Trojaner "TR/Spy.VBStat.B.1" und "TR/Vundo.Gen" ge Einstellungen

[Chinakoch]

Hier ist das Logfile meines aktuellen Systems. Ich bin ratlos, da mein Virenprogramm die Schädlinge zwar erkennt, aber anscheinend nichts unternimmt. Wäre nett, wenn mir jemand einen Rat geben könnte.

MfG

chinakoch

Logfile of HijackThis v1.99.1
Scan saved at 11:56:15, on 08.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\AGEIA Technologies\TrayIcon.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\buffed.de\Blasc\BLASC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Opera\Opera.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BLASC] "C:\Programme\buffed.de\Blasc\BLASC.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Verknüpfung mit spamihilator.lnk = C:\Programme\Spamihilator\spamihilator.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180092511437
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[floman]

Wo wurde was von Antivir gefunden?

F.

[raman]

Vundo ist schon etwas nervig, da es sich vor allem vor Hijackthis versteckt und einigermassen schwer zu reinigen ist.

Nutze bitte Combofix: http://virus-protect.org/artikel/tools/combofix.html poste den Erstellten Report und erstelle auch noch ein neues Hijackthis Log.

[Chinakoch]

Ehrlich gesagt weiß ich nicht, wie ich mir das komplett anzeigen kann, da das Antivir-Guard-Fenster den Pfad nur verkürzt zeigt: 'C:\Dokumente&Einstellungen....' ...mehr kann ich nicht erkennen - und wenn ich dann per Win-Suche nach der entsprechenden Datei fahnde, ist sie auch nie aufzuspüren.

mfg

[Chinakoch]

Aye :-)

Hier die Combofix-Logfile:

"Administrator" - 2007-06-08 12:31:35 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Dokumente und Einstellungen\Administrator\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\jkhhe.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wl.exe


((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


2007-06-08 12:03 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-07 14:20 <DIR> d-------- C:\Programme\Teamspeak2_RC2
2007-06-07 14:20 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\teamspeak2
2007-06-07 13:19 55,316 --a------ C:\WINDOWS\system32\nrpvtvbj.dll
2007-06-06 15:14 <DIR> d-------- C:\Programme\buffed.de
2007-06-06 02:12 1,428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-06-06 02:09 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-06-05 11:04 <DIR> d-------- C:\WINDOWS\system32\de-de
2007-06-05 11:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-05 10:58 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
2007-06-05 10:54 <DIR> d-------- C:\Programme\Lavasoft
2007-06-05 10:54 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Lavasoft
2007-06-04 19:14 6,912 --------- C:\WINDOWS\system32\drivers\FlashSys.sys
2007-06-04 19:14 18,359 --------- C:\WINDOWS\system32\Ntaccess.sys
2007-06-04 19:12 <DIR> d-------- C:\Programme\Setup Files
2007-06-04 19:05 53,248 --a------ C:\WINDOWS\nvgpio.dll
2007-06-04 19:05 499,712 --a------ C:\WINDOWS\msvcp71.dll
2007-06-04 19:05 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2007-06-04 19:05 380,928 --a------ C:\WINDOWS\nvsulib.dll
2007-06-04 19:05 348,160 --a------ C:\WINDOWS\msvcr71.dll
2007-06-04 19:05 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2007-06-04 19:05 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2007-06-04 18:42 <DIR> d-------- C:\Programme\MSI
2007-06-04 18:40 327,168 --a------ C:\WINDOWS\IsUninst.exe
2007-06-04 07:25 <DIR> d-------- C:\Programme\THQ
2007-06-04 07:24 33,302 --a------ C:\WINDOWS\system32\vturqqp.dll
2007-06-04 07:24 33,302 --a------ C:\WINDOWS\system32\byxxxut.dll
2007-06-02 01:03 <DIR> d-------- C:\Programme\Soulseek
2007-06-01 14:46 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\dvdcss
2007-06-01 06:17 <DIR> d-------- C:\Programme\Filzip
2007-05-31 12:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-31 12:38 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2007-05-31 12:25 <DIR> d-------- C:\Programme\World of Warcraft
2007-05-29 18:54 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-05-29 18:24 <DIR> d-------- C:\Programme\Steam
2007-05-29 18:23 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\InstallShield
2007-05-29 15:18 <DIR> d-------- C:\Programme\7-Zip
2007-05-29 05:49 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-05-29 05:49 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-05-29 05:49 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-05-29 05:49 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-29 05:49 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-05-29 05:49 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-05-29 05:48 <DIR> d-------- C:\Programme\Futuremark
2007-05-29 02:44 <DIR> d-------- C:\DOKUME~1\ADMINI~1\TV-Browser
2007-05-29 02:43 <DIR> d-------- C:\Programme\TV-Browser
2007-05-28 10:33 <DIR> d-------- C:\Programme\NVIDIA Corporation
2007-05-28 10:30 <DIR> d-------- C:\Programme\TD-Downloader 2004
2007-05-28 10:23 <DIR> d-------- C:\Programme\DIFX
2007-05-27 15:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-27 10:47 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-05-27 10:47 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-05-27 10:47 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-05-27 10:47 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-05-27 10:47 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll
2007-05-27 10:43 <DIR> d-------- C:\Programme\SpeedFan
2007-05-27 10:38 <DIR> d-------- C:\Programme\Ubi Soft
2007-05-27 02:44 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\vlc
2007-05-27 02:43 <DIR> d-------- C:\Programme\VideoLAN
2007-05-26 19:30 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-05-26 19:30 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\ANWEND~1\SecuROM
2007-05-26 19:30 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Command & Conquer 3 Tiberium Wars
2007-05-26 19:14 <DIR> d-------- C:\Programme\Electronic Arts
2007-05-26 18:45 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-26 18:45 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-26 15:16 <DIR> d-------- C:\Programme\CPU-Z
2007-05-26 14:17 <DIR> d-------- C:\DOKUME~1\ICHBIN~1\ANWEND~1\Meine Die Schlacht um Mittelerde-Dateien
2007-05-26 13:39 <DIR> d-------- C:\Programme\EA GAMES
2007-05-25 23:14 <DIR> d--hs---- C:\WINDOWS\CSC
2007-05-25 23:10 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-25 23:10 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-25 23:05 <DIR> d-------- C:\Programme\Gothic III
2007-05-25 22:53 <DIR> d-------- C:\Programme\Bethesda Softworks
2007-05-25 22:39 <DIR> d-------- C:\DOKUME~1\ICHBIN~1\ANWEND~1\Opera
2007-05-25 21:37 <DIR> dr------- C:\DOKUME~1\ICHBIN~1\Eigene Dateien
2007-05-25 21:36 1,048,576 --ah----- C:\DOKUME~1\ICHBIN~1\NTUSER.DAT
2007-05-25 21:36 <DIR> dr-h----- C:\DOKUME~1\ICHBIN~1\Anwendungsdaten
2007-05-25 21:36 <DIR> dr------- C:\DOKUME~1\ICHBIN~1\Startmen�
2007-05-25 21:36 <DIR> dr------- C:\DOKUME~1\ICHBIN~1\Favoriten
2007-05-25 21:36 <DIR> d--h----- C:\DOKUME~1\ICHBIN~1\Vorlagen
2007-05-25 21:36 <DIR> d--h----- C:\DOKUME~1\ICHBIN~1\Netzwerkumgebung
2007-05-25 21:36 <DIR> d--h----- C:\DOKUME~1\ICHBIN~1\Lokale Einstellungen
2007-05-25 21:36 <DIR> d--h----- C:\DOKUME~1\ICHBIN~1\Druckumgebung
2007-05-25 21:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-25 21:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-25 20:39 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Meine Die Schlacht um Mittelerde-Dateien
2007-05-25 20:23 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-05-25 20:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
2007-05-25 15:19 <DIR> d-------- C:\Programme\Sierra
2007-05-25 14:59 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-25 14:59 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-25 14:59 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-25 14:59 48,640 --a------ C:\WINDOWS\system32\stream.sys
2007-05-25 14:59 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-25 14:59 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-25 14:59 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-25 14:59 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-25 14:59 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-25 14:55 90,174 --a------ C:\WINDOWS\system32\bt848wst.dll
2007-05-25 14:55 86,072 --a------ C:\WINDOWS\system32\hcwi2c32.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-05 09:01:47 75,154 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-06-05 09:01:47 415,744 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-03 17:55:46 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-20 04:05:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-20 04:05:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-20 04:05:00 8,429,568 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-20 04:05:00 6,739,168 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-20 04:05:00 6,668,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-20 04:05:00 6,217,728 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-20 04:05:00 5,439,488 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-04-20 04:05:00 5,434,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-20 04:05:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-20 04:05:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-04-20 04:05:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-20 04:05:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-20 04:05:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-20 04:05:00 37,888 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-20 04:05:00 37,888 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-20 04:05:00 344,064 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-20 04:05:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-04-20 04:05:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-04-20 04:05:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-04-20 04:05:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-04-20 04:05:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-04-20 04:05:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-04-20 04:05:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-04-20 04:05:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-04-20 04:05:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-04-20 04:05:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-04-20 04:05:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-04-20 04:05:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-04-20 04:05:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-04-20 04:05:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-04-20 04:05:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-04-20 04:05:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-04-20 04:05:00 3,645,440 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-04-20 04:05:00 3,538,944 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-20 04:05:00 3,289,088 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-20 04:05:00 3,235,840 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-04-20 04:05:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-04-20 04:05:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-04-20 04:05:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-04-20 04:05:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-04-20 04:05:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-04-20 04:05:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-04-20 04:05:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-04-20 04:05:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-20 04:05:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-04-20 04:05:00 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-04-20 04:05:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-04-20 04:05:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-04-20 04:05:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-04-20 04:05:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-04-20 04:05:00 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-04-20 04:05:00 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-04-20 04:05:00 274,432 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-04-20 04:05:00 270,336 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-04-20 04:05:00 266,240 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-04-20 04:05:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-04-20 04:05:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-04-20 04:05:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-04-20 04:05:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-04-20 04:05:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-04-20 04:05:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-04-20 04:05:00 245,760 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-04-20 04:05:00 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-04-20 04:05:00 245,760 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-04-20 04:05:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-20 04:05:00 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-04-20 04:05:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-04-20 04:05:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-04-20 04:05:00 2,387,968 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-04-20 04:05:00 2,273,280 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-20 04:05:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-04-20 04:05:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-20 04:05:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-04-20 04:05:00 163,908 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-20 04:05:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-04-20 04:05:00 143,360 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-20 04:05:00 122,880 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-04-20 04:05:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-20 04:05:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-20 04:05:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-20 04:05:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-20 04:05:00 1,101,824 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-20 04:05:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-20 04:05:00 1,018,748 ----a-w C:\WINDOWS\system32\nvucode.bin
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 00:52:10 1,073,152 ----a-w C:\WINDOWS\system32\nvCplUIR.dll
2007-03-14 00:52:08 745,472 ----a-w C:\WINDOWS\system32\nvCplUI.exe
2007-03-14 00:51:52 307,200 ----a-w C:\WINDOWS\system32\nvExpBar.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{54CBB12C-3481-4C5D-942D-4976C0F0A406}=C:\WINDOWS\system32\byxxxut.dll [2007-06-04 07:24]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{92A444D2-F945-4dd9-89A1-896A6C2D8D22}=C:\WINDOWS\system32\nrpvtvbj.dll [2007-06-07 13:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"AGEIA PhysX SysTray"="C:\Programme\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe" [2007-01-24 15:49]
"NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
"Steam"="" []
"BLASC"="C:\Programme\buffed.de\Blasc\BLASC.exe" [2007-06-06 15:15]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54CBB12C-3481-4C5D-942D-4976C0F0A406}"="C:\WINDOWS\system32\byxxxut.dll" [2007-06-04 07:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxxut]
byxxxut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhe]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 12:33:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-08 12:34:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-08 12:34

--- E O F ---




Und die neue Hijack-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:36:58, on 08.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\AGEIA Technologies\TrayIcon.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\buffed.de\Blasc\BLASC.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\byxxxut.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\nrpvtvbj.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BLASC] "C:\Programme\buffed.de\Blasc\BLASC.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Verknüpfung mit spamihilator.lnk = C:\Programme\Spamihilator\spamihilator.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180092511437
O20 - Winlogon Notify: byxxxut - C:\WINDOWS\SYSTEM32\byxxxut.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




Schonmal vielen Dank für die schnelle Hilfe

Gruß
chinakoch

[raman]

Hake bitte in Hijackthis folgendes an und druecke fix checked:

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\byxxxut.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\nrpvtvbj.dll
O20 - Winlogon Notify: byxxxut - C:\WINDOWS\SYSTEM32\byxxxut.dll


Wichtig ist, das du den Teatimer deaktivierst, der stoert die Reinigung. Starte neu und schaue b die Eintraege verschwunden sind.