TR/Vundo.Gen unter Vista (32Bit)

#0
15.11.2009, 19:05
...neu hier

Beiträge: 4
#1 Hallo Leute!
Werde den "TR/Vundo.Gen" unter meinem Vista 32Bit System nicht los.
Habe hier unter geänderten Namen (hijackthis.exe -> hjt.exe) eine Hijackthis Logfile gemacht. Ein Anti-Malware Scan folgt.
Ich warte auf weitere Instruktionen. ;)
P.S. Bitte beachtet, dass ich Vista (32Bit) verwende.
Vielen Dank in vorraus.

mfg. eQual
Seitenanfang Seitenende
15.11.2009, 21:25
...neu hier

Themenstarter

Beiträge: 4
#2 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:36, on 15.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6090124
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe

--
End of file - 7625 bytes
Seitenanfang Seitenende
15.11.2009, 21:52
...neu hier

Themenstarter

Beiträge: 4
#3 Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3175
Windows 6.0.6002 Service Pack 2

15.11.2009 21:51:41
mbam-log-2009-11-15 (21-51-41).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 101724
Laufzeit: 4 minute(s), 33 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Luca\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
15.11.2009, 22:33
...neu hier

Themenstarter

Beiträge: 4
#4 ComboFix 09-11-16.03 - Luca 15.11.2009 22:15..2 - FAT32x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2318 [GMT 1:00]
ausgeführt von:: c:\users\Luca\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500
c:\$recycle.bin\S-1-5-21-196225806-1741921098-1788466045-1001
c:\$recycle.bin\S-1-5-21-196225806-1741921098-1788466045-500
c:\recycler\S-1-5-21-0937210625-5428229613-332227161-4521
c:\windows\system32\oem4.inf

Infizierte Kopie von c:\windows\System32\drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - Kitty ate it :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2009-10-15 bis 2009-11-15 ))))))))))))))))))))))))))))))
.

2009-11-15 21:28 . 2009-11-15 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-15 21:28 . 2009-11-15 21:28 -------- d-----w- c:\users\Luca\AppData\Local\temp
2009-11-15 20:39 . 2009-11-15 21:03 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-15 20:39 . 2009-11-15 20:40 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-15 17:53 . 2009-11-15 17:53 -------- d-----w- c:\users\Luca\AppData\Roaming\Malwarebytes
2009-11-15 17:53 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 17:53 . 2009-11-15 17:53 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 17:53 . 2009-11-15 17:53 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 17:53 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 16:11 . 2009-11-15 16:11 -------- d-----w- c:\program files\Java
2009-11-13 13:07 . 2009-11-13 13:07 -------- d-----w- c:\program files\Trend Micro
2009-11-11 10:06 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 10:06 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 10:00 . 2009-11-11 10:00 4096 d-----w- c:\program files\Game Graphic Studio
2009-11-10 20:19 . 2009-10-16 14:50 2520888 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-11-10 20:19 . 2008-03-04 17:52 286720 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-11-10 20:19 . 2007-10-31 08:39 59904 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-11-10 20:19 . 2007-05-17 12:58 143360 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-11-10 20:19 . 2006-10-18 16:32 499712 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-11-10 20:19 . 2006-10-18 16:32 348160 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-11-10 20:19 . 2006-10-16 17:44 196608 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-11-10 20:19 . 2006-10-16 17:44 1028096 ----a-w- c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-11-05 18:53 . 2009-11-05 18:53 1180920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-03 17:18 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-03 17:18 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-03 17:18 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-03 17:18 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-03 17:18 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-03 17:18 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-03 17:18 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-03 17:18 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-11-03 17:18 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-11-03 17:18 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-11-02 16:08 . 2009-11-02 16:08 -------- d-----w- c:\program files\iPod
2009-11-02 16:08 . 2009-11-02 16:09 4096 d-----w- c:\program files\iTunes
2009-11-02 16:04 . 2009-11-02 16:04 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 15:57 . 2009-11-02 15:57 -------- d-----w- c:\program files\IObit
2009-10-30 00:40 . 2009-10-30 00:40 -------- d-----w- c:\programdata\KONAMI
2009-10-29 20:35 . 2009-10-29 20:35 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-29 20:34 . 2009-10-29 20:34 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-29 20:34 . 2009-10-29 20:35 4096 d-----w- c:\program files\Roxio
2009-10-29 20:21 . 2009-10-29 20:21 -------- d-----w- c:\programdata\Research In Motion
2009-10-29 15:50 . 2009-10-29 15:50 -------- d-----w- C:\ATI
2009-10-28 16:40 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 16:40 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 17:15 . 2009-10-20 17:17 4096 d-----w- c:\program files\ISO Commander
2009-10-20 14:45 . 2009-10-20 14:45 -------- d-----w- c:\program files\KONAMI

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 21:20 . 2008-01-21 07:15 664730 ----a-w- c:\windows\system32\perfh007.dat
2009-11-15 21:20 . 2008-01-21 07:15 142982 ----a-w- c:\windows\system32\perfc007.dat
2009-11-15 16:11 . 2009-03-01 16:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 11:18 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 10:33 . 2009-02-09 16:51 8192 d-----w- c:\programdata\Microsoft Help
2009-11-05 16:57 . 2009-01-24 08:19 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-04 19:18 . 2009-01-28 19:45 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-03 16:02 . 2009-04-14 14:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-03 16:01 . 2009-04-14 15:07 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-02 19:42 . 2009-10-04 10:51 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 16:08 . 2009-01-28 20:12 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 00:06 . 2009-01-27 14:09 85176 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-29 20:35 . 2009-09-14 18:44 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-10-29 20:35 . 2009-09-14 19:30 -------- d-----w- c:\programdata\Roxio
2009-10-29 16:01 . 2009-01-30 13:14 -------- d-----w- c:\program files\ATI
2009-10-16 15:54 . 2009-01-24 08:27 8192 d-----w- c:\program files\Common Files\Adobe
2009-10-06 15:13 . 2009-09-11 14:51 -------- d--h--w- c:\users\Luca\AppData\Roaming\win32GI
2009-10-05 15:48 . 2009-10-05 15:48 -------- d-----w- c:\program files\Microsoft
2009-10-02 13:05 . 2009-10-02 13:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-30 14:31 . 2009-09-30 14:31 103440 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-30 13:38 . 2009-09-30 13:38 -------- d-----w- c:\program files\Bethesda Softworks
2009-09-29 19:21 . 2009-09-29 19:18 -------- d-----w- c:\program files\Nowcom
2009-09-29 18:02 . 2009-09-29 18:02 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-09-29 17:59 . 2009-09-29 17:59 -------- d-----w- c:\programdata\PMB Files
2009-09-29 17:59 . 2009-09-29 17:59 -------- d-----w- c:\program files\Pando Networks
2009-09-28 15:21 . 2009-03-05 18:43 -------- d-----w- c:\users\Luca\AppData\Roaming\Canon
2009-09-22 20:30 . 2009-09-22 20:18 -------- d-----w- c:\users\Luca\AppData\Roaming\Intermedia Software
2009-09-22 20:08 . 2009-09-22 20:08 -------- d-----w- c:\program files\Intermedia Software
2009-09-22 15:57 . 2009-02-12 21:47 4096 d-----w- c:\users\Luca\AppData\Roaming\uTorrent
2009-09-22 14:48 . 2009-04-01 15:59 12288 d-----w- c:\program files\AGEIA Technologies
2009-09-22 14:47 . 2009-04-01 15:59 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-16 19:05 . 2009-09-16 18:32 164352 --sh--w- c:\windows\system32\SC.dll
2009-09-14 18:47 . 2009-09-14 18:47 256 ----a-w- c:\windows\system32\pool.bin
2009-09-14 09:29 . 2009-10-16 13:53 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 19:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-10 16:48 . 2009-10-16 13:54 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-16 13:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 20:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-16 15:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 15:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 15:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 15:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-19 22:03 . 2009-05-28 13:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-10-28 11:41 . 2009-02-18 22:05 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2008-10-28 11:41 . 2009-02-18 22:05 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2008-10-28 11:41 . 2009-02-18 22:05 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2008-10-28 11:41 . 2009-02-18 22:05 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2008-10-28 11:41 . 2009-02-18 22:05 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2008-10-28 11:41 . 2009-02-18 22:05 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2008-10-28 11:41 . 2009-02-18 22:05 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2008-10-28 11:41 . 2009-02-18 22:05 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2008-10-28 11:41 . 2009-02-18 22:05 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2008-10-28 11:41 . 2009-02-18 22:05 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-01-24 16:37 . 2009-01-24 16:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD6071"="del" [X]
"SpybotDeletingB3449"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-31 200704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-19 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):30,c7,aa,30,a9,33,ca,01

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe [24.01.2009 17:51 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [28.05.2009 14:39 108289]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [24.01.2009 17:51 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [24.01.2009 17:51 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [26.11.2008 06:02 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [26.12.2008 17:05 279488]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [21.01.2008 03:23 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [21.01.2008 03:23 251904]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\1av4isa5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 22:28
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855291F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x855291f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-196225806-1741921098-1788466045-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,2b,6a,ce,a2,44,f2,a8,d4,60,b8,40,fe,29,d8,82,85,14,98,d1,9f,
c5,c5,fb,63,d4,f2,8e,83,1f,c3,cc,f2,0b,e2,85,d2,56,19,b9,f1,48,b3,fc,9b,f8,\
"rkeysecu"=hex:08,1b,2d,01,98,0b,bb,85,cb,7e,82,0b,e1,7f,f5,90

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-11-15 22:32
ComboFix-quarantined-files.txt 2009-11-15 21:30

Vor Suchlauf: 6 Verzeichnis(se), 41.276.567.552 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 41.286.643.712 Bytes frei

- - End Of File - - B0C5935CE9EEDD897A39194943580291
Seitenanfang Seitenende
27.11.2009, 00:11
...neu hier

Beiträge: 1
#5 hallo,ich habe das gleiche Problem seit heute...
kann mir jemand helfen:
habe vista home premium 32 bit

kriege die meldung :
In der Datei 'C:\Windows\System32\tdlcmd.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Vundo.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:09:12, on 27.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Voipwise.com\Voipwise\voipwise.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.191.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.191.0\HostIE.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.191.0\HotbarSA.exe"
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.191.0\OEAddOn.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 12900 bytes
Seitenanfang Seitenende
27.11.2009, 10:09
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Uninstall Liste mit hilfe von Hijack This
Starte Hijackthis, wähle "Open the Misc Tools section", öffne "Open Uninstall Manager", drücke dort "Save list...".
Sobald die Liste gespeichert wird, öffnet sich ein Fenster mit den entsprechenden Einträgen.
Bitte diese auch in den eigenen Thread kopieren.
__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: