TR/Vundo.Gen befall. Wie entfernen? |
||
---|---|---|
#0
| ||
08.07.2008, 13:56
...neu hier
Beiträge: 5 |
||
|
||
08.07.2008, 14:00
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo never28
«« wende cleaner an + lösche die temp-Dateien http://www.ccleaner.de/?protecus.de «« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat O2 - BHO: (no name) - {8244918F-F71B-4F82-8A03-290C2E55BAEB} - C:\Windows\system32\opnmNHYS.dll« scannen mit Malwarebytes + lasse alles gefundene entfernen + poste den report http://virus-protect.org/artikel/tools/malwarebytes.html « wende combofix an , warnmeldung wegklicken + poste hier den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 14:24
...neu hier
Themenstarter Beiträge: 5 |
#3
Sabina, vielen Dank für deine Schnelle Antwort.
Ich werde die vorgegebenen Schritte ausführen. Kann ich von Combofix auch die Beta nehmen? Oder doch lieber die jetzige Version? Beginne nun mit dem Scan mit Malwarebytes. never28 |
|
|
||
08.07.2008, 15:01
Ehrenmitglied
Beiträge: 29434 |
#4
die beta ist o.k.
vergiss nicht, dann das log hier zu posten - und das log von malwarebytes auch __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 15:15
...neu hier
Themenstarter Beiträge: 5 |
#5
Hier ist das Logfile von Malwarebytes:
Malwarebytes' Anti-Malware 1.20 Datenbank Version: 931 Windows 6.0.6001 Service Pack 1 15:13:41 08.07.2008 mbam-log-7-8-2008 (15-13-41).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 153889 Scan Dauer: 17 minute(s), 21 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 2 Infizierte Registrierungsschlüssel: 26 Infizierte Registrierungswerte: 5 Infizierte Datei Objekte der Registrierung: 2 Infizierte Verzeichnisse: 2 Infizierte Dateien: 33 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: C:\Windows\System32\opnmNHYS.dll (Trojan.Vundo) -> Unloaded module successfully. C:\Users\Hakan Koca\AppData\Local\Temp\byXRHbBT.dll (Trojan.Vundo) -> Unloaded module successfully. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f3461a5-46ab-4fec-850a-ce0cdb7b9ea4} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7f3461a5-46ab-4fec-850a-ce0cdb7b9ea4} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{101900f3-7aeb-4e3b-b4cc-dcb483b3b92f} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9c7e91a9-0001-4c4e-bcc2-a56bc8329049} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a59c4135-df7a-4666-8129-478376867b3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f70c9bf7-63da-40cc-a57c-b874b07259e0} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7f62b052-bbd3-476f-a8d5-aea51d86367a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{80123684-a222-4009-8220-a867294d6de8} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{180b1e50-2ad0-48ba-8357-c805682c1177} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20b08762-0986-46f5-80f3-1a0185418520} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5640223c-0f8e-42ae-9059-5d5a37a35820} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6b101ab9-e087-4a4e-84f2-046c0016161f} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7cb1723f-f6ac-4df9-808b-cb234fbbb08b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{80cac9d4-1e69-4e31-aab3-b03e3ed6037b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{864eee3c-a24f-46cb-bfab-d62d4e36c709} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cd2a86e8-666b-4eb5-80f9-5667654badc2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f8ceb075-47a1-4294-9f80-99bdc8f3631e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\nqgpedlr.bxod (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{80123684-a222-4009-8220-a867294d6de8} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\axrfgvek (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnmnhys -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnmnhys -> Delete on reboot. Infizierte Verzeichnisse: C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\opnmNHYS.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\SYHNmnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\SYHNmnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\qOiFvWMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\CMWvFiOq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\CMWvFiOq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Hakan Koca\AppData\Local\Temp\byXRHbBT.dll (Trojan.Vundo) -> Delete on reboot. C:\Windows\System32\qoMghfcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\nqgpedlr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\hgGyxYQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\pmnlihHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\rqRLfFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000ba49 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000d299 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000dc3a (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0000e4c2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00014a29 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00016dbf (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00017280 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp0001843c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp00024652 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\$WINDOWS.~Q\DATA\Users\Hakan Koca\AppData\Local\Temp\tmp000edd63 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Hakan Koca\AppData\Local\Temp\qoMgfdbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Hakan Koca\AppData\Local\Temp\tmp00008dae (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Hakan Koca\AppData\Local\Temp\tmp00012876 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Hakan Koca\AppData\Local\Temp\xxyvvUMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\esrp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\ljJDSICU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\ssqNEvvS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\xxyvwuSM.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\clbdll.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\mrvtdpqe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\axrfgvek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. herzliche Grüsse never28 Und hier ist noch der Log von Combofix Beta: ComboFix 08-07-07.3 - Hakan Koca 2008-07-08 15:19:39.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1620 [GMT 2:00] ausgeführt von:: C:\Users\Hakan Koca\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\isxwabhw.ini C:\Windows\system32\jvrsfwuw.ini C:\Windows\system32\neljdgql.ini C:\Windows\system32\opnmNHYS.dll C:\Windows\system32\qvfedpfk.ini . ((((((((((((((((((((((( Dateien erstellt von 2008-06-08 bis 2008-07-08 )))))))))))))))))))))))))))))) . 2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Malwarebytes 2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-07-08 14:28 . 2008-07-08 14:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-08 14:28 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-08 14:28 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Windows\Recent 2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Windows\Cookies 2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Users\Recent 2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Users\Cookies 2008-07-08 12:54 . 2008-07-08 12:54 262,144 --a------ C:\Users\NtUser.dat 2008-07-08 02:37 . 2008-02-13 07:52 4,915,200 --a------ C:\Windows\RtHDVCpl.exe 2008-07-08 02:15 . 2008-07-08 02:15 <DIR> d--h----- C:\$WINDOWS.~Q 2008-07-08 02:15 . 2008-07-08 02:15 21,532 --a------ C:\Windows\System32\emptyregdb.dat 2008-07-08 02:12 . 2008-07-08 02:13 <DIR> d--h----- C:\$INPLACE.~TR 2008-07-08 02:06 . 2008-07-08 02:06 <DIR> d-------- C:\Users\Default\video 2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Videos 2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Saved Games 2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Pictures 2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Music 2008-07-08 01:53 . 2008-07-08 02:33 <DIR> dr------- C:\Users\Hakan Koca\Links 2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Downloads 2008-07-08 01:53 . 2008-07-08 02:05 <DIR> dr------- C:\Users\Hakan Koca\Documents 2008-07-08 01:53 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Media Center Programs 2008-07-08 01:53 . 2008-07-08 02:05 <DIR> d--h----- C:\Users\Hakan Koca\AppData 2008-07-08 01:53 . 2008-07-08 02:33 <DIR> d-------- C:\Users\Hakan Koca 2008-07-08 01:52 . 2008-07-08 01:52 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-07-08 01:52 . 2008-07-08 01:52 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-07-08 01:49 . 2008-07-08 01:49 <DIR> d-------- C:\Windows\System32\RTCOM 2008-07-08 01:47 . 2008-07-08 01:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-07-08 00:21 . 2008-07-08 00:21 <DIR> d-------- C:\restored_files 2008-07-07 23:41 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Avira 2008-07-07 23:00 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Smart PC Solutions 2008-07-07 23:00 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Smart PC Solutions 2008-07-07 22:45 . 2008-07-08 01:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-07 13:32 . 2006-11-02 10:51 6,144 --a------ C:\Windows\System32\beep.sys 2008-07-07 02:14 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\UseNeXT 2008-07-07 00:48 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\NewsLeecher 2008-07-06 23:38 . 2008-07-06 23:38 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-07-06 20:41 . 2008-07-06 20:41 14 --a------ C:\Windows\System32\Aero Glass aus.bat 2008-07-06 20:40 . 2008-07-06 20:40 15 --a------ C:\Windows\System32\Aero Glass ein.bat 2008-07-06 17:52 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Nvu 2008-07-06 16:09 . 2008-07-08 02:01 <DIR> d-------- C:\Windows\System32\QuickTime 2008-07-06 16:09 . 2008-05-28 04:31 107,864 --a------ C:\Windows\System32\tsccvid.dll 2008-07-06 14:27 . 2008-07-08 01:59 <DIR> d-------- C:\Program Files\Windows Media Components 2008-07-06 14:27 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Common Files\DATA BECKER Shared 2008-07-06 03:13 . 2000-08-19 19:29 268,048 --a------ C:\Windows\System32\dxtmeta2.dll 2008-07-05 18:04 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Schneider Infosystems 2008-07-05 17:08 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-05 16:46 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\a-squared Free 2008-07-05 16:44 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\UpdateStar 2008-07-05 16:39 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\nobox.de 2008-07-05 14:57 . 2008-07-05 14:57 38,608 --a------ C:\Windows\System32\drivers\PktIcpt.sys 2008-07-05 14:55 . 2008-07-05 14:55 47,184 --a------ C:\Windows\System32\drivers\MiniIcpt.sys 2008-07-05 12:42 . 2008-07-05 12:41 691,545 --a------ C:\Windows\unins000.exe 2008-07-05 12:42 . 2008-07-05 12:42 2,544 --a------ C:\Windows\unins000.dat 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Realtek RTL8168C(P) 8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Realtek High Definition Audio 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\NVIDIA GeForce 8600 GT 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech HID-Compliant Keyboard 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech HID-compliant Cordless Mouse 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Logitech Driver Interface 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 945G GZ GC P PL Processor to I O Controller - 2770 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 945G GZ GC P PL PCI Express Root Port - 2771 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801GB GR GH (ICH7 Family) Serial ATA Storage Controller - 27C0 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801GB GR (ICH7 Family) LPC Interface Controller - 27B8 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D2 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Intel(R) 82801 PCI Bridge - 244E 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Acer AL2017 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Realtek RTL8168C(P) 8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Realtek High Definition Audio 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\NVIDIA GeForce 8600 GT 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech HID-Compliant Keyboard 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech HID-compliant Cordless Mouse 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Logitech Driver Interface 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 945G GZ GC P PL Processor to I O Controller - 2770 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 945G GZ GC P PL PCI Express Root Port - 2771 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801GB GR GH (ICH7 Family) Serial ATA Storage Controller - 27C0 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801GB GR (ICH7 Family) LPC Interface Controller - 27B8 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D2 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Intel(R) 82801 PCI Bridge - 244E 2008-07-05 11:52 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Acer AL2017 2008-07-05 02:58 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\IrfanView 2008-07-03 23:53 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\MSECache 2008-07-03 23:43 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-07-03 22:46 . 2006-10-22 23:39 235,152 --a------ C:\Windows\System32\PDFMOfficeAddin.dll 2008-07-03 21:12 . 2008-07-08 01:59 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-07-03 21:12 . 2008-07-08 01:59 <DIR> d-------- C:\ProgramData\Lavasoft 2008-07-03 21:12 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-03 02:22 . 2008-07-08 02:05 <DIR> dr-h----- C:\Users\Hakan Koca\AppData\Roaming\SecuROM 2008-07-03 01:40 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\ProtectDisc 2008-07-03 01:38 . 2008-07-03 01:38 <DIR> d-------- C:\Users\All Users\DATA BECKER Downloads 2008-07-03 01:38 . 2008-07-03 01:38 <DIR> d-------- C:\ProgramData\DATA BECKER Downloads 2008-07-03 01:37 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer 2008-07-03 01:36 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\DATA BECKER 2008-07-03 01:11 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\Ubisoft 2008-07-03 01:11 . 2008-07-08 02:05 <DIR> d-------- C:\Users\Hakan Koca\AppData\Roaming\InstallShield Installation Information 2008-07-03 01:09 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Steam 2008-07-02 23:29 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\Nvu 2008-07-02 23:29 . 2008-07-08 01:57 <DIR> d-------- C:\Program Files\FileZilla 2008-07-02 23:21 . 2008-07-08 01:58 <DIR> d-------- C:\Program Files\PDFCreator 2008-07-02 23:21 . 2004-03-09 00:00 662,288 --a------ C:\Windows\System32\MSCOMCT2.OCX 2008-07-02 23:21 . 2005-10-15 12:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll 2008-07-02 23:21 . 1998-07-06 17:55 158,208 --a------ C:\Windows\System32\MSCMCDE.DLL 2008-07-02 23:21 . 1998-06-24 00:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX 2008-07-02 23:21 . 1998-07-06 17:56 125,712 --a------ C:\Windows\System32\VB6DE.DLL 2008-07-02 23:21 . 1998-07-06 17:55 64,512 --a------ C:\Windows\System32\MSCC2DE.DLL 2008-07-02 23:21 . 1998-07-06 00:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL 2008-07-02 01:26 . 2008-07-02 01:26 4,096 --a------ C:\Windows\System32\17599.sys 2008-07-02 01:26 . 2008-07-02 01:26 7 --a------ C:\Windows\System32\CurrentName.dat 2008-07-02 00:04 . 2008-07-02 00:17 196,608 --a------ C:\Windows\SPInstall.etl . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Vorlagen 2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Startmenü 2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Favoriten 2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Dokumente 2008-07-08 00:28 --------- d-sh--w C:\ProgramData\Anwendungsdaten 2008-07-08 00:28 --------- d-sh--w C:\Program Files\Gemeinsame Dateien 2008-07-07 23:59 --------- d-----w C:\ProgramData\NVIDIA 2008-07-07 23:59 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-07 23:59 --------- d-----w C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2008-07-07 23:59 --------- d-----w C:\Program Files\Yahoo! 2008-07-07 23:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 23:58 --------- d-----w C:\Program Files\Realtek 2008-07-07 23:58 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-07 23:58 --------- d-----w C:\Program Files\Microsoft Works 2008-07-07 23:58 --------- d-----w C:\Program Files\Intel 2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-07 23:57 --------- d-----w C:\Program Files\Common Files\Ahead 2008-07-06 12:30 1,869,020 ----a-w C:\Windows\System32\RSA32_16.DLL 2008-06-30 21:43 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys 2008-06-30 21:43 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys 2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 04:23 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "RAM_DEFRAG"="C:\Program Files\RAM Defrag\RAM_DEFRAG.EXE" [2006-10-18 23:50 1253376] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [30.06.2008 23:28:41 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCABattery"= 1 (0x1) "HideSCANetwork"= 1 (0x1) "HideSCAVolume"= 1 (0x1) "NoInstrumentation"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "TaskbarNoNotification"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{40902FE8-722F-4D90-8B1E-E8EBA939E8F0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{E3D4B586-A5F5-48E1-BF55-5DE813DC0B34}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM R2 17599;17599;C:\Windows\System32\17599.sys [2008-07-02 01:26] R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19] R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-29 22:22] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23] . Inhalt des "geplante Tasks" Ordners "2008-07-08 13:24:01 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-08 15:24:27 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\nvvsvc.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-07-08 15:26:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-08 13:26:55 29 Verzeichnis(se), 416,889,913,344 Bytes frei 39 Verzeichnis(se), 417,305,264,128 Bytes frei 245 Vielen Vielen Dank Sabina für deine Super Hilfe never28 Dieser Beitrag wurde am 08.07.2008 um 15:30 Uhr von never28 editiert.
|
|
|
||
08.07.2008, 17:06
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo,
«« wende cleaner an + lösche die temp-Dateien http://www.ccleaner.de/?protecus.de «« Virustotal http://www.virustotal.com/flash/index_en.html C:\Windows\System32\17599.sys C:\Program Files\nobox.de C:\Windows\System32\beep.sys Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren ----------------------------------------------------------------------- «« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 17:48
...neu hier
Themenstarter Beiträge: 5 |
#7
Hier die Analyse von Virustotal:
MD5: ee50afab5e473da1dc5eaa5239b775f3 First received: 2007.03.10 04:23:00 (CET) Datum 2008.07.06 14:05:02 (CET) [>2D] Ergebnisse 0/33 Permalink: analisis/46d6d66e3f2594e04a8772be7bf72079 MD5: ac3dd1708b22761ebd7cbe14dcc3b5d7 First received: 2008.06.04 00:28:10 (CET) Datum 2008.06.04 00:28:10 (CET) [>34D] Ergebnisse 1/32 Permalink: analisis/ac2a037f1dd6c59d5ef60a7d59043532 Bei C:\Program Files\nobox.de kommt nur: 0 bytes size received / Se ha recibido un archivo vacio Bei listen.bat kommt die Meldung "Die Datei files.txt kann nicht gefunden werden Möchten Sie eine neue Datei erstellen?" Ist das ok so? Ich habe auch bisher keine fehler Meldungen mehr bekommen wegen Vundo MFG never28 --------------------------------------------------------- Hallo Sabina Ist es bei mir nun gut? Gibt es noch weitere schritte die ich erledigen muss? Wäre Dankbar für weitere Instruktionen Vielen herzlichen Dank never28 Dieser Beitrag wurde am 08.07.2008 um 19:59 Uhr von never28 editiert.
|
|
|
||
08.07.2008, 21:48
Ehrenmitglied
Beiträge: 29434 |
#8
belasse es dabei, wenn es noch Probleme geben sollte, melde dich.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 22:09
...neu hier
Themenstarter Beiträge: 5 |
#9
Sabina Ich danke Dir von ganzem Herzen
hast mir sehr geholfen. Absolut tolles und hilfreiches Forum hier. Die Antworten kommen schnell und absolut verständlich. Vielen Dank. Protecus - Hier wird Dir geholfen Einen Wunderschönen Abend wünsch ich Dir und eine tolle Woche Mit bestem Dank never28 |
|
|
||
Wie der Titel ausagt habe ich leider den TR/Vundo.Gen auf meinem Rechner.
Gefunden wurde es von Antivir 8. Löschen brachte nichts und auch das Symantec Tool zum entfernen des Trojaners/Virus brachte nicht den gewünschten Erfolg. Meine Hoffnung sind nun die Experten in diesem Forum.
Hier ist mein HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:29, on 08.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RAM Defrag\RAM_Defrag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Windows\Explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.stegcomputer.ch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stegcomputer.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.stegcomputer.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8244918F-F71B-4F82-8A03-290C2E55BAEB} - C:\Windows\system32\opnmNHYS.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\Windows\nqgpedlr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMghfcC.dll,#1
O4 - HKLM\..\Run: [RAM_DEFRAG] "C:\Program Files\RAM Defrag\RAM_DEFRAG.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HAKANK~1\AppData\Local\Temp\mlJArPhE.dll,#1
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O21 - SSODL: axrfgvek - {180B1E50-2AD0-48BA-8357-C805682C1177} - C:\Windows\axrfgvek.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 7485 bytes