TR/Vundo.Gen unter Vista (32Bit) |
||
---|---|---|
#0
| ||
15.11.2009, 19:05
...neu hier
Beiträge: 4 |
||
|
||
15.11.2009, 21:25
...neu hier
Themenstarter Beiträge: 4 |
#2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:36, on 15.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6090124 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe -- End of file - 7625 bytes |
|
|
||
15.11.2009, 21:52
...neu hier
Themenstarter Beiträge: 4 |
#3
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3175 Windows 6.0.6002 Service Pack 2 15.11.2009 21:51:41 mbam-log-2009-11-15 (21-51-41).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 101724 Laufzeit: 4 minute(s), 33 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Luca\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. |
|
|
||
15.11.2009, 22:33
...neu hier
Themenstarter Beiträge: 4 |
#4
ComboFix 09-11-16.03 - Luca 15.11.2009 22:15..2 - FAT32x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2318 [GMT 1:00] ausgeführt von:: c:\users\Luca\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500 c:\$recycle.bin\S-1-5-21-196225806-1741921098-1788466045-1001 c:\$recycle.bin\S-1-5-21-196225806-1741921098-1788466045-500 c:\recycler\S-1-5-21-0937210625-5428229613-332227161-4521 c:\windows\system32\oem4.inf Infizierte Kopie von c:\windows\System32\drivers\atapi.sys wurde gefunden und desinfiziert Kopie von - Kitty ate it wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2009-10-15 bis 2009-11-15 )))))))))))))))))))))))))))))) . 2009-11-15 21:28 . 2009-11-15 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-15 21:28 . 2009-11-15 21:28 -------- d-----w- c:\users\Luca\AppData\Local\temp 2009-11-15 20:39 . 2009-11-15 21:03 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-15 20:39 . 2009-11-15 20:40 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-15 17:53 . 2009-11-15 17:53 -------- d-----w- c:\users\Luca\AppData\Roaming\Malwarebytes 2009-11-15 17:53 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-15 17:53 . 2009-11-15 17:53 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-15 17:53 . 2009-11-15 17:53 -------- d-----w- c:\programdata\Malwarebytes 2009-11-15 17:53 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-15 16:11 . 2009-11-15 16:11 -------- d-----w- c:\program files\Java 2009-11-13 13:07 . 2009-11-13 13:07 -------- d-----w- c:\program files\Trend Micro 2009-11-11 10:06 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:06 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-11 10:00 . 2009-11-11 10:00 4096 d-----w- c:\program files\Game Graphic Studio 2009-11-10 20:19 . 2009-10-16 14:50 2520888 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-11-10 20:19 . 2008-03-04 17:52 286720 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll 2009-11-10 20:19 . 2007-10-31 08:39 59904 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll 2009-11-10 20:19 . 2007-05-17 12:58 143360 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll 2009-11-10 20:19 . 2006-10-18 16:32 499712 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll 2009-11-10 20:19 . 2006-10-18 16:32 348160 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll 2009-11-10 20:19 . 2006-10-16 17:44 196608 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll 2009-11-10 20:19 . 2006-10-16 17:44 1028096 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll 2009-11-05 18:53 . 2009-11-05 18:53 1180920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-11-03 17:18 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-11-03 17:18 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-11-03 17:18 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-11-03 17:18 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-11-03 17:18 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-11-03 17:18 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-11-03 17:18 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-11-03 17:18 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-11-03 17:18 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-11-03 17:18 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-11-02 16:08 . 2009-11-02 16:08 -------- d-----w- c:\program files\iPod 2009-11-02 16:08 . 2009-11-02 16:09 4096 d-----w- c:\program files\iTunes 2009-11-02 16:04 . 2009-11-02 16:04 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-02 15:57 . 2009-11-02 15:57 -------- d-----w- c:\program files\IObit 2009-10-30 00:40 . 2009-10-30 00:40 -------- d-----w- c:\programdata\KONAMI 2009-10-29 20:35 . 2009-10-29 20:35 4096 d-----w- c:\program files\Common Files\PX Storage Engine 2009-10-29 20:34 . 2009-10-29 20:34 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-10-29 20:34 . 2009-10-29 20:35 4096 d-----w- c:\program files\Roxio 2009-10-29 20:21 . 2009-10-29 20:21 -------- d-----w- c:\programdata\Research In Motion 2009-10-29 15:50 . 2009-10-29 15:50 -------- d-----w- C:\ATI 2009-10-28 16:40 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 16:40 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-20 17:15 . 2009-10-20 17:17 4096 d-----w- c:\program files\ISO Commander 2009-10-20 14:45 . 2009-10-20 14:45 -------- d-----w- c:\program files\KONAMI . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:20 . 2008-01-21 07:15 664730 ----a-w- c:\windows\system32\perfh007.dat 2009-11-15 21:20 . 2008-01-21 07:15 142982 ----a-w- c:\windows\system32\perfc007.dat 2009-11-15 16:11 . 2009-03-01 16:15 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-11 11:18 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-11 10:33 . 2009-02-09 16:51 8192 d-----w- c:\programdata\Microsoft Help 2009-11-05 16:57 . 2009-01-24 08:19 4096 d--h--w- c:\program files\InstallShield Installation Information 2009-11-04 19:18 . 2009-01-28 19:45 4096 d-----w- c:\program files\Messenger Plus! Live 2009-11-03 16:02 . 2009-04-14 14:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-03 16:01 . 2009-04-14 15:07 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-11-02 19:42 . 2009-10-04 10:51 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 16:08 . 2009-01-28 20:12 -------- d-----w- c:\program files\Common Files\Apple 2009-10-30 00:06 . 2009-01-27 14:09 85176 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-29 20:35 . 2009-09-14 18:44 4096 d-----w- c:\program files\Common Files\Roxio Shared 2009-10-29 20:35 . 2009-09-14 19:30 -------- d-----w- c:\programdata\Roxio 2009-10-29 16:01 . 2009-01-30 13:14 -------- d-----w- c:\program files\ATI 2009-10-16 15:54 . 2009-01-24 08:27 8192 d-----w- c:\program files\Common Files\Adobe 2009-10-06 15:13 . 2009-09-11 14:51 -------- d--h--w- c:\users\Luca\AppData\Roaming\win32GI 2009-10-05 15:48 . 2009-10-05 15:48 -------- d-----w- c:\program files\Microsoft 2009-10-02 13:05 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-30 14:31 . 2009-09-30 14:31 103440 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys 2009-09-30 13:38 . 2009-09-30 13:38 -------- d-----w- c:\program files\Bethesda Softworks 2009-09-29 19:21 . 2009-09-29 19:18 -------- d-----w- c:\program files\Nowcom 2009-09-29 18:02 . 2009-09-29 18:02 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-09-29 17:59 . 2009-09-29 17:59 -------- d-----w- c:\programdata\PMB Files 2009-09-29 17:59 . 2009-09-29 17:59 -------- d-----w- c:\program files\Pando Networks 2009-09-28 15:21 . 2009-03-05 18:43 -------- d-----w- c:\users\Luca\AppData\Roaming\Canon 2009-09-22 20:30 . 2009-09-22 20:18 -------- d-----w- c:\users\Luca\AppData\Roaming\Intermedia Software 2009-09-22 20:08 . 2009-09-22 20:08 -------- d-----w- c:\program files\Intermedia Software 2009-09-22 15:57 . 2009-02-12 21:47 4096 d-----w- c:\users\Luca\AppData\Roaming\uTorrent 2009-09-22 14:48 . 2009-04-01 15:59 12288 d-----w- c:\program files\AGEIA Technologies 2009-09-22 14:47 . 2009-04-01 15:59 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-16 19:05 . 2009-09-16 18:32 164352 --sh--w- c:\windows\system32\SC.dll 2009-09-14 18:47 . 2009-09-14 18:47 256 ----a-w- c:\windows\system32\pool.bin 2009-09-14 09:29 . 2009-10-16 13:53 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-11 19:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-09-10 16:48 . 2009-10-16 13:54 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 11:41 . 2009-10-16 13:53 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 00:27 . 2009-09-02 20:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-02 20:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-27 05:22 . 2009-10-16 15:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-16 15:28 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 05:17 . 2009-10-16 15:28 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 03:42 . 2009-10-16 15:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-19 22:03 . 2009-05-28 13:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2008-10-28 11:41 . 2009-02-18 22:05 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2008-10-28 11:41 . 2009-02-18 22:05 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2008-10-28 11:41 . 2009-02-18 22:05 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2008-10-28 11:41 . 2009-02-18 22:05 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2008-10-28 11:41 . 2009-02-18 22:05 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2008-10-28 11:41 . 2009-02-18 22:05 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2008-10-28 11:41 . 2009-02-18 22:05 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2008-10-28 11:41 . 2009-02-18 22:05 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2008-10-28 11:41 . 2009-02-18 22:05 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2008-10-28 11:41 . 2009-02-18 22:05 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2009-01-24 16:37 . 2009-01-24 16:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingD6071"="del" [X] "SpybotDeletingB3449"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-31 200704] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-19 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):30,c7,aa,30,a9,33,ca,01 R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe [24.01.2009 17:51 73728] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [28.05.2009 14:39 108289] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [24.01.2009 17:51 54784] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [24.01.2009 17:51 203264] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [26.11.2008 06:02 133472] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [26.12.2008 17:05 279488] S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [21.01.2008 03:23 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [21.01.2008 03:23 251904] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - PROCEXP113 . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 192.168.1.1:8080 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-AdobeBridge - (no file) AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-15 22:28 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855291F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x855291f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-196225806-1741921098-1788466045-1000\Software\SecuROM\License information*] "datasecu"=hex:2a,2b,6a,ce,a2,44,f2,a8,d4,60,b8,40,fe,29,d8,82,85,14,98,d1,9f, c5,c5,fb,63,d4,f2,8e,83,1f,c3,cc,f2,0b,e2,85,d2,56,19,b9,f1,48,b3,fc,9b,f8,\ "rkeysecu"=hex:08,1b,2d,01,98,0b,bb,85,cb,7e,82,0b,e1,7f,f5,90 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2009-11-15 22:32 ComboFix-quarantined-files.txt 2009-11-15 21:30 Vor Suchlauf: 6 Verzeichnis(se), 41.276.567.552 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 41.286.643.712 Bytes frei - - End Of File - - B0C5935CE9EEDD897A39194943580291 |
|
|
||
27.11.2009, 00:11
...neu hier
Beiträge: 1 |
#5
hallo,ich habe das gleiche Problem seit heute...
kann mir jemand helfen: habe vista home premium 32 bit kriege die meldung : In der Datei 'C:\Windows\System32\tdlcmd.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:09:12, on 27.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\System32\mobsync.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\PowerForPhone\PowerForPhone.exe C:\Windows\System32\rundll32.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\System32\ASUSTPE.exe C:\Windows\ASScrPro.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Voipwise.com\Voipwise\voipwise.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.191.0\HostIE.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.191.0\HostIE.dll (file missing) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.191.0\HotbarSA.exe" O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.191.0\OEAddOn.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 12900 bytes |
|
|
||
27.11.2009, 10:09
Ehrenmitglied
Beiträge: 6028 |
#6
Uninstall Liste mit hilfe von Hijack This
Starte Hijackthis, wähle "Open the Misc Tools section", öffne "Open Uninstall Manager", drücke dort "Save list...". Sobald die Liste gespeichert wird, öffnet sich ein Fenster mit den entsprechenden Einträgen. Bitte diese auch in den eigenen Thread kopieren. __________ MfG Argus |
|
|
||
Werde den "TR/Vundo.Gen" unter meinem Vista 32Bit System nicht los.
Habe hier unter geänderten Namen (hijackthis.exe -> hjt.exe) eine Hijackthis Logfile gemacht. Ein Anti-Malware Scan folgt.
Ich warte auf weitere Instruktionen.
P.S. Bitte beachtet, dass ich Vista (32Bit) verwende.
Vielen Dank in vorraus.
mfg. eQual