Trojaner-Board - etliche trojaner...zb TR/Vundo.Gen...HILFE :\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:17, on 27.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Programme\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programme\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156511220859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156516891515
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 8316 bytes

1. C:/WINDOWS/system32/yayvas.dll ---> MELDUNG : TR/VUNDO.Gen

2. Combofix log

ComboFix 08-05-01.3 - Besitzer 2008-05-02 23:46:07.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.340 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Besitzer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Besitzer\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\Besitzer\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\Besitzer\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\Besitzer\Favoriten\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\awtutqNG.dll
C:\WINDOWS\system32\fppnbpeo.dll
C:\WINDOWS\system32\GNqtutwa.ini
C:\WINDOWS\system32\GNqtutwa.ini2
C:\WINDOWS\system32\jujptrwf.dll
C:\WINDOWS\system32\mticmtaq.dll
C:\WINDOWS\system32\ngdekhnr.ini
C:\WINDOWS\system32\oepbnppf.ini
C:\WINDOWS\system32\pawiwipy.ini
C:\WINDOWS\system32\qatmcitm.ini
C:\WINDOWS\system32\qjbrafnn.ini
C:\WINDOWS\system32\rnhkedgn.dll
C:\WINDOWS\system32\wxhapqxx.ini
C:\WINDOWS\system32\wyFhQqru.ini
C:\WINDOWS\system32\wyFhQqru.ini2
C:\WINDOWS\system32\ypiwiwap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESTSPRT
-------\Service_estsprt

((((((((((((((((((((((( Dateien erstellt von 2008-04-02 bis 2008-05-02 ))))))))))))))))))))))))))))))
.

2008-04-29 22:08 . 2008-04-29 22:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-29 22:08 . 2008-04-29 22:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 12:03 . 2008-04-27 12:03 <DIR> d-------- C:\Programme\CCleaner
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Programme\Trend Micro
2008-04-25 20:51 . 2004-11-25 20:24 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-04-25 20:51 . 2004-11-25 20:20 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-04-25 20:51 . 2004-11-25 20:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-04-25 20:51 . 2004-11-25 20:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-04-25 20:51 . 2008-04-25 20:51 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-04-25 20:51 . 2004-11-25 20:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-04-25 20:51 . 2004-11-25 20:20 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-04-25 20:51 . 2008-04-25 20:51 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-04-25 20:51 . 2008-05-02 23:53 1,024 --ah----- C:\Dokumente und Einstellungen\Administrator\NtUser.dat.LOG
2008-04-14 18:53 . 2008-04-28 20:06 <DIR> d-------- C:\VundoFix Backups
2008-04-14 16:02 . 2008-04-14 16:02 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-04-13 21:46 . 2008-04-13 21:46 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TmpRecentIcons
2008-04-13 20:02 . 2008-04-13 19:06 104,448 --a------ C:\Dokumente und Einstellungen\Besitzer\crack.exe
2008-04-13 20:02 . 2006-12-28 09:44 77,648 --a------ C:\Dokumente und Einstellungen\Besitzer\Inf_zanzarah_nocd.zip
2008-04-13 20:01 . 2008-04-13 20:02 272,896 --a------ C:\WINDOWS\system32\urqQhFyw.VIR
2008-04-13 19:56 . 2008-04-13 21:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bufqfona
2008-04-13 19:56 . 2008-04-13 15:08 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 19:56 . 2008-04-13 15:08 204,800 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 19:56 . 2008-04-13 15:08 200,704 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 19:56 . 2008-04-13 15:08 98,304 --a------ C:\WINDOWS\spnkfwad.exe
9 Datei(en) . 19,610,319 C:\ComboFix\Bytes
3 Datei(en) . 787,646 C:\ComboFix\Bytes
1 Datei(en) . 62 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 07:09 --------- d-----w C:\Programme\Steam
2008-04-28 18:24 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
2008-04-26 21:24 --------- d-----w C:\Programme\ICQLite
2008-04-26 21:08 --------- d-----w C:\Programme\ICQToolbar
2008-04-14 11:42 --------- d-----w C:\Programme\Lavasoft
2008-04-13 10:30 --------- d-s---w C:\Programme\HLSW
2008-04-04 11:47 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Hamachi
2008-03-29 20:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-27 23:50 --------- d-----w C:\Programme\Chaosium_BRP_de
2008-03-16 11:38 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-03-09 19:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-09 11:10 --------- d-----w C:\Programme\WarRock
2007-09-09 08:40 1 ----a-w C:\Dokumente und Einstellungen\Besitzer\SI.bin
2004-03-11 12:27 40,960 -c--a-w C:\Programme\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 19:07 68856]
"Steam"="c:\programme\steam\steam.exe" [2008-03-28 12:31 1271032]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-03-23 15:01 25268776]
"PowerBar"="C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [ ]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Programme\Logitech\iTouch\iTouch.exe" [2002-11-23 03:15 631362]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [ ]
"Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-01-20 22:18 180269]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"RemoteControl"="C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [ ]
"OPSE reminder"="C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Nero DriveSpeed"="C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE" [ ]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 09:32 77824]
"Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-20 21:14 190464]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [ ]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"BearShare"="C:\Programme\BearShare\BearShare.exe" [ ]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 21:23 262401]
"AVGCtrl"="C:\Programme\AVPersonal\AVGNT.exe" [ ]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07 61440]
"AOL Spyware Protection"="C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVWUpSrv"=2 (0x2)
"InCDsrv"=2 (0x2)
"PMounter"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
"PowerBar"="C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"RemoteControl"="C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"InCD"=C:\Programme\Ahead\InCD\InCD.exe
"AVGCtrl"="C:\Programme\AVPersonal\AVGNT.EXE" /min

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Steam\\steamapps\\mc_jeans\\counter-strike source\\hl2.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Valve\\hl.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]
S3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-02-22 15:33]
S3 cusbohcn;cusbohcn;C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cusbohcn.sys []
S3 TSMPacket;T-DSL SpeedManager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys []
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

.
Inhalt des "geplante Tasks" Ordners
"2008-04-27 16:28:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 23:53:22
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-03 0:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 22:03:57

16 Verzeichnis(se), 4,441,018,368 Bytes frei
20 Verzeichnis(se), 4,374,896,640 Bytes frei

187

3. Hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:17, on 03.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Programme\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Programme\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programme\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156511220859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156516891515
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: spkrmon - Unknown owner - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 9330 bytes

so das wärs erstmal...
hab mich mal im forum umgeschaut und gesehen das man beim TR/Vundo.Gen mal vundfix durchlaufen lassen sollte...das hab ich übrigens schon getan und es hat nicht geholfen...er kommt immer wieder..
danke nochmal im voraus =)