Home » Viren, Trojaner & Malware Forum » TR/VUNDO.GEN macht mich wahnsinnig » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

TR/VUNDO.GEN macht mich wahnsinnig

01.02.2008, 19:33

knut.76

...neu hier

Beiträge: 3

#1 hallo
auch ich habe meine "lieben" probleme mit dem tr/vundo.gen
er lässt sich leider nicht mittels VundoFix o.ä. entfernen.
selbiges zeigt aber folgende betroffene dateien an:

nctavifile.dll
nctquicktimefile.dll
nctrmfile.dll
nctvideocorem.dll

hier nun das HighJackThis Logfile:

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Users\Skin69head\AppData\Local\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Users\SKIN69~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Skin69head\Desktop\Neuer Ordner\j.com.exe
C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {55A822B3-2F48-4254-8E5B-3A00417AFEF3} - C:\Users\SKIN69~1\AppData\Local\Temp\fcyxv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [2839f263] rundll32.exe "C:\Users\SKIN69~1\AppData\Local\Temp\fprgufbm.dll",b
O4 - HKCU\..\Run: [Google Update] "C:\Users\Skin69head\AppData\Local\Google\Update\1.0.103.0\GoogleUpdate.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\SKIN69~1\AppData\Local\Temp\sadewwyn.dll",run
O4 - HKCU\..\Run: [2839f263] rundll32.exe "C:\Users\SKIN69~1\AppData\Local\Temp\fprgufbm.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BJCLHKLQF - Sysinternals - www.sysinternals.com - C:\Users\SKIN69~1\AppData\Local\Temp\BJCLHKLQF.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: VTWUEQNAJ - Sysinternals - www.sysinternals.com - C:\Users\SKIN69~1\AppData\Local\Temp\VTWUEQNAJ.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8963 bytes

bitte bitte helft mir...bin mit meinen nerven am ende...

nachtrag:

hier sind noch die letzten 3 monate der datFind.bat:

Verzeichnis von C:\Windows\system32

2008-02-01 22:07 3,072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2008-02-01 22:07 3,072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2008-02-01 17:21 24,576 VundoFixSVC.exe
2008-02-01 15:58 5,705 jupdate-1.6.0_04-b12.log
2008-01-31 16:22 365,600 FNTCACHE.DAT
2008-01-28 14:30 3,451 SpoonUninstall-Ri-li.dat
2008-01-28 14:30 131,584 SpoonUninstall.exe
2008-01-28 14:29 34,358 SpoonUninstall-Ri-li.bmp
2008-01-27 19:08 409,600 wrap_oal.dll
2008-01-27 19:08 114,688 OpenAL32.dll
2008-01-09 13:22 24,064 netcfg.exe
2008-01-09 13:22 167,424 tcpipcfg.dll
2008-01-09 13:22 22,016 netiougc.exe
2008-01-09 13:21 4,247,552 GameUXLegacyGDFs.dll
2008-01-09 13:21 1,686,016 gameux.dll
2008-01-09 13:20 11,776 sbunattend.exe
2008-01-02 19:21 17,642,616 mrt.exe
2007-12-29 16:46 5,636 jupdate-1.6.0_03-b05.log
2007-12-14 01:59 139,264 javaws.exe
2007-12-14 00:57 135,168 javaw.exe
2007-12-14 00:57 135,168 java.exe
2007-12-12 03:05 1,327,104 quartz.dll
2007-12-12 03:05 9,728 LAPRXY.DLL
2007-12-12 03:05 2,048 asferror.dll
2007-12-12 03:05 223,232 WMASF.DLL
2007-12-12 03:04 180,736 ieui.dll
2007-12-12 03:04 6,065,664 ieframe.dll
2007-12-12 03:04 478,208 mshtmled.dll
2007-12-12 03:04 3,590,656 mshtml.dll
2007-12-12 03:04 1,383,424 mshtml.tlb
2007-12-12 03:04 124,928 advpack.dll
2007-12-12 03:04 824,832 wininet.dll
2007-12-12 03:04 27,648 jsproxy.dll
2007-12-12 03:04 1,159,680 urlmon.dll
2007-12-12 03:04 383,488 ieapfltr.dll
2007-12-12 03:04 214,528 dxtrans.dll
2007-12-12 03:04 347,136 dxtmsft.dll
2007-12-12 03:04 671,232 mstime.dll
2007-12-12 03:04 63,488 icardie.dll
2007-12-12 03:04 1,830,912 inetcpl.cpl
2007-12-12 03:04 26,624 ieUnatt.exe
2007-12-12 03:04 70,656 ie4uinit.exe
2007-12-12 03:04 44,544 iernonce.dll
2007-12-12 03:04 56,320 iesetup.dll
2007-12-12 03:01 3,504,824 ntkrnlpa.exe
2007-12-12 03:01 3,470,520 ntoskrnl.exe
2007-12-12 03:01 2,048 tzres.dll
2007-12-11 20:46 10,152 dsm_de.qm
2007-12-11 20:46 524,288 DivXsm.exe
2007-12-11 20:46 4,816 divxsm.tlb
2007-12-11 20:46 3,596,288 qt-dx331.dll
2007-12-11 20:45 1,044,480 libdivx.dll
2007-12-11 20:45 200,704 ssldivx.dll
2007-12-11 20:44 196,608 dtu100.dll
2007-12-11 20:44 81,920 dpl100.dll
2007-12-11 20:44 416 dtu100.dll.manifest
2007-12-11 20:44 416 dpl100.dll.manifest
2007-12-11 20:44 53,248 dpuGUI10.dll
2007-12-11 20:44 593,920 dpuGUI11.dll
2007-12-11 20:44 294,912 dpu11.dll
2007-12-11 20:44 294,912 dpu10.dll
2007-12-11 20:44 57,344 dpv11.dll
2007-12-11 20:44 344,064 dpus11.dll
2007-12-11 20:44 823,296 divx_xx07.dll
2007-12-11 20:44 802,816 divx_xx11.dll
2007-12-11 20:44 682,496 DivX.dll
2007-12-11 20:44 823,296 divx_xx0c.dll
2007-12-11 20:44 630,784 divxdec.ax
2007-12-11 20:44 156,992 DivXCodecVersionChecker.exe
2007-12-11 20:43 12,288 DivXWMPExtType.dll
2007-12-11 20:43 3,136 dtu_de.qm
2007-12-11 20:43 8,523 dpude.qm
2007-11-19 17:12 1,244,672 mcmde.dll
2007-11-14 03:02 704,000 PhotoScreensaver.scr
2007-11-14 03:02 24,064 wtsapi32.dll
2007-11-14 03:02 2,027,008 win32k.sys
2007-11-14 03:02 542,720 sysmain.dll
2007-11-14 03:02 714,240 timedate.cpl
2007-11-14 03:02 1,655,289 wlan.tmf
2007-11-14 03:02 47,104 wlanapi.dll
2007-11-14 03:02 67,584 wlanhlp.dll
2007-11-14 03:02 290,816 wlanmsm.dll
2007-11-14 03:02 502,784 wlansvc.dll
2007-11-14 03:02 297,984 wlansec.dll
2007-11-13 10:54 70,944 PhysXLoader.dll
2007-10-10 17:38 8,147,968 wmploc.DLL

Dieser Beitrag wurde am 01.02.2008 um 22:19 Uhr von knut.76 editiert.

01.02.2008, 22:57

Pinguin

Ehrenmitglied

Beiträge: 1441

#2 Hallo knut.76

wende bitte Combofix an + poste hier den Report
http://virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

01.02.2008, 22:59

Argus

Ehrenmitglied

Beiträge: 6028

#3 Im Editor Folgendes rein kopieren:

Zitat

@echo off
CD %temp%
attrib -r -s -h *.*
del /q *.*
dir /b /s /a:h *.exe >C:\tempfiles.txt
dir /b /s /a:h *.dll >>C:\tempfiles.txt
dir /b /s *.exe >>C:\tempfiles.txt
dir /b /s *.dll >>C:\tempfiles.txt
start notepad C:\tempfiles.txt
exit

und als tempfiles.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an.
Danach doppelklicken.
Poste dessen inhalt hier ins Forum
__________
MfG Argus

01.02.2008, 23:02

Pinguin

Ehrenmitglied

Beiträge: 1441

#4 wow !!! Arnold

das ist totschick ! Muss ich gleich abkopieren

wenn der User datfindbat korrekt angewendet hätte, also alle Logs , die enthalten sind - gepostet hätte....., bräuchtest du kein so cooles Script entwerfen

__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

01.02.2008, 23:09

knut.76

...neu hier

Themenstarter

Beiträge: 3

#5 combofix hab ich schon ausprobiert...startet auch neu, bricht dann aber ohne log zu erstellen ab

C:\Users\SKIN69~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\hpzsetup.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\HPZstub.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\Setup.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\hpdrpscr.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\hpoapd01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\hpqbhp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZarp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZcdl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZchk01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZdui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZdui40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\hpzfwx01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZgat01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZmsi01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZmsi40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZnet01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZnfx01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZnop01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZnui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZnui40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZopt01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZpnp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZpnp40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZprl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZprl40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZpsc01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZpsl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZrcn01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZrcv01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZrein01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZscr01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZscr40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZshl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZshl40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZsui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZtim01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZwis01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZwrp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPZwup01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\mdfix01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\usbready.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\dpinst_x32\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\dpinst_x32_vista\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\dpinst_x64\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\dpinst_x64_vista\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\wis\win2k_xp\instmsi.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\util\ccc\FixErr1714.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\util\ccc\hpqrrx08.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\util\common\hpqisc09.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\hpzsetup.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\HPZstub.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\Setup.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\hpdrpscr.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\hpoapd01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\hpqbhp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZarp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZcdl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZchk01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZdui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZdui40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\hpzfwx01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZgat01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZmsi01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZmsi40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZnet01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZnfx01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZnop01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZnui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZnui40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZopt01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZpnp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZpnp40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZprl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZprl40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZpsc01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZpsl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZrcn01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZrcv01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZrein01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZscr01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZscr40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZshl01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZshl40.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZsui01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZtim01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZwis01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZwrp01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPZwup01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\mdfix01.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\usbready.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\dpinst_x32\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\dpinst_x32_vista\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\dpinst_x64\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\dpinst_x64_vista\DPInst.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\wis\win2k_xp\instmsi.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\util\ccc\FixErr1714.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\util\ccc\hpqrrx08.exe
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\util\common\hpqisc09.exe
C:\Users\SKIN69~1\AppData\Local\Temp\fcyxv.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\hpzc3212.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\hpzids01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\hpzids40.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpotiop1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpotpusd.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpotscl1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpovst01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpowiav1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x32\hpowiax1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x64\hpotiop1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x64\hpotscl1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x64\hpovst01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x64\hpowiav1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\drivers\scanner\x64\hpowiax1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPCommunication.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPeDiag.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPeSupport.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\HPScripting.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\InstallMetrics.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\InternetUtil.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\msvcp60.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\msxml3.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\msxml3a.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\msxml3r.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\RulesEngine.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\redisco\hpzjfw01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\redisco\hpzjrd01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\redisco\hpzjsn01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\redisco\wsnmp32.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x64\hpzscb01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x64\hpzscbi0SmrtK.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x64\hpzscbi1BPDUSB.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x64\hpzscbi259Nop.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x64\hpzscbi2Snmp.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x86\hpzscb01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x86\hpzscbi0SmrtK.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x86\hpzscbi1BPDUSB.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x86\hpzscbi259Nop.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS7C5F.tmp\setup\x86\hpzscbi2Snmp.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\hpzc3212.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\hpzids01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\hpzids40.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpotiop1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpotpusd.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpotscl1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpovst01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpowiav1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x32\hpowiax1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x64\hpotiop1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x64\hpotscl1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x64\hpovst01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x64\hpowiav1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\drivers\scanner\x64\hpowiax1.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPCommunication.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPeDiag.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPeSupport.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\HPScripting.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\InstallMetrics.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\InternetUtil.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\msvcp60.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\msxml3.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\msxml3a.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\msxml3r.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\RulesEngine.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\redisco\hpzjfw01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\redisco\hpzjrd01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\redisco\hpzjsn01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\redisco\wsnmp32.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x64\hpzscb01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x64\hpzscbi0SmrtK.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x64\hpzscbi1BPDUSB.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x64\hpzscbi259Nop.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x64\hpzscbi2Snmp.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x86\hpzscb01.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x86\hpzscbi0SmrtK.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x86\hpzscbi1BPDUSB.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x86\hpzscbi259Nop.dll
C:\Users\SKIN69~1\AppData\Local\Temp\7zS82B6.tmp\setup\x86\hpzscbi2Snmp.dll

mfg knut.76

01.02.2008, 23:18

Pinguin

Ehrenmitglied

Beiträge: 1441

#6 hijackThis
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked + starte den Rechner neu.

Zitat

O2 - BHO: (no name) - {55A822B3-2F48-4254-8E5B-3A00417AFEF3} - C:\Users\SKIN69~1\AppData\Local\Temp\fcyxv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O4 - HKLM\..\Run: [2839f263] rundll32.exe "C:\Users\SKIN69~1\AppData\Local\Temp\fprgufbm.dll",b

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\SKIN69~1\AppData\Local\Temp\sadewwyn.dll",run

O4 - HKCU\..\Run: [2839f263] rundll32.exe "C:\Users\SKIN69~1\AppData\Local\Temp\fprgufbm.dll",b

dann versuche es noch mal mit Combofix

---------------

««
ccL. anwenden
http://www.ccleaner.de/?protecus.de

C:\Users\SKIN69~1\AppData\Local\Temp\fcyxv.dll - so wird die dll hoffentlich gelöscht
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

01.02.2008, 23:25

knut.76

...neu hier

Themenstarter

Beiträge: 3

#7 nachdem mein kumpel jetzt "was gemacht" hat um mir zu helfen

sieht das hijack log nun folgendermaßen aus:
(die obenbeschriebenen zeilen sind nicht zu finden,sorry)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20, on 2008-02-01
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Users\SKIN69~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Users\Skin69head\AppData\Local\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Skin69head\AppData\Local\Google\Update\1.0.103.0\GoogleUpdate.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: BJCLHKLQF - Unknown owner - C:\Users\SKIN69~1\AppData\Local\Temp\BJCLHKLQF.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CRHKJYDQYGNTU - Unknown owner - C:\Users\SKIN69~1\AppData\Local\Temp\CRHKJYDQYGNTU.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: VTWUEQNAJ - Unknown owner - C:\Users\SKIN69~1\AppData\Local\Temp\VTWUEQNAJ.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7636 bytes

inccleaner wird die datei fcyxv.dll nicht angezeigt

Dieser Beitrag wurde am 01.02.2008 um 23:55 Uhr von knut.76 editiert.

02.02.2008, 12:49

Pinguin

Ehrenmitglied

Beiträge: 1441

#8 ««
versuche es bitte noch mal :

wende bitte Combofix an + poste hier den Report
http://virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1