Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivirus 2009

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.11.2008, 23:01   #1
markusss
 
Antivirus 2009 - Standard

Antivirus 2009



Hi zusammen.
ich hab meinen rechner mit dem Virus "antivirus 2009" infiziert und beim googlen bin dann auf dieses forum gestoßen.
hier hab ich ne Anleitung gelesen wie ich diesen Virus Löschen kann und will nun wissen ob ich es richtig gemacht habe und/oder was ich noch tun muss.

als erstes hab ich mir Malwarebytes runtergeladen und scannen lassen.
(der hat ne menge gefunden häufig stand da der name Vundo)
bin echt rießig froh (hier ein Danke an die Verfasser des Beitrags der mir weitergeholfen hat) die dinger/das ding weg zu haben da kein Antivir oder Avast darauf angeschlagen hat.

danach hab ich HijackThis runtergeladen und anewendet.

malwarebytes ha mir das ausgespuckt
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1423
Windows 5.1.2600 Service Pack 2

25.11.2008 22:15:48
mbam-log-2008-11-25 (22-15-48).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 190774
Laufzeit: 1 hour(s), 4 minute(s), 36 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 6
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 14
Infizierte Verzeichnisse: 1
Infizierte Dateien: 25

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\pmnmmJdC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ytamfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnmnooo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqxsbkch.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tlppey.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Programme\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e92b06b-73f5-4bf0-914c-83b8508a138c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e92b06b-73f5-4bf0-914c-83b8508a138c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmnooo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de6423af-aaff-4aa9-b314-00e4dca96b03} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de6423af-aaff-4aa9-b314-00e4dca96b03} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e92b06b-73f5-4bf0-914c-83b8508a138c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{de6423af-aaff-4aa9-b314-00e4dca96b03} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmmjdc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdzac.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmmjdc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22854f4c-d785-4cfb-b625-b058e1bd659b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3c3304a8-3c6d-49ab-81e1-820d1aa75738}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dd37f58e-9e14-45aa-9206-54439d672c8e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22854f4c-d785-4cfb-b625-b058e1bd659b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3c3304a8-3c6d-49ab-81e1-820d1aa75738}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dd37f58e-9e14-45aa-9206-54439d672c8e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{22854f4c-d785-4cfb-b625-b058e1bd659b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3c3304a8-3c6d-49ab-81e1-820d1aa75738}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3c3304a8-3c6d-49ab-81e1-820d1aa75738}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dd37f58e-9e14-45aa-9206-54439d672c8e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dd37f58e-9e14-45aa-9206-54439d672c8e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.10;85.255.112.103 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\pmnmmJdC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CdJmmnmp.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CdJmmnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmnooo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tlppey.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hiccacyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uycaccih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mslrhjiu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uijhrlsm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdzac.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\ytamfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqxsbkch.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UVEFY1MN\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UVEFY1MN\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlkIcD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnffmbeu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJCVO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLcBuR.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlcojehw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUoLbCu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxYOET.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeueqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\tempo-D25.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.




und HijackThis schrieb

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:22, on 25.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Dokumente und Einstellungen\xxxx\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P36 "EPSON Stylus DX4200 Series (Kopie 1)" /O6 "USB002" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzac.exe] C:\WINDOWS\system32\kdzac.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P36 "EPSON Stylus DX4200 Series (Kopie 1)" /M "Stylus DX4200" /EF "HKCU"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SyncService] "C:\Programme\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Add to Evernote - res://C:\Programme\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: tlppey.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 11013 bytes


es wäre super wenn mir jemand antworten könnte was ich noch tun muss

falls alles so in ordnung ist bitte auch ne antwort

Danke

Alt 26.11.2008, 17:36   #2
Leonidas88
 
Antivirus 2009 - Standard

Antivirus 2009



Es ist leider nichts in Ordnung. Ohne eine ordentliche Bereinigung, die du von einem Kompetenzler bekommst hast keine Chance auf ein sauberes System.
__________________


Antwort

Themen zu Antivirus 2009
.com, adware.mywebsearch, antivirus, avast!, avira, bho, bonjour, browser, cdburnerxp, components, content.ie5, desktop, einstellungen, excel, firefox, google, helper, hijack, hijackthis, hkus\s-1-5-18, index, internet, internet explorer, malware.trace, mozilla, notification, pdfcreator, plug-in, pop-up-blocker, poweriso, registrierungsschlüssel, rootkit.dnschanger.h, rundll, scan, skype.exe, software, super, system, usb, virus, vundo, windows xp, windows\temp



Ähnliche Themen: Antivirus 2009


  1. antivirus 2009
    Log-Analyse und Auswertung - 01.04.2009 (1)
  2. Antivirus 2009
    Log-Analyse und Auswertung - 18.03.2009 (42)
  3. antivirus 2009
    Mülltonne - 15.01.2009 (0)
  4. Antivirus 2009
    Mülltonne - 01.01.2009 (0)
  5. antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (2)
  6. Antivirus 2009
    Mülltonne - 02.12.2008 (1)
  7. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 30.11.2008 (14)
  8. antivirus pro 2009
    Plagegeister aller Art und deren Bekämpfung - 27.11.2008 (23)
  9. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 24.11.2008 (1)
  10. Antivirus 2009
    Log-Analyse und Auswertung - 13.11.2008 (5)
  11. Antivirus 2009 Alert
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (8)
  12. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (0)
  13. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 21.09.2008 (0)
  14. Micro Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 21.09.2008 (7)
  15. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 19.09.2008 (18)
  16. antivirus xp 2008 und smart antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 14.09.2008 (11)
  17. Antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 02.09.2008 (5)

Zum Thema Antivirus 2009 - Hi zusammen. ich hab meinen rechner mit dem Virus "antivirus 2009" infiziert und beim googlen bin dann auf dieses forum gestoßen. hier hab ich ne Anleitung gelesen wie ich diesen - Antivirus 2009...
Archiv
Du betrachtest: Antivirus 2009 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.