| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vundo.gen, bitte um hilfe!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.11.2007, 22:23
| #3 |
 |  Vundo.gen, bitte um hilfe! hallo cosinus, danke für deine Hilfe erstmal,
__________________hab combofix drüberlaufen lassen und das log kam dabei raus: ComboFix 07-11-08.1 - xisu 2007-11-15 22:17:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.610 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\xisu\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . Nicht in der Lage Systemrechte zu erhalten (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\oqstv.ini2 C:\WINDOWS\system32\vtsqo.dll . ((((((((((((((((((((((( Dateien erstellt von 2007-10-15 bis 2007-11-15 )))))))))))))))))))))))))))))) . 2007-11-15 22:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-15 21:51 <DIR> d-------- C:\Programme\Trend Micro 2007-11-15 21:29 <DIR> d-------- C:\VundoFix Backups 2007-11-14 15:45 36,352 --a------ C:\WINDOWS\system32\iifedcd.dll 2007-11-14 15:44 36,352 --a------ C:\WINDOWS\system32\ddcawwu.dll 2007-11-08 11:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-08 11:27 <DIR> d-------- C:\Programme\QuickTime 2007-11-08 11:27 <DIR> d-------- C:\Programme\iTunes 2007-11-08 11:27 <DIR> d-------- C:\Programme\iPod 2007-11-08 11:27 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple 2007-11-08 11:27 <DIR> d-------- C:\Programme\Apple Software Update 2007-11-08 11:27 <DIR> d-------- C:\Dokumente und Einstellungen\xisu\Anwendungsdaten\Apple Computer 2007-11-08 11:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2007-11-08 11:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2007-11-07 12:32 <DIR> d-------- C:\Programme\WinSCP 2007-11-07 12:19 <DIR> d-------- C:\Programme\Innovator 2007-10-29 15:10 <DIR> d-------- C:\Programme\ICQ 2007-10-27 00:27 41 --a------ C:\WINDOWS\popcinfo.dat 2007-10-26 16:01 <DIR> d-------- C:\Programme\Shockwave.com 2007-10-26 10:54 <DIR> d-------- C:\Programme\PopCap Games 2007-10-26 10:54 <DIR> d-------- C:\Program Files 2007-10-26 10:54 203 ---h----- C:\WINDOWS\popcreg.dat 2007-10-26 10:54 94 --a------ C:\WINDOWS\popcinfot.dat . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-05 18:55 --------- d-----w C:\Programme\Java 2007-10-05 18:54 --------- d-----w C:\Programme\Gemeinsame Dateien\Java 2007-09-28 12:06 --------- d-----w C:\Dokumente und Einstellungen\xisu\Anwendungsdaten\EPSON 2007-09-26 13:41 --------- d-----w C:\Dokumente und Einstellungen\xisu\Anwendungsdaten\ScummVM 2007-09-26 12:34 --------- d-----w C:\Programme\ScummVM 2007-09-20 10:10 --------- d-----w C:\Programme\ahead 2007-09-20 10:01 --------- d--h--w C:\Programme\InstallShield Installation Information 2007-09-20 10:00 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL 2007-09-20 09:59 --------- d-----w C:\Programme\epson 2007-09-17 18:47 --------- d-----w C:\Dokumente und Einstellungen\xisu\Anwendungsdaten\Lionhead Studios 2007-09-17 18:45 97,792 ----a-w C:\WINDOWS\system32\drivers\ACEDRV05.sys 2007-09-17 18:44 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-17 18:44 --------- d-----w C:\Programme\directx 2007-09-17 18:22 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberon Media 2007-09-17 15:32 27,648 ----a-w C:\WINDOWS\system32\drivers\iteatapi.sys 2007-09-17 14:30 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2007-09-17 14:12 --------- d-----w C:\Programme\Winamp 2007-09-17 14:03 --------- d-----w C:\Programme\RegCleaner 2007-09-17 13:56 --------- d-----w C:\Programme\CCleaner 2007-09-17 13:48 --------- d-----w C:\Programme\Lavasoft 2007-09-17 13:48 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-09-17 13:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2007-09-17 13:31 --------- d-----w C:\Programme\Avira 2007-09-17 13:31 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2007-09-17 13:10 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2007-09-16 12:22 --------- d-----w C:\Programme\DAEMON Tools 2007-09-16 12:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-16 12:19 --------- d-----w C:\Dokumente und Einstellungen\xisu\Anwendungsdaten\uTorrent 2007-09-16 10:47 15,600 ----a-w C:\WINDOWS\gdrv.sys 2007-09-16 10:07 --------- d-----w C:\Programme\uTorrent 2007-09-16 00:57 --------- d-----w C:\Programme\Paragon Software 2007-09-16 00:54 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2007-09-15 23:24 --------- d-----w C:\Programme\Gemeinsame Dateien\SpeechEngines 2007-09-15 23:24 --------- d-----w C:\Programme\Gemeinsame Dateien\ODBC 2007-09-15 23:15 --------- d-----w C:\Programme\Intel 2007-09-15 23:14 --------- d-----w C:\Programme\Marvell 2007-09-15 23:10 294,912 ----a-w C:\WINDOWS\HideWin.exe 2007-09-15 23:09 --------- d-----w C:\Programme\Realtek 2007-09-15 22:32 --------- d-----w C:\Programme\microsoft frontpage 2007-09-15 22:31 --------- d-----w C:\Programme\Online-Dienste 2007-09-15 22:30 --------- d-----w C:\Programme\Gemeinsame Dateien\MSSoap 2007-09-15 22:30 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}] 2007-11-14 15:44 36352 --a------ C:\WINDOWS\system32\ddcawwu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 16:37 C:\WINDOWS\RTHDCPL.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-28 23:43] "nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-28 23:43] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-15 15:42] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "Mirabilis ICQ"="C:\Programme\ICQ\NDetect.exe" [2002-11-17 10:31] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-11-02 18:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-08-29 16:09] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-03 23:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ"=C:\Programme\ICQ\ICQ.exe -trayboot [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\ddcawwu.dll [2007-11-14 15:44 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawwu] ddcawwu.dll 2007-11-14 15:44 36352 C:\WINDOWS\system32\ddcawwu.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqo.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb7a7b7-644f-11dc-a24c-0015f2058402}] \Shell\AutoRun\command - H:\laucher.exe *Newly Created Service* - HTTPFILTER . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 22:22:11 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2007-11-15 22:22:26 - machine was rebooted . --- E O F --- so und bei silentrunners kam das raus: "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "EPSON Stylus DX3800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"" ["SEIKO EPSON CORPORATION"] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Mirabilis ICQ" = "C:\Programme\ICQ\NDetect.exe" [null data] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {BBB05D9E-0297-404D-A6BF-D8F2876B84A6}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ddcawwu.dll" [null data] {C05C6CB8-4BB9-4A59-8FC9-4ACA0C19CB36}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\vtsqo.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}" = "*i" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ddcawwu.dll" [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> ddcawwu\DLLName = "ddcawwu.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "E:\Stuff\Bilder\sentenced wall-paper.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Stuff\Bilder\sentenced wall-paper.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {6224F700-CBA3-4071-B251-47CB894244CD}\ "ButtonText" = "ICQ Pro" "MenuText" = "ICQ" "Exec" = "C:\Programme\ICQ\ICQ.exe" ["ICQ Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"] AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Apple Mobile Device, Apple Mobile Device, ""C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] iPod-Dienst, iPod Service, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus DX3800 Series 2KMonitor5E\Driver = "E_FLMACE.DLL" ["SEIKO EPSON CORPORATION"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2007-11-15 22:16:27) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 42 seconds, including 22 seconds for message boxes) das escan log folgt noch aber wie siehts denn bisher aus und eine frage nebenbei was macht vundogen eigentlich? mfg cobol |
| Themen zu Vundo.gen, bitte um hilfe! |
| ad-aware, adobe, antivir, avira, bitte um hilfe, defender, drivers, excel, explorer, fehlalarm, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, infizierte, infizierte datei, internet, internet explorer, nvidia, rundll, s-1-5-18, scan, software, suspicious file, system, tr/vundo.gen, trend micro, trojaner, virus, vundo.gen, windows, windows xp |
Baum-Darstellung