Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Vundo.gen und Antivir XP 2008 eingefangen :-(

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2008, 14:02   #1
mrsbumblebee
 
TR/Vundo.gen und Antivir XP 2008 eingefangen :-( - Standard

TR/Vundo.gen und Antivir XP 2008 eingefangen :-(



Hallo ihr lieben.
Ich bin froh, euch gefunden zu haben und hoffe, ihr könnt mir helfen. Vor ein paar Tagen habe ich mir Vundo und das tolle Pseudo-Antivirusprogramm eingefangen und werde es nicht mehr los. Scheint ja im Moment viel unterwegs zu sein, das Zeug. Ich habe jetzt ein Logfile gemacht und wüsste gerne, wie ich zur Bekämpfung weitermachen muss. Ich hoffe, das ist ok so.
Hier mal meine Auswertung. Ich danke schonmal für eure Hilfe!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:04, on 10.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\Samsung\ComSMMgr\SSMMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Melanie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.27.238.56:9056
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Samsung Common SM] "C:\Windows\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUKBUlI.dll,#1
O4 - HKLM\..\Run: [SMrhctbsj0ec8p] C:\Program Files\rhctbsj0ec8p\rhctbsj0ec8p.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Melanie\AppData\Local\Temp\xxyyaWol.dll,#1
O4 - Startup: Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 8270 bytes

Alt 10.08.2008, 15:48   #2
mrsbumblebee
 
TR/Vundo.gen und Antivir XP 2008 eingefangen :-( - Standard

TR/Vundo.gen und Antivir XP 2008 eingefangen :-(



Inzwischen habe ich auch die ComboFix-Logdatei erstellen lassen. Wäre nett, wenn mal jemand drüber schaut. Für mich sind das alles unverständliche Dinge.
Danke schön!


ComboFix 08-08-09.06 - Melanie 2008-08-10 15:38:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.132 [GMT 2:00]
ausgeführt von:: C:\Users\Melanie\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Users\Melanie\AppData\Local\Temp\daakvdtx.dll
C:\Users\Melanie\AppData\Local\Temp\rxbxktdr.dll
C:\Users\Melanie\AppData\Roaming\Microsoft\dtsc
C:\Users\Melanie\AppData\Roaming\Microsoft\dtsc\s
C:\Users\Melanie\AppData\Roaming\Microsoft\dtsc\t.exe
C:\Users\Melanie\AppData\Roaming\rhctbsj0ec8p
C:\Windows\system32\blphcpbsj0ec8p.scr
C:\Windows\system32\ddcBsTMg.dll
C:\Windows\system32\phcpbsj0ec8p.bmp
C:\Windows\system32\wvUKBUlI.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-10 bis 2008-08-10 ))))))))))))))))))))))))))))))
.

2008-08-10 15:17 . 2008-08-10 15:17 <DIR> d-------- C:\Program Files\CCleaner
2008-08-08 07:25 . 2008-08-08 17:55 <DIR> d-------- C:\VundoFix Backups
2008-08-07 13:07 . 2008-08-10 15:10 886 --a------ C:\Windows\wininit.ini
2008-08-07 11:30 . 2008-08-07 14:15 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-07 11:30 . 2008-08-07 14:15 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-07 11:30 . 2008-08-07 14:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-07 11:12 . 2008-08-07 11:12 0 --a------ C:\Windows\System32\FF74.tmp
2008-08-07 11:09 . 2008-08-07 11:09 0 --a------ C:\ARKFD23.tmp
2008-08-07 11:08 . 2008-08-07 11:08 0 --a------ C:\ARK6E4D.tmp
2008-08-07 11:03 . 2008-08-07 11:14 <DIR> d-------- C:\Users\Melanie\AppData\Roaming\uTorrent
2008-08-07 11:03 . 2008-08-07 11:03 <DIR> d-------- C:\Program Files\uTorrent
2008-08-07 10:35 . 2008-08-07 10:35 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-08-04 08:13 . 2008-08-04 08:13 <DIR> d-------- C:\Users\All Users\ZoomBrowser
2008-08-04 08:13 . 2008-08-04 08:13 <DIR> d-------- C:\ProgramData\ZoomBrowser
2008-08-04 08:08 . 2008-08-04 08:12 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-07-26 20:56 . 2008-08-08 17:33 <DIR> d-------- C:\_Crystallo
2008-07-24 22:31 . 2008-07-24 22:32 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-22 09:15 . 2008-08-04 08:29 <DIR> dr------- C:\Users\Melanie\Pictures
2008-07-20 20:06 . 2008-08-01 20:41 <DIR> d-------- C:\Program Files\ICQToolbar
2008-07-20 20:05 . 2008-07-20 20:07 <DIR> d-------- C:\Users\Melanie\AppData\Roaming\ICQ
2008-07-20 13:56 . 2008-07-20 13:57 <DIR> d-------- C:\Users\Melanie\AppData\Roaming\Autodesk
2008-07-20 13:52 . 2008-07-20 13:52 231 --a------ C:\Windows\System32\3dsmax.ini
2008-07-20 13:52 . 2008-07-20 13:52 43 --a------ C:\Windows\System32\InstallSettings.ini
2008-07-20 13:50 . 2008-07-20 13:52 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-20 13:48 . 2008-07-20 13:56 <DIR> d-------- C:\Users\All Users\Autodesk
2008-07-20 13:48 . 2008-07-20 13:56 <DIR> d-------- C:\ProgramData\Autodesk
2008-07-20 13:47 . 2008-07-20 13:52 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 13:47 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-07-20 13:47 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-07-20 13:47 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-07-20 13:47 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-07-20 13:47 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-07-20 13:47 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-07-19 08:27 . 2008-07-19 08:33 88 -r-hs---- C:\Windows\System32\63F3EA4DDB.sys
2008-07-19 08:08 . 2008-07-19 08:08 <DIR> d-------- C:\Users\Melanie\AppData\Roaming\InstallShield
2008-07-19 01:45 . 2008-07-19 01:45 <DIR> d-------- C:\Users\Melanie\AppData\Roaming\Bitstream
2008-07-19 01:12 . 2008-08-08 00:24 2,828 --ahs---- C:\Users\All Users\KGyGaAvL.sys
2008-07-19 01:12 . 2008-08-08 00:24 2,828 --ahs---- C:\ProgramData\KGyGaAvL.sys
2008-07-19 01:12 . 2008-08-07 10:38 88 -r-hs---- C:\Users\All Users\63F3EA4DDB.sys
2008-07-19 01:12 . 2008-08-07 10:38 88 -r-hs---- C:\ProgramData\63F3EA4DDB.sys
2008-07-14 17:48 . 2008-07-14 20:53 <DIR> d-------- C:\DVDVideoSoft
2008-07-14 17:47 . 2008-07-14 17:47 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-07-14 17:47 . 2008-07-14 17:47 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-11 14:10 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 14:10 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 14:09 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 00:57 . 2008-07-10 00:57 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 08:38 --------- d-----w C:\Users\Melanie\AppData\Roaming\Corel
2008-08-07 08:35 --------- d-----w C:\ProgramData\Corel
2008-08-07 08:28 --------- d-----w C:\Program Files\Common Files\Corel
2008-08-04 23:04 --------- d-----w C:\Program Files\Canon
2008-08-02 19:37 --------- d-----w C:\Users\Melanie\AppData\Roaming\DivX
2008-08-02 19:36 --------- d-----w C:\Program Files\DivX
2008-07-31 09:09 5,642 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-07-24 20:37 --------- d-----w C:\Users\Melanie\AppData\Roaming\OpenOffice.org2
2008-07-24 19:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-20 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 06:21 --------- d-----w C:\Program Files\Corel
2008-07-12 06:19 --------- d-----w C:\Program Files\setup_pack
2008-07-11 12:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 22:57 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-09 22:56 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 18:36 --------- d-----w C:\Program Files\Samsung ML-2010 Series
2008-07-07 18:12 --------- d-----w C:\Users\Melanie\AppData\Roaming\Ahead
2008-07-07 17:52 --------- d-----w C:\Program Files\Samsung
2008-07-07 15:19 --------- d-----w C:\Users\Melanie\AppData\Roaming\gtk-2.0
2008-07-07 07:56 --------- d-----w C:\Users\Melanie\AppData\Roaming\Samsung
2008-07-07 07:52 --------- d-----w C:\Program Files\CyberLink
2008-07-07 07:22 --------- d---a-w C:\ProgramData\TEMP
2008-07-07 07:22 --------- d-----w C:\ProgramData\Avira
2008-07-07 07:22 --------- d-----w C:\Program Files\Avira
2008-07-06 20:23 --------- d-----w C:\Program Files\GIMP-2.0
2008-06-30 06:32 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-06-29 20:28 --------- d-----w C:\Program Files\Zattoo
2008-06-20 08:14 --------- d-----w C:\Program Files\PSFtp Free
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-13 01:53 129,784 ------w C:\Windows\System32\pxafs.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-04-07 17:13 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-04-07 17:10 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-04-07 17:06 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-03-30 18:38 174 --sha-w C:\Program Files\desktop.ini
2007-11-14 21:37 3,730,848 ----a-w C:\Program Files\OOSE32_GER.exe
2007-07-24 21:29 838,080 ----a-w C:\Program Files\Google Updater.exe
2007-07-24 21:11 9,024,472 ----a-w C:\Program Files\trillian-v3.1.7.0.exe
2007-07-24 19:57 1,449,865 ----a-w C:\Program Files\wrar370d.exe
2006-01-17 15:05 3,952,715 ----a-w C:\Program Files\Animake.exe
2005-08-18 01:32 109,710,320 ----a-w C:\Program Files\setup.exe
2004-08-19 20:37 6,098 ----a-w C:\Program Files\franc.nfo
2007-11-02 23:55 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-02 23:55 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-02 23:55 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-07-24 23:12 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 02:21 815104]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2008-01-18 23:33 227840]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 22:59 266497]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 04:47 520192]
"Samsung Common SM"="C:\Windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 09:20 372736]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 20:57 3784704 C:\Windows\RtHDVCpl.exe]

C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2007-07-24 22:23:42 8496752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-06-30 08:34:04 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotKey.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotKey.lnk
backup=C:\Windows\pss\HotKey.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 20:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play AVStation TV Scheduler]
--a------ 2007-01-09 04:09 73728 C:\Program Files\Samsung\Play AVStation\TvScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2005-07-03 09:20 372736 C:\Windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
__________________


Alt 10.08.2008, 15:49   #3
mrsbumblebee
 
TR/Vundo.gen und Antivir XP 2008 eingefangen :-( - Standard

TR/Vundo.gen und Antivir XP 2008 eingefangen :-(



Und hier der Rest, weil es für den Beitrag zu lang war:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AE73DDC5-8910-4AB5-8505-328CFF3CA831}D:\\programme\\trillian\\trillian.exe"= UDP:\programme\trillian\trillian.exe:Trillian
"UDP Query User{04BC5E0F-7978-46BA-B43A-721442779A60}D:\\programme\\trillian\\trillian.exe"= TCP:\programme\trillian\trillian.exe:Trillian
"TCP Query User{61782531-02E9-4475-ABBF-7E9475FE3749}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{42BC9D94-FA4F-44A1-B343-5D63C729453B}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{C16F0FA8-0FFE-45B8-9AAC-820F9A8F86D2}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{7C492274-D6B3-414B-B294-4F70A88811F7}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{3D937E82-3C20-4D90-84A9-E7D69E7C88BB}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{37D8A2D4-2C2D-4988-8A8D-5CB737BBEEDF}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{7A6225A2-9762-41E3-87EA-652D7BA97F15}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9166AF33-F28C-424F-9C27-B68288AD37B2}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{F60CEEDA-5FC1-47F9-A99A-E322F67C5203}D:\\dokumente\\spiele\\blobby\\volley.exe"= UDP:\dokumente\spiele\blobby\volley.exe:volley
"UDP Query User{E3575183-CB4B-406F-9008-6A945985B50D}D:\\dokumente\\spiele\\blobby\\volley.exe"= TCP:\dokumente\spiele\blobby\volley.exe:volley
"TCP Query User{62F38A11-3D62-4CCB-B7ED-0F1D9A424DC7}D:\\programme\\opera.exe"= UDP:\programme\opera.exe:Opera Internet Browser
"UDP Query User{A89DE0C6-DA59-4835-A8E9-DA282B739764}D:\\programme\\opera.exe"= TCP:\programme\opera.exe:Opera Internet Browser
"{76AAC4BF-9C21-4B53-ABA2-1674F54644F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{5CE2A4BC-F6C5-4F27-B2F6-A6B6FEFC771A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{4A03FBA4-F745-4564-A08A-EFCFBF761F68}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{EFF6E75B-7BF0-4CF9-83E7-8503BCA2EE5B}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{60E1A9F5-B67C-4D5E-9FA0-3F8A9F4E69A5}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{28D3DE41-8F1F-43A4-89E5-92850F10B406}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FE057F72-F98F-4A46-B7B0-077347400423}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B49B239D-ACE9-4236-871B-123CCD8FA440}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DE0108E7-D8B5-4BCB-9958-56FD2010302C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{48332D41-B36B-41DE-8D2D-A07C80052471}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21B79917-6396-4CE2-92D0-11D1AA8B568E}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{7794C515-B4F1-4F2E-9D03-3FA655AFDCE4}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{F33E6EE7-72F0-45BF-9716-9185D92ABFE6}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{EDEDB482-BF9C-48D2-8BC9-86A7D9F889F7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{D48AA02F-0077-46A5-924A-7D9F283546AD}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8AFC2E19-77CD-4E6E-B98C-64AE22439B7A}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3D767B8A-24EB-457D-A260-0B1735C80BBC}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{9AE9BEA1-3B22-4B0B-8BA3-3AF5DA6F3FDF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BC9406C5-BF4C-4620-B37B-B9D5AE8D5BA3}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CEB07EF9-C4E1-4C55-95D1-0D7105D00A36}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6FA55220-D4F3-4409-8195-524537791BE0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{812D2560-EBA0-42CD-92A9-EF94D92E9738}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{ADC30285-8974-43F2-A90C-BC937FE62372}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{D6A9377C-AF55-4411-BD1A-39FA1778422E}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{AC3E42F9-D8AB-49F9-B01A-1C302C6A326C}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{FC24D7D2-8AB1-4377-BB59-C4AD5FA6D98E}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"{07141AFE-8357-41AE-B904-412B38921C94}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{5B0C1F32-4458-4F14-903B-A3C6FFD950D8}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{8C7275DF-A25F-48D5-963C-FF60A916F169}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7C31BF25-B85C-4F4E-9661-08C02BA9E6B5}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{05330769-BFFB-40AB-B922-B5048E693BA8}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{DDA2FBB2-5C70-4218-BB7E-AC60E96BAF67}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{B3AA290B-1583-4E4B-A656-484D7622AFFD}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{20F8D85D-42BD-4889-80D8-6BC27B743820}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B23364FF-B4F2-4CE2-AFEE-F06F49184C53}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{B93B6F56-178E-457D-B868-198921C1C5CD}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"TCP Query User{240AEB08-DCE9-4B01-B37E-3E0C9E2FD652}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A307A6A7-4288-440B-8F39-DDDDD47C959D}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{4E4CAD5B-54D1-4D0C-9FBC-0C4A899322CB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D1A3D492-36FD-4AAF-9FF2-2472652A3154}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 10:51]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-02-28 20:17]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 18:50]
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-20 23:59]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-20 23:59]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-20 23:59]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 09:30]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {06F42C96-A96C-F579-B0FA-F44BBA118C51} /qb
.
Inhalt des "geplante Tasks" Ordners

2008-08-08 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-08-09 C:\Windows\Tasks\User_Feed_Synchronization-{10F089CE-28B3-4E6D-96C4-D480C89A8C64}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKLM-Run-MSServer - C:\Windows\system32\wvUKBUlI.dll
ShellExecuteHooks-{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - C:\Windows\system32\wvUKBUlI.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-SMSTray - C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\rxwaxa4y.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - news.google.de
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\rxwaxa4y.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - D:\Programme\program\plugins\npdivx32.dll
FF -: plugin - D:\Programme\program\plugins\npjava11.dll
FF -: plugin - D:\Programme\program\plugins\npjava12.dll
FF -: plugin - D:\Programme\program\plugins\npjava13.dll
FF -: plugin - D:\Programme\program\plugins\npjava14.dll
FF -: plugin - D:\Programme\program\plugins\npjava32.dll
FF -: plugin - D:\Programme\program\plugins\npjpi160_05.dll
FF -: plugin - D:\Programme\program\plugins\npoji610.dll
FF -: plugin - D:\Programme\program\plugins\NPSWF32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 15:46:53
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\RacAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-10 16:01:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-08-10 14:01:03

Pre-Run: 5,216,317,440 Bytes frei
Post-Run: 5,086,593,024 Bytes frei

325 --- E O F --- 2008-08-08 05:08:19
__________________

Antwort

Themen zu TR/Vundo.gen und Antivir XP 2008 eingefangen :-(
0 bytes, 32-bit, adobe, agere systems, antivir, ask toolbar, avg, avira, bho, browser, desktop, downloader, firefox, hijack, hijackthis, internet, internet explorer, konvertieren, local\temp, logfile, mozilla, mozilla firefox, mozilla thunderbird, object, pdf-datei, rundll, senden, software, system, tr/vundo.gen, urlsearchhook, vista, vundo, windows



Ähnliche Themen: TR/Vundo.gen und Antivir XP 2008 eingefangen :-(


  1. 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)
    Log-Analyse und Auswertung - 03.08.2012 (25)
  2. Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar)
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (35)
  3. Avira Antivir Funde: I (EXP/CVE-2008-5353.AG), II (APPL/NirCmd.2)
    Log-Analyse und Auswertung - 20.02.2012 (19)
  4. Antivir 2008
    Plagegeister aller Art und deren Bekämpfung - 17.01.2009 (13)
  5. Antivir 2009 und Virus Remover 2008 Riesen Probleme
    Plagegeister aller Art und deren Bekämpfung - 07.01.2009 (0)
  6. Antivir 2009 und Virus Remover 2008 Riesen Probleme
    Mülltonne - 07.01.2009 (0)
  7. System AntiVir 2008 Problem
    Plagegeister aller Art und deren Bekämpfung - 08.10.2008 (4)
  8. XP Antivir 2008 eingefangen
    Log-Analyse und Auswertung - 24.09.2008 (4)
  9. Popups, Verdacht auf Antivir XP 2008
    Plagegeister aller Art und deren Bekämpfung - 23.09.2008 (2)
  10. Antivir 2008 Folgen?
    Mülltonne - 23.09.2008 (0)
  11. TR/Dldr.FraudLoa.NC & Antivir XP 2008
    Log-Analyse und Auswertung - 17.08.2008 (2)
  12. Antivir XP 2008 wieder mal einen erwischt
    Plagegeister aller Art und deren Bekämpfung - 15.08.2008 (32)
  13. Antivir 2008 befall
    Log-Analyse und Auswertung - 09.08.2008 (1)
  14. Antivir 2008 feat. antispy2008 xp
    Plagegeister aller Art und deren Bekämpfung - 06.08.2008 (25)
  15. XP Antivir 2008 eingefangen
    Log-Analyse und Auswertung - 06.08.2008 (11)
  16. Antivir xp 2008 teilerfolg
    Plagegeister aller Art und deren Bekämpfung - 20.07.2008 (3)
  17. Antivir xp 2008
    Plagegeister aller Art und deren Bekämpfung - 17.07.2008 (8)

Zum Thema TR/Vundo.gen und Antivir XP 2008 eingefangen :-( - Hallo ihr lieben. Ich bin froh, euch gefunden zu haben und hoffe, ihr könnt mir helfen. Vor ein paar Tagen habe ich mir Vundo und das tolle Pseudo-Antivirusprogramm eingefangen und - TR/Vundo.gen und Antivir XP 2008 eingefangen :-(...
Archiv
Du betrachtest: TR/Vundo.gen und Antivir XP 2008 eingefangen :-( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.