| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme bei der Entfernung von Vundo.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2008, 10:48
| #1 |
 |  Probleme bei der Entfernung von Vundo.Gen Hallo Community ich habe ein Problem mit dem Trojaner Vundo.Gen, der sich weder mit avira noch mit Vundofix 7.x entfernen lässt. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:31:08, on 09.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programme\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINDOWS\system32\rqRHXQGX.dll O2 - BHO: (no name) - {49DBD2DD-9603-4FE0-B9E8-6B34DA11187B} - C:\WINDOWS\system32\rqRKBUNd.dll (file missing) O2 - BHO: (no name) - {4A9BF311-A4D7-4064-87CC-C46DDFB0E886} - C:\WINDOWS\system32\ssqNgHYo.dll (file missing) O2 - BHO: (no name) - {4D80DB88-D80D-44B3-B385-0FEEE13A7BD2} - C:\WINDOWS\system32\cbXQghHa.dll (file missing) O2 - BHO: (no name) - {552E8226-6BB3-4273-A43C-FDD586A6F5B8} - C:\WINDOWS\system32\opnnmJaA.dll (file missing) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {5CF942E0-FAF6-4EDE-88DA-424A44B33B89} - C:\WINDOWS\system32\qoMGApqN.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: gxvpsafm - {3AF299A2-672C-4801-8D9F-025EE2C3BA66} - C:\WINDOWS\gxvpsafm.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [28d32c13] rundll32.exe "C:\WINDOWS\system32\qbvwtiwg.dll",b O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\***\ICQ\ICQL5_1\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\***\ICQ\ICQL5_1\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167644195031 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rqRHXQGX - C:\WINDOWS\SYSTEM32\rqRHXQGX.dll O21 - SSODL: qegbdmwf - {8255E652-5D59-41A0-9C80-CFB6C44EA04A} - (no file) O21 - SSODL: pntqkflv - {6A87E617-4129-4ADB-A3F0-F6E3ABDCDC54} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe -- End of file - 9616 bytes Code:
ATTFilter O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINDOWS\system32\rqRHXQGX.dll
O20 - Winlogon Notify: rqRHXQGX - C:\WINDOWS\SYSTEM32\rqRHXQGX.dll
Iergendwelche tipps außer neu aufsetzen? mfg Virtu-Opfer |
|
09.07.2008, 10:58
| #2 | |
| /// TB-Ausbilder     | Probleme bei der Entfernung von Vundo.Gen Hi,
__________________Zitat:
Versuch bitte mal Malwarebytes und poste das Ergebnis hier. (einfach alle Funde löschen lassen) Erstelle nach Malwarebytes noch ein Log mit DSS:
lg myrtille
__________________ |
|
09.07.2008, 11:15
| #3 |
| | Probleme bei der Entfernung von Vundo.Gen Malwarebytes Log-file von einem schnellscan vor entfernen
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.18
Datenbank Version: 895
12:13:03 09.07.2008
mbam-log-7-9-2008 (12-12-59).txt
Scan Art: Schnell Scan
Objekte gescannt: 57174
Scan Dauer: 6 minute(s), 37 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 4
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
C:\WINDOWS\system32\qbvwtiwg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRHXQGX.dll (Trojan.Vundo) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhxqgx (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\gxvpsafm.bmpe (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28d32c13 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pntqkflv (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qegbdmwf (Trojan.FakeAlert) -> No action taken.
Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\qbvwtiwg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gwitwvbq.ini (Trojan.Vundo) -> No action taken.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\GLK4.tmp (Rogue.EvidenceEliminator) -> No action taken.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\GLK46.tmp (Rogue.EvidenceEliminator) -> No action taken.
C:\WINDOWS\system32\rqRHXQGX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\gfetqaxstgm.dll (Trojan.FakeAlert) -> No action taken.
C:\Dokumente und Einstellungen\****\Desktop\DriveCleaner.lnk (Rogue.DriveCleaner) -> No action taken.
Logfile nach entfernen Code:
ATTFilter Malwarebytes' Anti-Malware 1.18
Datenbank Version: 895
12:23:28 09.07.2008
mbam-log-7-9-2008 (12-23-28).txt
Scan Art: Schnell Scan
Objekte gescannt: 57248
Scan Dauer: 6 minute(s), 40 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 3
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 4
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
C:\WINDOWS\system32\qbvwtiwg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rqRHXQGX.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXOeDTL.dll (Trojan.Vundo) -> Unloaded module successfully.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhxqgx (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.bmpe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28d32c13 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{39d67f39-6f48-438a-80a2-f86fe363c215} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pntqkflv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qegbdmwf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\qbvwtiwg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gwitwvbq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\GLK4.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\GLK46.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfffhosr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRHXQGX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXOeDTL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\gfetqaxstgm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Desktop\DriveCleaner.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Geändert von Virtu-Opfer (09.07.2008 um 11:26 Uhr) |
|
09.07.2008, 11:35
| #4 |
| /// TB-Ausbilder | Probleme bei der Entfernung von Vundo.Gen Hi, bevor du das DSS machst, starte bitte deinen Rechner neu, damit Malwarebytes die letzten Dateien noch löschen kann.  lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
09.07.2008, 11:41
| #5 |
| | Probleme bei der Entfernung von Vundo.Gen ja danke, hab das beachtet. hier noch die berichte von dss mfg virtu PS: die extra.txt is extra lang und muss die in mehrere spalten main.txt Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Stephan & Günther on 2008-07-09 12:30:08 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 73: 2008-07-09 10:30:19 UTC - RP1272 - Deckard's System Scanner Restore Point 72: 2008-07-08 23:05:28 UTC - RP1271 - Systemprüfpunkt 71: 2008-07-06 16:23:16 UTC - RP1270 - Systemprüfpunkt 70: 2008-07-05 16:02:03 UTC - RP1269 - Systemprüfpunkt 69: 2008-07-04 15:59:16 UTC - RP1268 - Systemprüfpunkt -- First Restore Point -- 1: 2008-04-10 16:38:19 UTC - RP1200 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ****.exe) ----------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:41, on 09.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\ATI-CPanel\atiptaxx.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Dokumente und Einstellungen\Stephan & Günther\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Stephan & Günther.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49DBD2DD-9603-4FE0-B9E8-6B34DA11187B} - C:\WINDOWS\system32\rqRKBUNd.dll (file missing) O2 - BHO: (no name) - {4A9BF311-A4D7-4064-87CC-C46DDFB0E886} - C:\WINDOWS\system32\ssqNgHYo.dll (file missing) O2 - BHO: (no name) - {4D80DB88-D80D-44B3-B385-0FEEE13A7BD2} - C:\WINDOWS\system32\cbXQghHa.dll (file missing) O2 - BHO: (no name) - {552E8226-6BB3-4273-A43C-FDD586A6F5B8} - C:\WINDOWS\system32\opnnmJaA.dll (file missing) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {5CF942E0-FAF6-4EDE-88DA-424A44B33B89} - C:\WINDOWS\system32\qoMGApqN.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {87E70AEC-CEF2-4304-BD2D-79512E24514A} - C:\WINDOWS\system32\byXOeDTL.dll (file missing) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: gxvpsafm - {3AF299A2-672C-4801-8D9F-025EE2C3BA66} - C:\WINDOWS\gxvpsafm.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Stephan\ICQ\ICQL5_1\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Stephan\ICQ\ICQL5_1\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167644195031 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe -- End of file - 9375 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> S3 gintelpp - c:\dokume~1\stepha~1\lokale~1\temp\gintelpp.sys (file missing) S3 ldiskl - c:\dokume~1\stepha~1\lokale~1\temp\ldiskl.sys (file missing) S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\programme\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394-Netzwerkadapter Device ID: V1394\NIC1394\E39DB300531 Manufacturer: Microsoft Name: 1394-Netzwerkadapter #2 PNP Device ID: V1394\NIC1394\E39DB300531 Service: NIC1394 -- Files created between 2008-06-09 and 2008-07-09 ----------------------------- 2008-07-09 12:17:03 140412 --ahs---- C:\WINDOWS\system32\LTDeOXyb.ini2 2008-07-09 10:58:39 0 d-------- C:\VundoFix Backups 2008-06-29 22:32:34 0 d-------- C:\Programme\Electronic Arts 2008-06-29 22:31:44 2322 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-06-27 23:44:02 0 d-------- C:\Programme\Trend Micro 2008-06-27 23:42:01 0 d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-06-27 23:41:28 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-27 23:41:28 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-27 23:41:28 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-27 23:41:28 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-27 23:41:28 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-27 23:41:28 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-27 23:41:28 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-27 23:41:28 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-27 19:48:54 0 d-------- C:\Programme\Enigma Software Group 2008-06-27 18:31:58 102389 --ahs---- C:\WINDOWS\system32\AaJmnnpo.ini2 2008-06-27 17:34:14 101935 --ahs---- C:\WINDOWS\system32\NqpAGMoq.ini2 2008-06-27 16:01:38 101933 --ahs---- C:\WINDOWS\system32\oYHgNqss.ini2 2008-06-27 13:21:41 691545 --a------ C:\WINDOWS\unins000.exe 2008-06-27 13:21:41 2563 --a------ C:\WINDOWS\unins000.dat 2008-06-27 09:15:10 0 d-------- C:\WINDOWS\system32\NtmsData 2008-06-26 09:52:21 144696 --ahs---- C:\WINDOWS\system32\dNUBKRqr.ini2 -- Find3M Report --------------------------------------------------------------- 2008-06-30 23:15:00 0 d-------- C:\Dokumente und Einstellungen\Stephan & Günther\Anwendungsdaten\SPORE Creature Creator 2008-06-29 22:30:27 0 d--h----- C:\Programme\InstallShield Installation Information 2008-06-27 23:42:10 0 d-------- C:\Dokumente und Einstellungen\Stephan & Günther\Anwendungsdaten\Malwarebytes 2008-06-27 12:52:16 0 d-------- C:\Dokumente und Einstellungen\Stephan & Günther\Anwendungsdaten\TmpRecentIcons 2008-06-26 09:55:22 1321 --a------ C:\WINDOWS\eReg.dat 2008-05-28 20:38:56 0 d-------- C:\Programme\Paint.NET 2008-05-27 13:56:02 0 d-------- C:\Dokumente und Einstellungen\Stephan & Günther\Anwendungsdaten\Xfire 2008-05-21 15:06:19 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-05-21 15:06:18 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-05-14 10:27:53 0 d-------- C:\Dokumente und Einstellungen\Stephan & Günther\Anwendungsdaten\teamspeak2 2008-05-12 17:16:15 0 d-------- C:\Programme\Mozilla Thunderbird -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 23.03.2007 08:52 1298024 -ra------ C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 23.03.2007 08:52 177768 -ra------ C:\Programme\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49DBD2DD-9603-4FE0-B9E8-6B34DA11187B}] C:\WINDOWS\system32\rqRKBUNd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A9BF311-A4D7-4064-87CC-C46DDFB0E886}] C:\WINDOWS\system32\ssqNgHYo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D80DB88-D80D-44B3-B385-0FEEE13A7BD2}] C:\WINDOWS\system32\cbXQghHa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{552E8226-6BB3-4273-A43C-FDD586A6F5B8}] C:\WINDOWS\system32\opnnmJaA.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CF942E0-FAF6-4EDE-88DA-424A44B33B89}] C:\WINDOWS\system32\qoMGApqN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87E70AEC-CEF2-4304-BD2D-79512E24514A}] C:\WINDOWS\system32\byXOeDTL.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [18.04.2008 08:23] "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [12.08.2004 22:10] "StatusClient 2.6"="C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [16.03.2007 11:45] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [15.11.2007 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00] "EA Core"="C:\Programme\Electronic Arts\EADM\Core.exe" [16.05.2008 18:16] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15.04.2008 08:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXOeDTL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28d32c13] rundll32.exe "C:\WINDOWS\system32\vxhlknos.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\ATI-CPanel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] C:\Programme\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Stephan\ICQ\ICQL5_1\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate] C:\Stephan\Games\Battlefield Vietnam\Byteswarm\LiveUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapdisk] "C:\Dokumente und Einstellungen\Stephan & Günther\Eigene Dateien\ArmAWork\mapdisk.bat" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient] c:\stephan\seti@home\SETI@home.exe -min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Stephan\Winamp\Neu\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "navapsvc"=3 (0x3) -- Hosts ----------------------------------------------------------------------- 127.0.0.1 cohlive-1.quazal.net 127.0.0.1 cohlive.quazal.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 8758 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-09 12:34:17 ------------ |
|
09.07.2008, 11:44
| #6 |
| | Probleme bei der Entfernung von Vundo.Gen Extra.txt part 1 Code:
ATTFilter Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2046.95 MiB / 1640.35 MiB
Pagefile Memory (total/avail): 2280.89 MiB / 2012.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.58 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 186.31 GiB total, 30.04 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2000BB-55GUA0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 186.31 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\\Stephan\\Games\\SIM3000\\Apps\\Updater\\UPDATER.EXE"="C:\\Stephan\\Games\\SIM3000\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Stephan\\Games\\SimCity\\Apps\\Updater\\UPDATER.EXE"="C:\\Stephan\\Games\\SimCity\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Programme\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Programme\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Stephan\\Games\\EE-ZDE\\EE-AOC.exe"="C:\\Stephan\\Games\\EE-ZDE\\EE-AOC.exe:*:Enabled:EE-ZDE"
"C:\\Stephan\\Games\\Empire Earth\\Launcher.exe"="C:\\Stephan\\Games\\Empire Earth\\Launcher.exe:*:Enabled:Empire Earth"
"C:\\Stephan\\Games\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Stephan\\Games\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:Battlefield Vietnam"
"C:\\Stephan\\Games\\Battlefield Vietnam\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Stephan\\Games\\Battlefield Vietnam\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\\Stephan\\ICQ\\ICQLite\\ICQLite.exe"="C:\\Stephan\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Stephan\\ICQ\\ICQL5_1\\ICQLite.exe"="C:\\Stephan\\ICQ\\ICQL5_1\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Stephan\\Games\\Empire at War\\GameData\\sweaw.exe"="C:\\Stephan\\Games\\Empire at War\\GameData\\sweaw.exe:*:Enabled:Petroglyph"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\\Stephan\\Games\\Empire Earth\\Empire Earth.exe"="C:\\Stephan\\Games\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Programme\\PERLE PI\\PERLE PI.exe"="C:\\Programme\\PERLE PI\\PERLE PI.exe:*:Disabled:PERLE PI"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Stephan\\Internet-Kommunikation\\Xfire\\Xfire.exe"="C:\\Stephan\\Internet-Kommunikation\\Xfire\\Xfire.exe:*:Disabled:Xfire"
"C:\\Stephan\\Games\\ArmA\\arma.exe"="C:\\Stephan\\Games\\ArmA\\arma.exe:*:Enabled:ArmA"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Stephan\\Games\\Battlefield 1942\\BF1942.exe"="C:\\Stephan\\Games\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Stephan\\Games\\CS\\Counterstrike 1.6\\hl.exe"="C:\\Stephan\\Games\\CS\\Counterstrike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Stephan\\Games\\Star Wars Battlefront 2\\evoz-stbf2a\\evoz-stbf2\\GameData\\BattlefrontII.exe"="C:\\Stephan\\Games\\Star Wars Battlefront 2\\evoz-stbf2a\\evoz-stbf2\\GameData\\BattlefrontII.exe:*:Disabled:BattlefrontII"
"C:\\Programme\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Programme\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"C:\\Programme\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Programme\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"C:\\Stephan\\Games\\Day of Defeat\\hl2.exe"="C:\\Stephan\\Games\\Day of Defeat\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Stephan\\Games\\Deer Hunter\\DH2005.exe"="C:\\Stephan\\Games\\Deer Hunter\\DH2005.exe:*:Enabled:DH2005"
"C:\\Stephan\\Games\\Flatout 2 RiP\\FlatOut2.exe"="C:\\Stephan\\Games\\Flatout 2 RiP\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\Stephan\\Games\\Company of Heroes Opposing Fronts\\Game\\RelicCOH.exe"="C:\\Stephan\\Games\\Company of Heroes Opposing Fronts\\Game\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Stephan\\Vietcong\\vietcong.exe"="C:\\Stephan\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Stephan\\Games\\ArmA\\beta\\arma.exe"="C:\\Stephan\\Games\\ArmA\\beta\\arma.exe:*:Enabled:ArmA"
"C:\\Stephan\\Games\\Fussballmanager\\fm.exe"="C:\\Stephan\\Games\\Fussballmanager\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Programme\\Electronic Arts\\EADM\\Core.exe"="C:\\Programme\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Stephan & Gnther\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=STEINBERGER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Stephan & Gnther
ITEMID=dj-22741-10
LANG=1031
LOGONSERVER=\\STEINBERGER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\Programme\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI-CPanel;C:\Programme\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONID=1102557569923htx694c2ea0b:10183e977e4:-6ae8
SESSIONNAME=Console
SWUTVER=1.0.18.20030627
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp
TIMEOUT=0
TMP=C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp
TOOLPATH=/C:\Programme\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOKUME~1\Manfred\LOKALE~1\Temp\rad4EF88.tmp
USERDOMAIN=STEINBERGER
USERNAME=Stephan & Gnther
USERPROFILE=C:\Dokumente und Einstellungen\Stephan & Gnther
VCToolkitInstallDir=C:\Stephan\Spiel\C++\C++Toolkit\
VERSION=3.0.2.993
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Manfred (admin)
Stephan & Günther (admin)
Administrator (new local, admin)
Gast (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
6thSense Mod --> C:\Stephan\Games\ArmA\6thSense Mod uninst.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AnalogX NetStat Live --> C:\Programme\AnalogX\NetStat Live\nslu.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
ArcSoft PhotoBase --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\ArcSoft\PhotoBase\Uninst.isu
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x7 -uninst
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\ArcSoft\PhotoStudio 2000\Uninst.isu"
ArmA ECS --> C:\Stephan\Games\ArmA\UnInstallECS.exe
ArmA Edit --> MsiExec.exe /I{30796680-61A7-429F-95DF-2BF598B652CC}
ArmA Queen's Gambit Uninstall --> C:\Stephan\Games\ArmA\UnInstallQG.exe
ArmA Uninstall --> C:\Stephan\Games\ArmA\UnInstall.exe
Ashampoo Burning Studio 6 --> "C:\Programme\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
ATC for Battlefield 1942 v.1.2 --> C:\Stephan\ATC\unins000.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Programme\Audacity\unins000.exe"
Avanquest update --> C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal – Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlecraft 1942 --> RunDll32
|
|
09.07.2008, 11:45
| #7 |
| | Probleme bei der Entfernung von Vundo.Gen part 2 Code:
ATTFilter C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BBD40517-2A65-4683-A164-E1F1E5770BAB}\Setup.exe" -l0x9
Battlecraft Vietnam --> C:\WINDOWS\iun6002.exe "C:\Stephan\Games\Battlefield Vietnam\BC\irunin.ini"
Battlefield 1942 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x7
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\Setup.exe" -l0x7
Battlefield Mod Development Toolkit --> "C:\WINDOWS\Battlefield Mod Development Toolkit\uninstall.exe" "/U:C:\Stephan\Games\MDK\MDT.xml"
Battlefield Mod Development Toolkit - Gmax tools --> "C:\WINDOWS\Battlefield Mod Development Toolkit - Gmax tools\uninstall.exe" "/U:C:\Stephan\Gmax\MDTGmax.xml"
Battlefield Vietnam(TM) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x7
Battlefield Vietnam: WW2 Mod --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x7
BattlEye Uninstall --> C:\Stephan\Games\ArmA\BattlEye\UnInstallBE.exe
BI's Tools drive Uninstall --> C:\Dokumente und Einstellungen\Stephan & Günther\Eigene Dateien\ArmAWork\UnInstall.exe
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BOINC --> MsiExec.exe /I{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}
C-Major Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{69273743-FC06-4CA3-A91A-0F8439304B7A}\setup.exe" -l0x9
Caere Scan Manager 5.1 --> MsiExec.exe /I{81D62C32-0984-11D3-86CD-00105AD33021}
Call of Duty(R) 2 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Programme\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CDBurnerXP --> "C:\Programme\CDBurnerXP\unins000.exe"
Celestia 1.4.1 --> "C:\Stephan\Celestia\unins000.exe"
Col. Cruachan's RFA Explorer --> \UNWISE.EXE C:\Stephan\Games\BATTLE~1\Mapping\
Company of Heroes --> "C:\Stephan\Games\Company of Heroes Opposing Fronts\Game\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
DDS Converter 2.1 --> C:\Stephan\DDS Converter\Uninstal.exe
Deer Hunter - The 2005 Season --> "C:\Programme\Atari\Deer Hunter 2005\unins000.exe"
Digital Camera Drivers --> MsiExec.exe /X{E9A2ECEB-CE47-4AB9-9ABC-29731A1F5733}
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriveCleaner --> MsiExec.exe /I{95542E68-75A4-42D3-B443-D140500CA66A}
EA Download Manager --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1031
EA.com Matchup --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Earth 2150 --> C:\Stephan\Games\EARTH2~1\UNWISE.EXE C:\Stephan\Games\EARTH2~1\INSTALL.LOG
Elite Force --> C:\WINDOWS\IsUn0407.exe -f"c:\stephan\games\Star Trek EF\Ef.isu"
Empire Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
eMusic - 50 Free MP3 offer --> "C:\Stephan\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EVEREST Home Edition v2.20 --> "C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Firebird SQL Server - MAGIX Edition --> C:\Programme\MAGIX\Common\Database\instslct.exe /p
Free YouTube Download 2.1 --> "C:\Stephan\YouTube Download\unins000.exe"
Game Cam v1.4 --> MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
Gary Grigsby's World At War --> "C:\WINDOWS\Gary Grigsby's World At War\uninstall.exe" "/U:C:\Stephan\Games\WofWar\Uninstall\uninstall.xml"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
Graphical Make RFA Installation Wizard --> \UNWISE.EXE C:\Stephan\Games\BATTLE~1\Mapping\
GTA San Andreas --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x7 -removeonly
Guitar Pro 4 --> MsiExec.exe /X{491CED7A-0F13-4BE6-957A-59DCA69E8271}
Hex Workshop --> C:\WINDOWS\uninst.exe -fc:\stephan\hex2\Programm\DeIsL1.isu
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld2 --> C:\Stephan\Games\Homeworld2\uninstall.exe
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.B --> "C:\Programme\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Smart Web Printing --> MsiExec.exe /X{BA248A92-1136-497E-8E1A-2591CBFB18EB}
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Speicher-Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
ICQ 5.1 --> C:\Stephan\ICQ\ICQL5_1\ICQLiteUninstall.EXE
InterVideo WinDVD --> "C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe
J2SE Development Kit 5.0 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JFK Reloaded 1.1 --> C:\Stephan\Games\JKF\JFK Reloaded\uninst.exe
KISS Wave MP3 Editor v15.1 --> MsiExec.exe /I{050DE0DE-DF3A-4C05-8922-8664BD6C617A}
LRC Editor 4.0 (remove only) --> "C:\Programme\LRC Editor 4\uninst-gsle4.exe"
LucasArts X-Wing Alliance --> C:\WINDOWS\unin0407.exe -fc:\stephan\games\SW\DeIsL1.isu
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MAGIX Digital Foto Maker (2005) SE --> C:\MAGIX\Digital_Foto_Maker_2005_SE\instslct.exe
MAGIX Digital Foto Maker 2008 Trial 5.0.0.241 (D) --> C:\Programme\MAGIX\Digital_Foto_Maker_2008_e-version\instslct.exe
MAGIX Fotos auf CD --> C:\MAGIX\Fotos_auf_CD_35\instslct.exe
MAGIX Media Suite - Standard Edition --> C:\MAGIX\Media_Suite_Standard_Edition\instslct.exe
MAGIX mp3 maker SE --> C:\MAGIX\mp3maker_2004_SE\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D) --> C:\Programme\MAGIX\Online_Druck_Service\instslct.exe
MAGIX PC Visit --> C:\Programme\MAGIX\PCVisit\instslct.exe
MAGIX video deLuxe SE --> C:\MAGIX\videodeLuxe_0405_SE\instslct.exe
MAGIX Xtreme Foto Designer 6 6.0.22.0 (D) --> C:\Programme\MAGIX\Xtreme_Foto_Designer_6\instslct.exe
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaFACE 4.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7F581D1D-C9A7-4C77-B88A-27537173CEDF} /l1031
MediaFACE 4.0 Business Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80} /l1031
MediaFACE 4.0 General Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268D18A2-4539-4530-8192-F13EDD876FFC} /l1031
MediaFACE 4.0 Lifestyle Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9AD92782-CAC6-48DF-A060-BFD6FE7689E7} /l1031
MediaFACE 4.0 Music Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8739235F-201D-449C-A03F-277A85F0FE1E} /l1031
MediaFACE 4.0 Special Occasion Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DA84434F-25B6-4716-A390-AC678FB6516D} /l1031
MediaFACE 4.0 Spiritual Image Library --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1DA6AB38-2876-4AE4-8236-24C2CF66601B} /l1031
Metallica Screensaver MA Tour Screen Saver --> C:\WINDOWS\Metallica Screensaver MA Tour.scr /u
Microsoft AutoRoute v11.0 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Enzyklopädie 2004 --> MsiExec.exe /I{04440044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040407-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Foto 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Picture It! Foto Premium 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ Toolkit 2003 --> MsiExec.exe /X{362882AE-E40A-4435-B214-6420634C401F}
Microsoft Word 2002 --> MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{5B680750-760B-49E4-81E7-21B2B337F9F7}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}
Midicode Oscilloscope Analyser --> C:\WINDOWS\uninst.exe -fc:\stephan\band\midicode\Synth\DeIsL1.isu -cc:\stephan\band\midicode\Synth\_ISREG32.DLL
Miles Sound Tools --> C:\PROGRA~1\MILESS~1\UNWISE.EXE C:\PROGRA~1\MILESS~1\INSTALL.LOG
mIRC --> "C:\Stephan\Internet-Kommunikation\mIRC\mirc.exe" -uninstall
MissionBoy Special Edition --> C:\WINDOWS\st6unst.exe -n "c:\Stephan\Games\Homeworld2\Missionman\ST6UNST.LOG"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x7 -removeonly
Mozilla Firefox (2.0.0.15) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OmniPage Pro 9.0 --> C:\Programme\Caere\OmniPagePro90\uninstall.exe -f"C:\Programme\Caere\OmniPagePro90\DeIsL1.isu"
OpenAL --> "C:\Programme\OpenAL\oalinst.exe" /U
OpenTTD 0.6.1 --> C:\Stephan\Games\OpenTTD\uninstall.exe
Paint.NET v3.31 --> MsiExec.exe /X{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}
phase5 --> "C:\Stephan\Spiel\proggen\HTML Editor\phase5\uninstall.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Programme\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PunkBuster für Battlefield Vietnam --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x7
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Roll --> C:\WINDOWS\UniFish3.exe C:\Stephan\Games\RCT\RollerCoaster Tycoon.log
S.W.I.N.E. --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1868D906-4CAE-4B03-8944-E10284ED244C}\setup.exe"
save2pc 3.0 --> "C:\Stephan\Games\save2pc\unins000.exe"
Setup-Start von Microsoft Works 2004 --> C:\Programme\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) -->
|
|
09.07.2008, 11:46
| #8 |
| | Probleme bei der Entfernung von Vundo.Gen part 3 Code:
ATTFilter "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
Skype 3.1 --> "C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoftV92 Data Fax Modem with SmartCP --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
SPORE™ Labor Basisversion --> "C:\Programme\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpyHunter --> "C:\Programme\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Programme\Enigma Software Group\SpyHunter\install.log" -u
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\Stephan\Games\SUPER@\Setup.exe /remove /q0
TeamSpeak 2 RC2 --> C:\Stephan\Internet-Kommunikation\Teamspeak\Teamspeak2_RC2\unins000.exe
The Compressonator 1.40 --> MsiExec.exe /I{5C46703D-92EE-40d9-BCF8-972EF4D564CA}
The Movies(TM) --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1}
Transport Tycoon Deluxe --> C:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Trillian --> C:\Stephan\Internet-Kommunikation\AOL\Trillian\trillian.exe /uninstall
unCDcopy version 1.7.0.5 free --> C:\Programme\unCDcopy\unins000.exe
Uninstall 1.0.0.0 --> "C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6b --> C:\Programme\VideoLAN\VLC\uninstall.exe
Vietcong --> C:\Stephan\Vietcong\Uninstall.exe
Visitor 3 Uninstall --> C:\Stephan\ArmA Edit\Visitor 3\UnInstall.exe
VistaPrint Electronic Business Card --> MsiExec.exe /X{253FCC55-E03D-40D4-A407-3470BE4101C0}
VNC Free Edition 4.1.2 --> "C:\Programme\RealVNC\VNC4\unins000.exe"
Warlords Beta 0.45 --> C:\Stephan\Games\Homeworld2\unins000.exe
Warlords:CLONEWARS Beta 0.91 --> C:\Stephan\Games\Homeworld2\unins001.exe
Winamp --> "C:\Stephan\Winamp\Neu\UninstWA.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Wing Commander Prophecy --> C:\Stephan\Games\Wingcommander\uninstal.exe
Wing Commander Saga Prologue --> MsiExec.exe /I{FA03C438-AA0B-409C-B90D-93C3CEB42859}
WinRAR archiver --> C:\Programme\WinRAR\uninstall.exe
WW2 Mod Extended --> C:\Stephan\Games\Battlefield Vietnam\WW2ModXUninst.exe
X Plugin Manager 2.12 --> 'C:\Stephan\Games\X3\X Plugin Manager\Uninstall.exe'
X3 Bonuspaket 3.1.07 --> "C:\Stephan\Games\X3\unins001.exe"
X3 Reunion --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B744987-A39E-45E5-B930-11EDBDFE3003}\setup.exe" -l0x7 -removeonly
X3plus 3.2.00 --> "C:\Stephan\Games\X3\unins000.exe"
Xfire (remove only) --> "C:\Stephan\Internet-Kommunikation\Xfire\uninst.exe"
Yahoo! Toolbar mit Pop-Up-Blocker --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3168 / Warning
Event Submitted/Written: 07/09/2008 11:31:08 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\rqRHXQGX.dll
Event Record #/Type3167 / Warning
Event Submitted/Written: 07/09/2008 11:29:19 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\rqRHXQGX.dll
Event Record #/Type3166 / Warning
Event Submitted/Written: 07/09/2008 11:11:47 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\rqRHXQGX.dll
Event Record #/Type3165 / Warning
Event Submitted/Written: 07/09/2008 11:11:39 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\rqRHXQGX.dll
Event Record #/Type3160 / Warning
Event Submitted/Written: 07/09/2008 11:03:43 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\rqRHXQGX.dll
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type104962 / Error
Event Submitted/Written: 07/09/2008 00:29:08 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Event Record #/Type104961 / Error
Event Submitted/Written: 07/09/2008 00:29:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "NTRemap" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Event Record #/Type104960 / Error
Event Submitted/Written: 07/09/2008 00:29:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "MapMem" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Event Record #/Type104959 / Error
Event Submitted/Written: 07/09/2008 00:29:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "GenPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Event Record #/Type104958 / Error
Event Submitted/Written: 07/09/2008 00:29:04 PM
Event ID/Source: 3095 / NETLOGON
Event Description:
Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
-- End of Deckard's System Scanner: finished at 2008-07-09 12:34:17 ------------
|
|
09.07.2008, 11:58
| #9 | ||
| /// TB-Ausbilder | Probleme bei der Entfernung von Vundo.Gen Hi, Bitte Dateien sichtbar machen und dann folgende Dateien löschen: Zitat:
Danach bitte HijackThis aufrufen und folgende Einträge fixen: Zitat:
)Dein Java ist veraltet. Bitte alle Versionen deinstallieren (geht unter Start->Systemsteuerung->Software) und die neueste Version von sun herunterladen. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
09.07.2008, 17:38
| #10 |
| | Probleme bei der Entfernung von Vundo.Gen so, hab alles gemacht, was gschrieben hast Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by **** on 2008-07-09 18:36:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as ****) ----------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:44, on 09.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\msiexec.exe C:\Dokumente und Einstellungen\****\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\STEPHA~1.EXE R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\****\ICQ\ICQL5_1\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\****\ICQ\ICQL5_1\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167644195031 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe -- End of file - 8399 bytes -- Files created between 2008-06-09 and 2008-07-09 ----------------------------- 2008-07-09 18:35:11 0 d-------- C:\Programme\Gemeinsame Dateien\Java 2008-06-29 22:32:34 0 d-------- C:\Programme\Electronic Arts 2008-06-29 22:31:44 2322 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-06-27 23:44:02 0 d-------- C:\Programme\Trend Micro 2008-06-27 23:42:01 0 d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-06-27 23:41:28 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-27 19:48:54 0 d-------- C:\Programme\Enigma Software Group 2008-06-27 13:21:41 691545 --a------ C:\WINDOWS\unins000.exe 2008-06-27 13:21:41 2563 --a------ C:\WINDOWS\unins000.dat -- Find3M Report --------------------------------------------------------------- 2008-07-09 18:36:26 0 d-------- C:\Programme\Java 2008-07-09 18:35:11 0 d-------- C:\Programme\Gemeinsame Dateien 2008-07-09 13:36:42 0 d-------- C:\Programme\Mozilla Thunderbird 2008-06-30 23:15:00 0 d-------- C:\Dokumente und Einstellungen\**** \Anwendungsdaten\SPORE Creature Creator 2008-06-29 22:30:27 0 d--h----- C:\Programme\InstallShield Installation Information 2008-06-27 23:42:10 0 d-------- C:\Dokumente und Einstellungen\**** \Anwendungsdaten\Malwarebytes 2008-05-28 20:38:56 0 d-------- C:\Programme\Paint.NET 2008-05-27 13:56:02 0 d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Xfire 2008-05-21 15:06:19 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-05-21 15:06:18 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-05-14 10:27:53 0 d-------- C:\Dokumente und Einstellungen\**** \Anwendungsdaten\teamspeak2 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 23.03.2007 08:52 1298024 -ra------ C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 23.03.2007 08:52 177768 -ra------ C:\Programme\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [18.04.2008 08:23] "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [12.08.2004 22:10] "StatusClient 2.6"="C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [16.03.2007 11:45] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [15.11.2007 00:43] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00] "EA Core"="C:\Programme\Electronic Arts\EADM\Core.exe" [16.05.2008 18:16] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15.04.2008 08:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXOeDTL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28d32c13] rundll32.exe "C:\WINDOWS\system32\vxhlknos.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\ATI-CPanel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] C:\Programme\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\****\ICQ\ICQL5_1\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate] C:\****\Games\Battlefield Vietnam\Byteswarm\LiveUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapdisk] "C:\Dokumente und Einstellungen\****\Eigene Dateien\ArmAWork\mapdisk.bat" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient] c:\****\seti@home\SETI@home.exe -min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\****\Winamp\Neu\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "navapsvc"=3 (0x3) -- End of Deckard's System Scanner: finished at 2008-07-09 18:37:02 ------------ Geändert von Virtu-Opfer (09.07.2008 um 17:48 Uhr) |
|
09.07.2008, 17:55
| #11 |
| /// TB-Ausbilder | Probleme bei der Entfernung von Vundo.Gen Sieht gut aus Hast du sonst noch Probleme? lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
09.07.2008, 18:14
| #12 |
| | Probleme bei der Entfernung von Vundo.Gen ne, sieht vorrübergehend sehr gut aus xD ich bedank mich recht herzlich bei dir, wenn ich könnte, würd ich dir jetz ne kiste bier oder wein oder beides zusammen schicken ^^ |
|
09.07.2008, 18:24
| #13 |
| /// TB-Ausbilder | Probleme bei der Entfernung von Vundo.Gen Ach danke, aber lass mal. Muss bis nächsten Mittwoch noch lernen, da wär ne Kiste Wein jetzt eher unpraktisch, bzw ein Garant für schlechte Noten  Wenns doch nochmal Probleme geben sollte, meld dich lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
09.07.2008, 18:44
| #14 |
| | Probleme bei der Entfernung von Vundo.Gen drauf kannst dich verlassen ;-) |
|
| Themen zu Probleme bei der Entfernung von Vundo.Gen |
| adobe, antivir, avira, bho, cdburnerxp, downloader, entfernen, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, konvertieren, logfile, magix, mozilla, mozilla firefox, neu aufsetzen, pdf-datei, photoshop, pop-up-blocker, problem, rundll, server, software, system, trojaner, unknown file in winsock lsp, vundo.gen, windows, windows xp |
Linear-Darstellung
