| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2010, 00:07
| #1 |
| |  Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153 Hallo, ich habe seit einigen Tagen zwei fiese Viren auf meinem PC. Hauptproblem stellt, glaube ich, der Heur.Vundo, da (nach Recherche) dieser anscheinend das Starten sämtlicher Virenentfernungsprogramme verhindert. Habe die Viren mit dem BitDefender online scan idenzifiziert. Bisher habe ich die folgenden Programme versucht zu benutzen: Avira Antivir, BitDefender, Malbytes Anti-Malware, AdAware, ComboFix. Außer AdAware lässt sich kein einziges dieser starten, wobei AdAware auf nichts anschlägt. //EDIT: Ich muss noch hinzufügen, wenn ich die iexplore.exe im Internet Explorer Ordner lösche, wird diese nach kurzer Zeit wieder neu erstellt. Hier die log.txt aus RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by FrankJ at 2010-01-17 00:04:51 Microsoft Windows XP Professional Service Pack 3 System drive C: has 360 GB (38%) free of 954 GB Total RAM: 3327 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:04:52, on 17.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\DAEMON Tools Lite\DTLite.exe C:\Programme\ATLAS V14\ATLIECOM.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Mediafour\MacDrive 7\MacDriveService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\FrankJ\Eigene Dateien\Downloads\RSIT.exe C:\Programme\trend micro\FrankJ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Programme\ATLAS V14\ATLIECP.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Programme\ATLAS V14\ATLIECP.DLL O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Translate with ATLAS - C:\Programme\ATLAS V14\Atlscript.html O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: ATLAS Translation &Editor - C:\Programme\ATLAS V14\AtlscriptEdit.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Programme\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Translate - res://C:\Programme\SYSTRAN\6\\GUIres.dll/translate.js O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Programme\ATLAS V14\Atlscript.html O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3D620C21-2337-4C00-89E9-0A51F1F4C4A1}: NameServer = 192.168.2.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Programme\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: NBService - Nero AG - c:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - c:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe -- End of file - 11534 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}] ATLAS Toolbar - C:\Programme\ATLAS V14\ATLIECP.DLL [2007-10-04 296288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576] {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - ATLAS Toolbar - C:\Programme\ATLAS V14\ATLIECP.DLL [2007-10-04 296288] {95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-28 520024] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "nwiz"=C:\Programme\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2008-08-15 378224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive] C:\Programme\Mediafour\MacDrive 7\MDGetStarted.exe [2008-09-02 141312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2008-04-14 44032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application] C:\Programme\Mediafour\MacDrive 7\MacDrive.exe [2008-09-23 201304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] c:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\settdebugx.exe] C:\DOKUME~1\FrankJ\LOKALE~1\Temp\settdebugx.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programme\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-10-16 214360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^FrankJ^Startmenü^Programme^Autostart^DeskPins.lnk] C:\PROGRA~1\DeskPins\DeskPins.exe [2004-05-02 62464] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian" "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Programme\Sierra Entertainment\World in Conflict\wic.exe"="C:\Programme\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict" "C:\Programme\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Programme\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only" "C:\Programme\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Programme\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Programme\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization" "C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server" "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server" "C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander" "C:\Programme\THQ\Company of Heroes\RelicCOH.exe"="C:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts" "C:\Programme\DAUM\PotPlayer\daumvsvr.exe"="C:\Programme\DAUM\PotPlayer\daumvsvr.exe:*:Enabled  aumCP VoD Server""C:\Programme\DAUM\PotPlayer\PotPlayer.exe"="C:\Programme\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:?? ?????" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="C:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV" "C:\Programme\RayV\RayV\RayV.exe"="C:\Programme\RayV\RayV\RayV.exe:*:Enabled:RayV" "C:\Programme\RayV\RayV\RayV.dll"="C:\Programme\RayV\RayV\RayV.dll:*:Enabled:RayV" "C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby" "C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client" "C:\Programme\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe"="C:\Programme\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled ragon Age Origins Character Creator""C:\Programme\Dragon Age Origins Character Creator\DAOriginsLauncher.exe"="C:\Programme\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled ragon Age Origins Character Creator Launcher""C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Programme\Dragon Age\bin_ship\daorigins.exe"="C:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled ragon Age Origins Game""C:\Programme\Dragon Age\DAOriginsLauncher.exe"="C:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled ragon Age Origins Launcher""C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled ragon Age Origins Updater""C:\Programme\Steam\steamapps\common\empire total war\Empire.exe"="C:\Programme\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War" "C:\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Games\Mass Effect\MassEffectLauncher.exe"="C:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e269738-9c47-11dd-a7f7-0022157925e2}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe ======List of files/folders created in the last 1 months====== 2010-01-16 23:52:49 ----D---- C:\rsit 2010-01-16 23:52:49 ----D---- C:\Programme\trend micro 2010-01-16 23:46:58 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-16 23:46:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-16 23:36:56 ----D---- C:\Programme\Spybot - Search & Destroy 2010-01-16 23:36:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-01-16 22:28:00 ----DC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-16 22:01:51 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\QuickScan 2010-01-16 21:43:45 ----D---- C:\Programme\Avira 2010-01-16 21:43:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-01-10 19:43:07 ----D---- C:\Programme\Veetle 2010-01-09 20:19:07 ----D---- C:\Programme\Pcsx2 2009-12-31 18:19:45 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\EA 2009-12-31 16:10:00 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2009-12-30 22:47:46 ----A---- C:\WINDOWS\IE4 Error Log.txt 2009-12-30 22:41:50 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\HPAppData 2009-12-30 17:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$ 2009-12-28 03:32:51 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini 2009-12-24 04:32:55 ----D---- C:\WINDOWS\Prefetch 2009-12-24 04:26:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-12-24 03:39:12 ----A---- C:\WINDOWS\pnplog.txt 2009-12-24 03:26:46 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-12-24 03:26:46 ----A---- C:\WINDOWS\system32\irclass.dll 2009-12-23 17:24:03 ----D---- C:\Programme\Machinarium ======List of files/folders modified in the last 1 months====== 2010-01-17 00:03:07 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\foobar2000 2010-01-17 00:02:39 ----D---- C:\Programme\Mozilla Firefox 2010-01-16 23:52:49 ----RD---- C:\Programme 2010-01-16 23:46:59 ----D---- C:\WINDOWS\system32\drivers 2010-01-16 23:44:22 ----D---- C:\WINDOWS\system32 2010-01-16 23:44:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-16 23:43:09 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-16 23:40:04 ----D---- C:\WINDOWS\Temp 2010-01-16 23:38:36 ----SH---- C:\boot.ini 2010-01-16 23:38:36 ----A---- C:\WINDOWS\win.ini 2010-01-16 23:38:36 ----A---- C:\WINDOWS\system.ini 2010-01-16 23:27:23 ----D---- C:\WINDOWS 2010-01-16 23:27:21 ----D---- C:\Programme\Trillian 2010-01-16 23:27:20 ----D---- C:\WINDOWS\twain_32 2010-01-16 23:22:26 ----D---- C:\Temp 2010-01-16 23:14:19 ----D---- C:\Programme\Gemeinsame Dateien 2010-01-16 23:10:34 ----A---- C:\WINDOWS\WORDPAD.INI 2010-01-16 23:03:32 ----A---- C:\WINDOWS\ntbtlog.txt 2010-01-16 23:00:29 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\NoNameScript 2010-01-16 22:56:01 ----D---- C:\Programme\mIRC 2010-01-16 22:27:58 ----SHD---- C:\WINDOWS\Installer 2010-01-16 22:17:51 ----HD---- C:\Config.Msi 2010-01-16 22:17:50 ----D---- C:\WINDOWS\WinSxS 2010-01-16 21:59:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-16 21:44:09 ----HD---- C:\WINDOWS\inf 2010-01-16 20:13:28 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\Skype 2010-01-16 15:00:53 ----D---- C:\mist 2010-01-16 15:00:18 ----D---- C:\Programme\Heroes of Newerth 2010-01-16 08:05:29 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\skypePM 2010-01-16 06:56:00 ----A---- C:\WINDOWS\NeroDigital.ini 2010-01-14 02:09:51 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\vlc 2010-01-13 16:17:24 ----D---- C:\WINDOWS\system32\Restore 2010-01-13 05:50:19 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\FileZilla 2010-01-13 02:09:28 ----D---- C:\Programme\DAEMON Tools Lite 2010-01-12 14:23:19 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\uTorrent 2010-01-10 09:44:08 ----D---- C:\Programme\Dragon Age 2010-01-10 08:30:25 ----HD---- C:\Programme\InstallShield Installation Information 2010-01-10 08:25:35 ----D---- C:\WINDOWS\security 2010-01-10 08:21:06 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-10 08:20:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-10 08:19:55 ----D---- C:\WINDOWS\RegisteredPackages 2010-01-10 08:19:55 ----D---- C:\Programme\Windows Media Player 2010-01-10 08:19:46 ----D---- C:\WINDOWS\Help 2010-01-10 00:26:01 ----D---- C:\Programme\Gemeinsame Dateien\BioWare 2010-01-10 00:18:45 ----D---- C:\Games 2010-01-10 00:04:55 ----D---- C:\Programme\CAPCOM 2010-01-10 00:03:49 ----D---- C:\WINDOWS\system32\DirectX 2010-01-09 21:13:22 ----D---- C:\Programme\Steam 2010-01-09 19:46:20 ----D---- C:\Programme\DAEMON Tools Toolbar 2010-01-09 19:46:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite 2010-01-06 07:19:46 ----D---- C:\Dokumente und Einstellungen\FrankJ\Anwendungsdaten\HLSW 2009-12-24 04:35:34 ----D---- C:\WINDOWS\Registration 2009-12-24 04:34:54 ----A---- C:\WINDOWS\setuplog.txt 2009-12-24 04:34:18 ----SHD---- C:\System Volume Information 2009-12-24 04:32:21 ----D---- C:\WINDOWS\system32\config 2009-12-24 04:31:24 ----A---- C:\WINDOWS\imsins.BAK 2009-12-24 04:27:07 ----A---- C:\WINDOWS\OEWABLog.txt 2009-12-24 04:27:03 ----A---- C:\WINDOWS\ODBCINST.INI 2009-12-24 04:26:24 ----RD---- C:\WINDOWS\Web 2009-12-24 04:26:17 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-12-24 04:26:03 ----D---- C:\WINDOWS\system32\oobe 2009-12-24 04:26:02 ----D---- C:\Programme\Outlook Express 2009-12-24 04:25:18 ----D---- C:\WINDOWS\system32\Com 2009-12-24 04:24:54 ----D---- C:\WINDOWS\system32\wbem 2009-12-24 04:23:13 ----D---- C:\WINDOWS\system32\Setup 2009-12-24 04:23:13 ----D---- C:\WINDOWS\system 2009-12-24 04:23:05 ----D---- C:\WINDOWS\L2Schemas 2009-12-24 04:23:03 ----D---- C:\WINDOWS\system32\usmt 2009-12-24 04:22:55 ----D---- C:\WINDOWS\AppPatch 2009-12-24 04:22:54 ----D---- C:\WINDOWS\system32\1031 2009-12-24 04:22:53 ----D---- C:\WINDOWS\ehome 2009-12-24 04:22:52 ----D---- C:\WINDOWS\ime 2009-12-24 04:22:51 ----RSD---- C:\WINDOWS\Fonts 2009-12-24 04:22:51 ----D---- C:\WINDOWS\Media 2009-12-24 04:22:50 ----D---- C:\WINDOWS\Network Diagnostic 2009-12-24 04:22:48 ----D---- C:\WINDOWS\system32\de-de 2009-12-24 04:22:36 ----D---- C:\WINDOWS\PeerNet 2009-12-24 04:22:21 ----D---- C:\WINDOWS\system32\npp 2009-12-24 04:22:14 ----D---- C:\WINDOWS\msagent 2009-12-24 04:22:09 ----D---- C:\WINDOWS\system32\de 2009-12-24 04:18:42 ----D---- C:\WINDOWS\system32\icsxml 2009-12-24 04:18:13 ----D---- C:\WINDOWS\system32\ias 2009-12-24 04:18:08 ----D---- C:\WINDOWS\system32\1033 2009-12-24 04:17:07 ----D---- C:\WINDOWS\Driver Cache 2009-12-24 03:26:40 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 2009-12-24 02:06:10 ----D---- C:\Fraps 2009-12-23 01:21:14 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-22 04:46:06 ----A---- C:\WINDOWS\system32\ssprs.dll 2009-12-22 04:46:06 ----A---- C:\WINDOWS\system32\lsprst7.dll 2009-12-22 04:46:06 ----A---- C:\WINDOWS\SurCode.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-25 2915944] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2008-04-14 12288] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032] R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-09-27 281760] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-09-27 25888] R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-01 25280] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-01 25280] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 a0ofezga;a0ofezga; C:\WINDOWS\system32\drivers\a0ofezga.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] S3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-10-24 170392] S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 Nbdrv;NetBalancer Service; C:\WINDOWS\system32\DRIVERS\nbdrv.sys [] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] S4 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 77312] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-09-28 1028432] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 MacDriveService;MacDrive service; C:\Programme\Mediafour\MacDrive 7\MacDriveService.exe [2008-11-26 150528] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 nlsvc;NetLimiter; C:\Programme\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-12 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-19 189288] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-25 304528] S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-28 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 NBService;NBService; c:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 NMIndexingService;NMIndexingService; c:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-11-06 92792] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Bin um jede Hilfe dankbar. mfg chas Geändert von chas (17.01.2010 um 00:19 Uhr) |
|
17.01.2010, 19:37
| #2 |
| | Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153 Habe dasselbe Problem. "Zum Glück" habe ich nur den Trojaner Trojan.Heur.Vundo.cu4@d4CKyXk auf meinem Rechner. Bin bis jetzt nicht zu einer wirklichen Lösung gekommen, selbst google hilft nicht weiter.
__________________Klappt bei dir die Systemwiderherstellung, bei mir nämlich nicht. Hast du denn sonst schon ne andere Lösung gefunden? |
|
| Themen zu Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153 |
| ?????, ad-aware, ad-watch, antivir, antivir guard, avgnt, avgnt.exe, avgntflt.sys, avira, bho, bonjour, browser, computer, desktop, diagnostics, error, fiese, firefox, fontcache, hijack, hijackthis, hkus\s-1-5-18, hängen, jusched.exe, league of legends, pdf-datei, plug-in, problem, realtek, rthdcpl.exe, scan, senden, shell32.dll, sierra, skype.exe, software, starten, system, viren, windows, windows xp |
