IE5 oder so ähnlich.

Hier der Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:07, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\VistaDriveIcon\DrvIcon.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\qmc.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\MediaMonkey\MediaMonkey.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
E:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\hgGwTMcY.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: QuickMonth Calendar.lnk = C:\WINDOWS\qmc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - h**p://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://w*w.update.microsoft.com/micr...?1203688963062
O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://w*w.pangya.com/PangyaLauncher/PangyaLauncher.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://h**p://dist.cdnetworks.co.kr/...port/SPort.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hgGwTMcY - C:\WINDOWS\SYSTEM32\hgGwTMcY.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\***~1\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10088 bytes
Geändert von Atsuki (22.04.2008 um 21:34 Uhr)

Alt 23.04.2008, 05:15   #2
nochdigger
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Hallo

mach bitte zuerst alle versteckten Dateien und Ordner sichtbar.

Dann deaktiviere bitte den Teatimer von Spybot S&D
Zitat:
Starte Spybot S&D --> klicke auf "Modus" --> hake an "Erweiterte Modus" --> mit "Ja" bestätigen --> klicke auf "Werkzeuge" -->
klicke auf "Resident" --> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) --> beende Spybot S&D.

Erstelle bitte zur Gegenkontrolle mit diesem neuen Tool ein Logfile
http://www.trojaner-board.de/51687-r...anleitung.html

Lade dir anschließend bitte Combofix
combofix
deaktiviere bitte alle Hintergrundwächter der Antispy- und Antivirenprogramme.
Benutze während der Bereinigung deinen Rechner nicht.

Poste bitte die Logs

MFG
__________________
Alt 23.04.2008, 11:43   #3
Atsuki
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Danke für die schnelle Antwort!

Also hier sind die Logs:

Runscanner Log vor Combofix:
Code:
ATTFilter
Runscanner logfile http://www.runscanner.net 

* = signed file
- = file not found

000 General info
----------------
Computer name : ATSUKI
Creation time : 23.04.2008 12:10:33
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : Deutsch (Deutschland)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\programme\adobe\reader 8.0\reader\acrord32.exe (Adobe Systems Incorporated)
c:\programme\avira\antivir personaledition classic\avguard.exe (Avira GmbH)
c:\programme\avira\antivir personaledition classic\sched.exe (Avira GmbH)
c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\alg.exe (Microsoft Corporation)
c:\programme\vistadriveicon\drvicon.exe (artArmin)
* c:\programme\cisco systems\vpn client\cvpnd.exe (Cisco Systems, Inc.)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
c:\windows\system32\ctfmon.exe (Microsoft Corporation)
c:\windows\system32\rundll32.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\programme\google\google pinyin\googlepinyindaemon.exe (Google Inc.)
c:\programme\intel\wireless\bin\dot1xcfg.exe (Intel Corporation)
c:\programme\intel\wireless\bin\ifrmewrk.exe (Intel Corporation)
c:\programme\intel\wireless\bin\evteng.exe (Intel Corporation)
c:\programme\intel\wireless\bin\regsrvc.exe (Intel Corporation)
* c:\programme\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\programme\gemeinsame dateien\logishrd\khal2\khalmnpr.exe (Logitech, Inc.)
* c:\programme\logitech\setpoint\setpoint.exe (Logitech, Inc.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\programme\mediamonkey\mediamonkey.exe (Ventis Media Inc)
c:\programme\notebook hardware control\nhc.exe (http://www.pbus-167.com)
c:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
* c:\windows\system32\oodag.exe (O&O Software GmbH)
c:\windows\qmc.exe
c:\programme\rainlendar2\rainlendar2.exe
* c:\windows\soundman.exe (Realtek Semiconductor Corp.)
c:\programme\rocketdock\rocketdock.exe
* e:\downloads\runscanner\runscanner.exe (Runscanner.net)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\programme\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
* c:\programme\synaptics\syntp\syntplpr.exe (Synaptics, Inc.)
c:\windows\explorer.exe (Microsoft Corporation)
c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
c:\programme\intel\wireless\bin\s24evmon.exe (Intel Corporation)
* c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* c:\windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
c:\programme\intel\wireless\bin\zcfgsvc.exe (Intel Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH)
c:\programme\vistadriveicon\drvicon.exe (artArmin)
* c:\programme\google\google pinyin\googlepinyindaemon.exe (Google Inc.)
c:\programme\intel\wireless\bin\ifrmewrk.exe (Intel Corporation)
c:\programme\intel\wireless\bin\zcfgsvc.exe (Intel Corporation)
* C:\WINDOWS\khalmnpr.exe (Logitech, Inc.)
c:\programme\notebook hardware control\nhc.exe (http://www.pbus-167.com)
c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
c:\windows\system32\nvmctray.dll (NVIDIA Corporation)
C:\WINDOWS\system32\nwiz.exe

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\windows\system32\ctfmon.exe (Microsoft Corporation)
c:\programme\rainlendar2\rainlendar2.exe
c:\programme\rocketdock\rocketdock.exe

004 C:\Dokumente und Einstellungen\Shi Qiu\Startmenü\Programme\Autostart
------------------------------------------------------------------------
c:\windows\qmc.exe

005 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
--------------------------------------------------------------------------
* c:\progra~1\logitech\setpoint\setpoint.exe (Logitech, Inc.)

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
c:\windows\system32\ctfmon.exe (Microsoft Corporation)

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
c:\windows\system32\ctfmon.exe (Microsoft Corporation)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\programme\avira\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard)
c:\programme\avira\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Planer)
* c:\programme\cisco systems\vpn client\cvpnd.exe (Cisco Systems, Inc. VPN Service)
c:\windows\system32\msdtc.exe (Distributed Transaction Coordinator)
c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe (FLEXnet Licensing Service)
c:\programme\intel\wireless\bin\evteng.exe (Intel(R) PROSet/Wireless Event Log)
c:\programme\intel\wireless\bin\regsrvc.exe (Intel(R) PROSet/Wireless Registry Service)
c:\programme\intel\wireless\bin\s24evmon.exe (Intel(R) PROSet/Wireless Service)
c:\windows\system32\mnmsrvc.exe (NetMeeting-Remotedesktop-Freigabe)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
* c:\windows\system32\oodag.exe (O&O Defrag)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)
c:\windows\system32\msiexec.exe (Windows Installer)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.5.3.0)
C:\WINDOWS\system32\drivers\sqcaptur.sys (Argus Digital Camera DC1512)
* c:\programme\avira\antivir personaledition classic\avgio.sys (avgio)
* c:\programme\avira\antivir personaledition classic\avgntflt.sys (avgntflt)
* C:\WINDOWS\system32\drivers\avipbb.sys (avipbb)
- c:\windows\system32\drivers\changer.sys (Changer)
c:\windows\system32\drivers\cvpndrva.sys (Cisco Systems Inc. IPSec Driver)
* C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Network Enhancer Miniport)
- c:\windows\system32\drivers\tsmpkt.sys (DSL-Manager Service)
- c:\windows\system32\drivers\dsltestsp5.sys (dsltestSp5 NDIS Protocol Driver)
c:\windows\system32\drivers\entech.sys (ENTECH)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
* C:\WINDOWS\system32\drivers\lhidfilt.sys (Logitech SetPoint KMDF HID Filter Driver)
* C:\WINDOWS\system32\drivers\lmoufilt.sys (Logitech SetPoint KMDF Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\lusbfilt.sys (Logitech SetPoint KMDF USB Filter)
C:\WINDOWS\system32\drivers\nocashio.sys (nocashio)
c:\windows\system32\drivers\nhcdriver.sys (Notebook Hardware Control Driver)
- c:\windows\system32\drivers\ntiomin.sys (ntiomin)
C:\WINDOWS\system32\drivers\nv4_mini.sys (nv)
- c:\windows\system32\pcampr5.sys (PCAMPR5 NDIS Protocol Driver)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
c:\windows\system32\plcndis5.sys (PLCNDIS5 NDIS Protocol Driver)
C:\WINDOWS\system32\drivers\sptd.sys (sptd)
C:\WINDOWS\system32\drivers\ssmdrv.sys (ssmdrv)
c:\windows\system32\drivers\tvichw32.sys (TVICHW32)
c:\programme\unlocker\unlockerdriver5.sys (UnlockerDriver5)
- c:\windows\system32\drivers\wdica.sys (WDICA)
C:\WINDOWS\system32\drivers\s24trans.sys (WLAN Transport)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\windows\system32\itss.dll (Microsoft Corporation) {9D148291-B9C8-11D0-A4CC-0000F80149F6}
c:\windows\system32\itss.dll (Microsoft Corporation) {9D148291-B9C8-11D0-A4CC-0000F80149F6}

034 HKLM-HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
-------------------------------------------------------------------------
C:\WINDOWS\explorer.exe (Microsoft Corporation)

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}
GUID / CLSID not found AutorunsDisabled
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}

044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
------------------------------------------------------------------
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11D0-BFE9-00AA005B4383}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {0E5CBF21-D15F-11D0-8301-00AA005B4383}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11D0-BFE9-00AA005B4383}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {AEB6717E-7E19-11d0-97EE-00C04FD91972}
c:\windows\system32\hggwtmcy.dll {4020100D-29D7-4392-AFD5-5AD713FF4B88}

051 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
-------------------------------------------------------------------------------
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {438755C2-A8BA-11D1-B96B-00A0C90312E1}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {8C7461EF-2B13-11d2-BE35-3078302C2030}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
c:\windows\system32\hggwtmcy.dll {4020100D-29D7-4392-AFD5-5AD713FF4B88}
c:\programme\iepro\iepro.dll (IE7Pro.com) {00011268-E188-40DF-A514-835FCD78B1BF}
c:\programme\free download manager\iefdm2.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}

060 HKLM-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
-----------------------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9}
c:\windows\system32\stobject.dll (Microsoft Corporation) {35CEC8A3-2BE6-11D2-8773-92E220524153}
__________________
Alt 23.04.2008, 11:44   #4
Atsuki
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Teil 2 vom RunScanner Log

Code:
ATTFilter
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
C:\WINDOWS\system32\photowiz.dll (Microsoft Corporation) {60fd46de-f830-4894-a628-6fa81bc0190d}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {01E04581-4EEE-11d0-BFE9-00AA005B4383}
c:\programme\outlook express\wabfind.dll (Microsoft Corporation) {32714800-2E5F-11d0-8B85-00AA0044F941}
C:\WINDOWS\system32\cabview.dll (Microsoft Corporation) {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7e653215-fa25-46bd-a339-34a2790f3cb7}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {A08C11D2-A228-11d0-825B-00AA005B4383}
C:\WINDOWS\system32\syncui.dll (Microsoft Corporation) {85BBD920-42A0-1069-A2E4-08002B30309D}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {91EA3F8B-C99B-11d0-9815-00C04FD91972}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6413BA2C-B461-11d1-A18A-080036B11A03}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
c:\windows\system32\wuaucpl.cpl (Microsoft Corporation) {5F327514-6C5E-4d60-8F16-D07FA08A78ED}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {F61FFEC1-754F-11d0-80CA-00AA005B4383}
C:\WINDOWS\system32\netplwiz.dll (Microsoft Corporation) {add36aa8-751a-4579-a266-d66f5202ccbb}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {67EA19A0-CCEF-11d0-8024-00C04FD75D13}
c:\programme\icolorfolder\cmext.dll (Revenger inc.) {ABC70703-32AF-11d4-90C4-D483A70F4825}
C:\WINDOWS\system32\zipfldr.dll (Microsoft Corporation) {BD472F60-27FA-11cf-B8B4-444553540000}
C:\WINDOWS\system32\zipfldr.dll (Microsoft Corporation) {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
C:\WINDOWS\system32\deskmon.dll (Microsoft Corporation) {42071713-76d4-11d1-8b24-00a0c9068ff3}
C:\WINDOWS\system32\deskadp.dll (Microsoft Corporation) {42071712-76d4-11d1-8b24-00a0c9068ff3}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}
C:\WINDOWS\system32\appwiz.cpl (Microsoft Corporation) {CFCCC7A0-A282-11D1-9082-006008059382}
c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
C:\WINDOWS\system32\dsuiext.dll (Microsoft Corporation) {62AE1F9A-126A-11D0-A14B-0800361B1103}
C:\WINDOWS\system32\dsquery.dll (Microsoft Corporation) {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}
C:\WINDOWS\system32\dsuiext.dll (Microsoft Corporation) {0D45D530-764B-11d0-A1CA-00AA00C16E65}
C:\WINDOWS\system32\dsquery.dll (Microsoft Corporation) {8A23E65E-31C2-11d0-891C-00A024AB2DBB}
C:\WINDOWS\system32\dsquery.dll (Microsoft Corporation) {F020E586-5264-11d1-A532-0000F8757D7E}
C:\WINDOWS\system32\dskquoui.dll (Microsoft Corporation) {7988B573-EC89-11cf-9C00-00AA00A14F56}
C:\WINDOWS\system32\deskperf.dll (Microsoft Corporation) {f92e8c40-3d33-11d2-b1aa-080036a75b03}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {22BF0C20-6DA7-11D0-B373-00A0C9034938}
C:\WINDOWS\system32\mmsys.cpl (Microsoft Corporation) {00022613-0000-0000-C000-000000000046}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}
C:\WINDOWS\system32\diskcopy.dll (Microsoft Corporation) {59099400-57FF-11CE-BD94-0020AF85B590}
c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E64-B078-11d0-89E4-00C04FC9E26E}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E61-B078-11d0-89E4-00C04FC9E26E}
c:\windows\system32\msieftp.dll (Microsoft Corporation) {63da6ec0-2e98-11cf-8d82-444553540000}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {3F30C968-480A-4C6C-862D-EFC0897BB84B}
c:\windows\system32\mstask.dll (Microsoft Corporation) {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E62-B078-11d0-89E4-00C04FC9E26E}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {EAB841A0-9550-11cf-8C16-00805F1408F3}
C:\WINDOWS\system32\icmui.dll (Microsoft Corporation) {DBCE2480-C732-101B-BE72-BA78E9AD5B27}
C:\WINDOWS\system32\icmui.dll (Microsoft Corporation) {675F097E-4C4D-11D0-B6C1-0800091AA605}
C:\WINDOWS\system32\icmui.dll (Microsoft Corporation) {5DB2625A-54DF-11D0-B6C4-0800091AA605}
C:\WINDOWS\system32\icmui.dll (Microsoft Corporation) {176d6597-26d3-11d1-b350-080036a75b03}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
C:\WINDOWS\system32\appwiz.cpl (Microsoft Corporation) {0B124F8F-91F0-11D1-B8B5-006008059382}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {131A6951-7F78-11D0-A979-00C04FD705A2}
* c:\programme\logitech\setpoint\mcplext.dll (Logitech, Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}
* c:\programme\logitech\setpoint\kbcplext.dll (Logitech, Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7BA4C742-9E81-11CF-99D3-00AA004AE837}
c:\programme\gemeinsame dateien\system\ole db\oledb32.dll (Microsoft Corporation) {2206CDB2-19C1-11D1-89E0-00C04FD7A829}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2764-6A77-11D0-A535-00C04FD7D062}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {5E6AB780-7743-11CF-A12B-00AA004AE837}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2765-6A77-11D0-A535-00C04FD7D062}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {03C036F1-A186-11D0-824A-00AA005B4383}
C:\WINDOWS\system32\mmcshext.dll (Microsoft Corporation) {7A80E4A8-8005-11D2-BCF8-00C04F72C717}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {6756A641-DE71-11d0-831B-00AA005B4383}
C:\WINDOWS\system32\mydocs.dll (Microsoft Corporation) {ECF03A33-103D-11d2-854D-006008059367}
C:\WINDOWS\system32\mydocs.dll (Microsoft Corporation) {ECF03A32-103D-11d2-854D-006008059367}
C:\WINDOWS\system32\mydocs.dll (Microsoft Corporation) {4a7ded0a-ad25-11d0-98a8-0800361b1103}
c:\windows\system32\netshell.dll (Microsoft Corporation) {7007ACC7-3202-11D1-AAD2-00805FC1270E}
c:\windows\system32\netshell.dll (Microsoft Corporation) {992CFFA0-F557-101A-88EC-00DD010CCC48}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {10CFC467-4392-11d2-8DB4-00C04FA31A66}
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}
C:\WINDOWS\system32\netplwiz.dll (Microsoft Corporation) {58f1f272-9240-4f51-b6d4-fd63d1618591}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
C:\WINDOWS\system32\themeui.dll (Microsoft Corporation) {41E300E0-78B6-11ce-849B-444553540000}
C:\WINDOWS\system32\wpdshext.dll (Microsoft Corporation) {35786D3C-B075-49b9-88DD-029876E11C01}
C:\WINDOWS\system32\wpdshext.dll (Microsoft Corporation) {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}
C:\WINDOWS\system32\audiodev.dll (Microsoft Corporation) {640167b4-59b0-47a6-b335-a6b3c0695aea}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {AF4F6510-F982-11d0-8595-00AA004CD6D8}
c:\windows\system32\remotepg.dll (Microsoft Corporation) {F0152790-D56E-4445-850E-4F3117DB740C}
C:\WINDOWS\system32\wiashext.dll (Microsoft Corporation) {3F953603-1008-4f6e-A73A-04AAC7A992F1}
C:\WINDOWS\system32\wiashext.dll (Microsoft Corporation) {83bbcbf3-b28a-4919-a5aa-73027445d672}
C:\WINDOWS\system32\wiashext.dll (Microsoft Corporation) {905667aa-acd6-11d2-8080-00805f6596d2}
C:\WINDOWS\system32\wiashext.dll (Microsoft Corporation) {E211B736-43FD-11D1-9EFB-0000F8757FCD}
C:\WINDOWS\system32\wiashext.dll (Microsoft Corporation) {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}
C:\WINDOWS\system32\fontext.dll (Microsoft Corporation) {BD84B380-8CA2-1069-AB1D-08000948F534}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {D20EA4E1-3957-11d2-A40B-0C5020524152}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {9461b922-3c5a-11d2-bf8b-00c04fb93661}
c:\windows\system32\sendmail.dll (Microsoft Corporation) {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
c:\windows\system32\sendmail.dll (Microsoft Corporation) {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}
C:\WINDOWS\system32\appwiz.cpl (Microsoft Corporation) {352EC2B7-8B9A-11D1-B8AE-006008059382}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {0A89A860-D7B1-11CE-8350-444553540000}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4E-521C-11D0-B792-00A0C90312E1}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4C-521C-11D0-B792-00A0C90312E1}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}
c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {e84fda7c-1d6a-45f6-b725-cb260c236066}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {00BB2763-6A77-11D0-A535-00C04FD7D062}
C:\WINDOWS\system32\dsquery.dll (Microsoft Corporation) {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {ECD4FC4D-521C-11D0-B792-00A0C90312E1}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {21569614-B795-46b1-85F4-E737A8DC09AD}
C:\WINDOWS\system32\shscrap.dll (Microsoft Corporation) {56117100-C0CD-101B-81E2-00AA004AE837}
C:\WINDOWS\system32\printui.dll (Microsoft Corporation) {77597368-7b15-11d0-a0c2-080036af3f03}
C:\WINDOWS\system32\ntshrui.dll (Microsoft Corporation) {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
C:\WINDOWS\system32\ntshrui.dll (Microsoft Corporation) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
C:\WINDOWS\system32\ntlanui2.dll (Microsoft Corporation) {59be4990-f85c-11ce-aff7-00aa003ca9f6}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
C:\WINDOWS\system32\netplwiz.dll (Microsoft Corporation) {6b33163c-76a5-4b6c-bf21-45de9cd503a1}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}
c:\windows\system32\mstask.dll (Microsoft Corporation) {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}
c:\windows\system32\mstask.dll (Microsoft Corporation) {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {acf35015-526e-4230-9596-becbe19f0ac9}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {7376D660-C583-11d0-A3A5-00C04FD706EC}
* c:\programme\tuneup utilities 2007\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
* C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) {44440D00-FF19-4AFC-B765-9A0970567D97}
c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {DD313E04-FEFF-11d1-8ECD-0000F87A470C}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {D20EA4E1-3957-11d2-A40B-0C5020524153}
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) {07798131-AF23-11d1-9111-00A0C98BA67D}
C:\WINDOWS\system32\netplwiz.dll (Microsoft Corporation) {CC6EEFFB-43F6-46c5-9619-51D571967F7D}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\WINDOWS\system32\zipfldr.dll (Microsoft Corporation) {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {9DBD2C50-62AD-11d0-B806-00C04FD706EC}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE}
c:\windows\system32\dirsize.dll {140B30F3-E361-409F-8461-95C795AE09F9}
c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
* C:\WINDOWS\system32\oodbs.exe (O&O Software GmbH)

064 HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
-------------------------------------------------------------------
C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

066 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
---------------------------------------------------------------------
C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
C:\WINDOWS\system32\hggwtmcy.dll
* c:\programme\gemeinsame dateien\logishrd\bluetooth\lbtwlgn.dll (Logitech, Inc.)

073 %windir%\Tasks
------------------
1-Klick-Wartung.job : c:\programme\tuneup utilities 2007\systemoptimizer.exe (TuneUp Software GmbH)

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {4D5C8C25-D075-11d0-B416-00C04FB90376}
C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) {EFA24E64-B078-11D0-89E4-00C04FC9E26E}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\hanbiton\nls_comm1_2_0.dll {377FF862-62E0-4F33-B6E5-F58E0BC0F209}
c:\windows\downlo~1\winles~1.ocx ((?)Ntreev Soft) {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4}
c:\programme\java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
c:\windows\downloaded program files\sport.dll (CDNetworks Co., Ltd.) {F58E877C-4F14-4805-B2D2-EB48927C7580}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Alles mit FDM herunterladen : file://C:\Programme\Free Download Manager\dlall.htm
Auswahl mit FDM herunterladen : file://C:\Programme\Free Download Manager\dlselected.htm
Datei mit FDM herunterladen : file://C:\Programme\Free Download Manager\dllink.htm
Nach Microsoft E&xel exportieren : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Videos mit FDM herunterladen : file://C:\Programme\Free Download Manager\dlfvideo.htm

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
c:\programme\bonjour\mdnsnsp.dll (Apple Inc.)

146 HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
-----------------------------------------------------------------
C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

147 HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders
-----------------------------------------------------------------------------
C:\WINDOWS\system32\digest.dll (Microsoft Corporation)

153 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
---------------------------------------------------------------
C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Start Menu Pin
* c:\programme\tuneup utilities 2007\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

176 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
----------------------------------------------------------------------
C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)

210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
---------------------------------------------------------------------------------
C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)

211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
----------------------------------------------------------------------------------
C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)

213 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
----------------------------------------------------------------------------------------
C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)

215 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard
-------------------------------------------------------------------------------------------------
C:\WINDOWS\system32\osk.exe (Microsoft Corporation)

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Start Menu Pin
* c:\programme\tuneup utilities 2007\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837}
c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
c:\programme\icolorfolder\cmext.dll (Revenger inc.) {ABC70703-32AF-11d4-90C4-D483A70F4825}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\system32\ntshrui.dll (Microsoft Corporation) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
* c:\programme\tuneup utilities 2007\sdshelex-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
c:\programme\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\shellext\dkticnsr.dll (Jamie O'Connell) {7E74422F-2393-11D4-98E0-444553540000}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
c:\windows\system32\dirsize.dll
c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
---------------------------------------------------------------------------------------
C:\WINDOWS\system32\cscui.dll (Microsoft Corporation) {750fdf0e-2a26-11d1-a3ea-080036587f03}

Alt 23.04.2008, 11:47   #5
Atsuki
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Und der Combofix Log:

Code:
ATTFilter
ComboFix 08-04-22.3 - *** 2008-04-23 12:13:57.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.1319 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((   Weitere L”schungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hgGwTMcY.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2008-03-23 bis 2008-04-23  ))))))))))))))))))))))))))))))
.

2008-04-20 00:21 . 2008-04-20 00:21	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-20 00:21 . 2008-04-20 00:21	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-19 14:49 . 2008-04-19 14:49	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey
2008-04-19 13:43 . 2008-04-19 13:46	<DIR>	d--------	C:\Programme\MediaMonkey
2008-04-18 12:33 . 2008-04-20 23:59	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
2008-04-18 12:28 . 2008-04-18 12:31	<DIR>	d--------	C:\Programme\TmNationsForever
2008-04-09 13:41 . 2008-04-09 13:41	<DIR>	d--------	C:\Programme\Audiosurf
2008-04-08 02:04 . 2008-04-09 16:38	<DIR>	d--------	C:\Programme\EA GAMES
2008-04-07 22:01 . 2008-04-09 16:25	<DIR>	d--------	C:\Programme\Bang & Olufsen
2008-04-07 22:01 . 2008-04-19 20:08	<DIR>	d--------	C:\Dokumente und Einstellungen\***\Anwendungsdaten\BeoMediaDatabase
2008-04-04 13:06 . 2008-04-04 13:06	<DIR>	d--------	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Songbird1
2008-04-04 13:05 . 2008-04-04 13:06	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SongbirdVLC
2008-04-04 12:56 . 2008-04-04 12:56	<DIR>	d--------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-04-04 12:31 . 2008-04-04 12:33	<DIR>	d--------	C:\Programme\RegCleaner
2008-04-02 19:12 . 2008-04-02 19:12	<DIR>	d--------	C:\Dokumente und Einstellungen\***\Anwendungsdaten\fltk.org
2008-03-30 23:55 . 2008-03-30 23:56	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-03-28 23:37 . 2008-03-28 21:07	90,112	--a------	C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 21:07	57,344	--a------	C:\WINDOWS\system32\QuickTime.qts
2008-03-27 15:54 . 2008-03-27 15:54	<DIR>	dr-------	C:\Programme\DivX
2008-03-26 14:47 . 2008-04-21 22:23	<DIR>	d--------	C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2008-03-26 14:47 . 2008-03-26 14:47	32	--a------	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-03-26 00:15 . 2006-09-24 16:11	389,120	--a------	C:\WINDOWS\system32\lameACM.acm
9 Datei(en) . 	53,077		C:\ComboFix\Bytes

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 10:19	22,528	----a-w	C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-04-23 09:37	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent
2008-04-23 09:31	---------	d-----r	C:\Programme\Mozilla Thunderbird
2008-04-22 22:32	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Free Download Manager
2008-04-21 20:56	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2008-04-21 20:06	---------	d-----w	C:\Programme\ICQ6
2008-04-21 10:30	---------	d-----r	C:\Programme\MyPhoneExplorer
2008-04-19 22:19	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
2008-04-19 22:19	---------	d-----r	C:\Programme\QuickTime Alternative
2008-04-19 18:08	---------	d--h--w	C:\Programme\InstallShield Installation Information
2008-04-17 10:02	---------	d-----r	C:\Programme\K-Lite Codec Pack
2008-04-16 14:54	---------	d-----r	C:\Programme\uTorrent
2008-04-11 10:16	---------	d-----r	C:\Programme\Paint.NET
2008-04-09 01:55	---------	d-----r	C:\Programme\IEPro
2008-04-09 01:54	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\IEPro
2008-04-09 01:11	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-07 23:56	---------	d-----w	C:\Programme\SEGA
2008-04-04 11:01	---------	d-----r	C:\Programme\Apple Software Update
2008-04-04 10:57	---------	d-----r	C:\Programme\Bonjour
2008-04-03 10:30	---------	d-----r	C:\Programme\iPod
2008-03-21 13:37	5,120	----a-w	C:\WINDOWS\system32\BReWErS.dll
2008-03-20 08:03	1,845,376	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-17 22:03	81,920	----a-w	C:\WINDOWS\ALCFDRTM.EXE
2008-03-17 11:45	---------	d-----w	C:\Programme\CABAL Online (Europe)
2008-03-16 12:00	---------	d-----w	C:\Programme\Activision
2008-03-15 15:41	---------	d-----w	C:\Programme\Jade Empire
2008-03-14 11:05	---------	d-----r	C:\Programme\Disc2Phone
2008-03-13 01:12	2,441,728	----a-w	C:\WINDOWS\system32\TUKernel.exe
2008-03-12 20:32	697,119	----a-w	C:\WINDOWS\unins000.exe
2008-03-12 12:10	633,344	------w	C:\WINDOWS\system32\gpprefcl.dll
2008-03-11 10:50	---------	d-----r	C:\Programme\DAEMON Tools Lite
2008-03-10 12:24	108,144	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2008-03-10 12:24	---------	d--h--r	C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
2008-03-07 00:13	---------	d-----r	C:\Programme\Rainlendar2
2008-03-06 20:25	---------	d-----r	C:\Programme\Audacity
2008-03-05 21:47	---------	d-----r	C:\Programme\Lavalys
2008-03-05 17:51	---------	d-----r	C:\Programme\Logitech
2008-03-05 17:47	---------	d-----w	C:\Programme\Gemeinsame Dateien\Logishrd
2008-03-05 13:09	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Logitech
2008-03-05 13:09	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogiShrd
2008-03-05 13:07	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-05 13:07	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-03-05 13:07	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-05 13:06	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logitech
2008-03-04 10:33	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:54	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-29 19:53	---------	d-----r	C:\Programme\Desktop Restore
2008-02-28 20:24	---------	d-----r	C:\Programme\Java
2008-02-28 11:53	---------	d-----r	C:\Programme\Unlocker
2008-02-26 20:56	---------	d-----r	C:\Programme\Free Download Manager
2008-02-25 01:17	---------	d-----r	C:\Programme\CCleaner
2008-02-24 19:14	4,096	----a-w	C:\WINDOWS\system32\drivers\nocashio.sys
2008-02-24 13:54	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield Installation Information
2008-02-23 21:24	---------	d-----w	C:\Programme\NtreevSoft
2008-02-23 16:34	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\Media Player Classic
2008-02-23 14:07	---------	d-----w	C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer
2008-02-23 10:52	---------	d-----w	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-02-23 01:58	---------	d-----w	C:\Programme\Gemeinsame Dateien\Adobe
2008-02-23 01:50	---------	d-----w	C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-02-22 15:41	102	--sha-w	C:\Programme\Gemeinsame Dateien\desktop.ini
2008-02-22 15:41	102	--sha-w	C:\Programme\desktop.ini
2008-02-22 15:17	219,136	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-02-22 14:23	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-02-22 13:34	737,280	----a-w	C:\WINDOWS\iun6002.exe
2008-02-21 02:05	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:50	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 14:47	16,859,648	----a-w	C:\WINDOWS\RTHDCPL.exe
2008-01-29 10:02	107,368	----a-w	C:\WINDOWS\system32\GEARAspi.dll
2008-01-29 08:50	74,240	----a-w	C:\WINDOWS\system32\zlibwapi.dll
2008-01-29 08:50	245,760	----a-w	C:\WINDOWS\system32\libcurl.dll
2004-08-04 12:00	60,416	-csha-w	C:\WINDOWS\VistaMizer\old\msimn.exe
2004-10-13 16:24	1,694,208	-csha-w	C:\WINDOWS\VistaMizer\old\msmsgs.exe
.

------- Sigcheck -------

2006-02-28 14:00  546816  caef653d55cc8d7a173e4e63bc58d7f2	C:\WINDOWS\system32\winlogon.exe
2006-02-28 14:00  546816  caef653d55cc8d7a173e4e63bc58d7f2	C:\WINDOWS\system32\dllcache\winlogon.exe
2006-02-28 14:00  507392  2b6a0baf33a9918f09442d873848ff72	C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 11:11  2059264  ae8364004bbfd70461d2ef34888d3360	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-02-28 14:00  2059136  ce41fc4c06499a389d39b301879535fb	C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:06  2059136  bdff8ffa77ee7df9758ef8c1e0da8eff	C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2006-10-30 07:00  2061568  825f18910459ce078b6a0b0e4c8d9d64	C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 09:06  2061696  9b9ca27ad315c02b71510238574894b2	C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:06  2318976  114c421e1781b120f310d6e2e1640499	C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 09:06  2318976  114c421e1781b120f310d6e2e1640499	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 09:06  2061696  9b9ca27ad315c02b71510238574894b2	C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 20:11  2181888  eb5538a452e0e99169e2b6cdb62ff9d2	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-02-28 14:00  2183296  dc888c9c4ca0eea7a3cb7e6b610f75c7	C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:06  2181632  7189a2391adc1f65c9ae87b0abe0f945	C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2006-10-30 16:01  2184320  76cd8e7ac91ffcd789981807e26afb5b	C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:06  2184448  e1de7a10d46959560c3b617227d95c19	C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:06  2441728  bbd97f3b65a76788ba1c4a0fa3d9198d	C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:06  2441728  bbd97f3b65a76788ba1c4a0fa3d9198d	C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:06  2184448  e1de7a10d46959560c3b617227d95c19	C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 15:10  1554944  2606d612e58558e9f8e18d9a1ff1e754	C:\WINDOWS\explorer.exe
2006-02-28 14:00  1035264  22fe1be02eadde1632e478e4125639e0	C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2005-04-07 20:46  1035264  64322e8399b205b7281ff883737a9b03	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:10  1554944  2606d612e58558e9f8e18d9a1ff1e754	C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:10  1036288  331ed93570baf3cfe30340298762cd56	C:\WINDOWS\VistaMizer\old\explorer.exe

2006-02-28 14:00  25088  99203e789da6e756ea34a8f836f4e99e	C:\WINDOWS\system32\ctfmon.exe
2006-02-28 14:00  25088  99203e789da6e756ea34a8f836f4e99e	C:\WINDOWS\system32\dllcache\ctfmon.exe
2006-02-28 14:00  15360  7ce20569925df6789c31799f0c538f29	C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 25088]
"RocketDock"="C:\Programme\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"Rainlendar2"="C:\Programme\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 14:00 59392]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 19:26 82009]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NotebookHardwareControl"="C:\Programme\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"DrvIcon"="C:\Programme\VistaDriveIcon\DrvIcon.exe" [2007-07-04 21:59 45056]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"Google IME Autoupdater"="C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 12:15 251376]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 2808832 C:\WINDOWS\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 25088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoLogoff"= 0 (0x0)
"FoFileAssociate"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beoplayertray]
C:\Programme\Bang & Olufsen\BeoPlayer\Beotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 1688872 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--a--c--- 2005-02-25 15:26 589824 C:\Programme\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"ERSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"LBTServ"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\uTorrent\\uTorrent.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Programme\\IEPro\\MiniDM.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Programme\\TmNationsForever\\TmForever.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2006-02-28 14:00]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\dsltestSp5.sys []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2002-09-10 06:44]
S3 TSMPacket;DSL-Manager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-04-18 15:16:12 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 12:19:07
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programme\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\qmc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-23 12:28:50 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-23 10:28:35

              11 Verzeichnis(se),  9,841,938,432 Bytes frei
              14 Verzeichnis(se),  9,843,032,064 Bytes frei

278	--- E O F ---	2008-04-09 01:11:40


Alt 23.04.2008, 19:29   #6
nochdigger
 
TR/Vundo.gen - Standard

TR/Vundo.gen


Hallo

Wozu nutzt du VPN und hast du es bewusst installiert?

Deinstalliere bitte über
Zitat:
Start -> Einstellungen -> Systemsteuerung -> Software
alle alten Javaversionen und decke dich hier mit der aktuellen ein
Download der Java-Software von Sun Microsystems

Lass bitte diese Dateien
Zitat:
c:\windows\qmc.exe
c:\windows\system32\drivers\ntiomin.sys
c:\windows\system32\hggwtmcy.dll
hier Virustotal, hier VirSCAN.org - The Multi-Engine Virus Scanner v1.00 Beta,Support 36 AntiVirus Engine, Last Update(080422)
oder hier Jotti überprüfen (kann einige Minuten dauern),
poste die Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben,
bitte auch wenn nichts gefunden wurde.

Anschließend lass bitte Malwarebytes dein System bereinigen
http://www.trojaner-board.de/51187-m...i-malware.html

Poste anschließend bitte die Ergebnisse der Onlineauswertung sowie das Log von Malwarebytes.
Berichte auch wie es deinem Rechner geht.

MFG

Antwort

Themen zu TR/Vundo.gen
.dll, .dll dateien, adobe, antivir, avira, bho, explorer, firefox, free download, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, monitor, mozilla, mozilla firefox, preferences, problem, registry, rundll, shortcut, software, system, tr/vundo.gen, trojaner, windows, windows xp


« Trojan-Downloader.Win32.Zlob.Ips !!!?? | Kann in HJT nicht fixen. »


Ähnliche Themen: TR/Vundo.gen


  1. Trojaner "Gen:Trojan.Heur.Vundo.cy4@diPE2Jd" & "Gen:Trojan.Heur.Vundo.by4@dCgCSGe"
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (28)
  2. TR/Vundo.Gen ... o.O
    Log-Analyse und Auswertung - 20.03.2009 (1)
  3. TR/Vundo.Gen; TR/Vundo.fnr.6 entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 16.02.2009 (9)
  4. Trojaner Vundo.fxr.94 und TR/Vundo.Gen.6.18
    Log-Analyse und Auswertung - 22.12.2008 (13)
  5. TR/Vundo.fnr.6; TR/Vundo.Gen; TR/Crypt/Morphine.Gen....
    Mülltonne - 27.10.2008 (0)
  6. tr/vundo.gen
    Log-Analyse und Auswertung - 03.07.2008 (9)
  7. TR\Vundo.Gen
    Mülltonne - 26.06.2008 (0)
  8. Vundo
    Mülltonne - 25.06.2008 (1)
  9. TR/Vundo.Gen
    Mülltonne - 25.06.2008 (0)
  10. Trojaner TR/Crypt.XPACK.GEN TR/Vundo.GEN TR/Vundo.AG
    Plagegeister aller Art und deren Bekämpfung - 12.06.2008 (4)
  11. TR/Crypt.XPACK.GEN TR/Vundo.GEN TR/Vundo.AG
    Mülltonne - 12.06.2008 (0)
  12. TR/Vundo.Gen, Vundo.AG, Crypt.XPACK.Gen usw.
    Plagegeister aller Art und deren Bekämpfung - 16.05.2008 (3)
  13. TR/Vundo.gj
    Log-Analyse und Auswertung - 06.05.2008 (27)
  14. TR/Vundo.gen
    Log-Analyse und Auswertung - 05.05.2008 (14)
  15. TR/Vundo.gen TR/vundo.AC Bitte um Hilfe
    Log-Analyse und Auswertung - 22.03.2008 (10)
  16. TR/Vundo.Gen und TR/Vundo.dvc1 bekämpfen
    Log-Analyse und Auswertung - 09.01.2008 (18)
  17. Wie kann ich TR/Vundo.AH und TR/Vundo.Gen entfernen?
    Log-Analyse und Auswertung - 24.03.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Vundo.gen - Ich habe zwar die Suche schon bemüht und einige Threads zu dem Thema gelesen, allerdings bin ich nicht wirklich daraus schlau geworden^^° Darum bitte ich um Hilfe für einen Anfänger - TR/Vundo.gen...
Archiv
Du betrachtest: TR/Vundo.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132