|
Habe Probleme mit Trojanern TR/Vundo.gen TR/Patched.DY.1 Hallo Ich bin hier neu und braächte Hilfe beim Löschen meiner Trojaner. AntiVir bezeichnet sie als TR/Vundo.gen und TR/Patched.DY.1 Hier meine Hijackthis Log Datei Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:25, on 21.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe H:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\Programme\Bonjour\mDNSResponder.exe H:\Programme\Cisco Systems\VPN Client\cvpnd.exe H:\Programme\Java\jre6\bin\jqs.exe H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe H:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\IoctlSvc.exe H:\WINDOWS\system32\PnkBstrA.exe H:\WINDOWS\system32\PSIService.exe H:\Programme\shutdown\service.exe H:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\SearchIndexer.exe H:\WINDOWS\system32\NOTEPAD.EXE H:\WINDOWS\system32\wbem\wmiapsrv.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\Programme\Spamihilator\spamihilator.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe H:\Programme\T-DSL SpeedManager\SpeedMgr.exe H:\Programme\ScanSoft\PaperPort\pptd40nt.exe H:\Programme\Brother\Brmfcmon\BrMfcWnd.exe H:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe H:\Programme\pdf24\PDFBackend.exe H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe H:\Programme\Brother\ControlCenter3\brccMCtl.exe H:\Programme\Brother\Brmfcmon\BrMfcmon.exe H:\Programme\Java\jre6\bin\jusched.exe H:\WINDOWS\vsnpstd3.exe H:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe H:\Programme\CleanUp XP\CleanUp.exe H:\WINDOWS\system32\ctfmon.exe H:\lotus\organize\easyclip.exe H:\Programme\T-DSL SpeedManager\TSMSvc.exe H:\Programme\Mozilla Firefox\firefox.exe H:\WINDOWS\system32\SearchProtocolHost.exe H:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - H:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Spamihilator] "H:\Programme\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [avgnt] "H:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [T-DSL SpeedMgr] "H:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "H:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "H:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "H:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] H:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] H:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VirtualCloneDrive] "H:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [PDFPrint] "H:\Programme\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [GrooveMonitor] "H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [ISUSPM Startup] H:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "H:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [T-DSL-Manager-Setup] H:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\{13D3FE3C-C175-4BA3-9483-5BB01B502F19}\T-DSL Manager.msi O4 - HKLM\..\Run: [CleanUp XP] H:\Programme\CleanUp XP\CleanUp.exe -h O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: T-DSL Manager.lnk = ? O4 - Global Startup: Biet-O-Matic.exe.lnk = H:\Programme\Biet-O-Matic\Biet-O-Matic.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = H:\Programme\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = H:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus Schnellstart.lnk = H:\lotus\wordpro\ltsstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - H:\Programme\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - H:\Programme\PPLive\PPLive.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6\ICQ.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221577971296 O17 - HKLM\System\CCS\Services\Tcpip\..\{48ACE964-DDED-4C51-B3F2-715986A6640D}: NameServer = 217.237.150.188 217.237.151.142 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABF9C00-969A-44F2-B296-34D685A25A3B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{48ACE964-DDED-4C51-B3F2-715986A6640D}: NameServer = 217.237.150.188 217.237.151.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O21 - SSODL: bdkpfxqw - {D915BC73-990D-4721-9BBC-FF8EDA3AEE02} - H:\WINDOWS\bdkpfxqw.dll (file missing) O21 - SSODL: qadovnel - {BB86DEEA-0598-4578-82AE-AF880ED59CA9} - H:\WINDOWS\qadovnel.dll (file missing) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - H:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - H:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - H:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Hotspot Manager (HotSpotFSvc) - T-Systems Enterprise Services GmbH - H:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - H:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - H:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: RichiStudios Shutdown (RSShutdown) - RichiStudios - H:\Programme\shutdown\service.exe O23 - Service: ServiceLayer - Nokia. - H:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: T-DSL Manager (TDslMgrService) - T-Systems - H:\Programme\T-DSL Manager\DslMgrSvc.exe O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - H:\Programme\T-DSL SpeedManager\TSMSvc.exe -- End of file - 13570 bytes Vielen Dank |
Habe superantispyware drüberlaufen lassen.. Es hat auch einiges gefunden. Daraufhin habe ich einen neuen hijackthis log anfertigen lassen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:25, on 21.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe H:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\Programme\Bonjour\mDNSResponder.exe H:\Programme\Cisco Systems\VPN Client\cvpnd.exe H:\Programme\Java\jre6\bin\jqs.exe H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe H:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\IoctlSvc.exe H:\WINDOWS\system32\PnkBstrA.exe H:\WINDOWS\system32\PSIService.exe H:\Programme\shutdown\service.exe H:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\SearchIndexer.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\wbem\wmiapsrv.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\Programme\Spamihilator\spamihilator.exe H:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe H:\Programme\T-DSL SpeedManager\SpeedMgr.exe H:\Programme\ScanSoft\PaperPort\pptd40nt.exe H:\Programme\Brother\Brmfcmon\BrMfcWnd.exe H:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe H:\Programme\pdf24\PDFBackend.exe H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe H:\Programme\Java\jre6\bin\jusched.exe H:\Programme\Brother\ControlCenter3\brccMCtl.exe H:\WINDOWS\vsnpstd3.exe H:\Programme\Brother\Brmfcmon\BrMfcmon.exe H:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe H:\Programme\CleanUp XP\CleanUp.exe H:\WINDOWS\system32\ctfmon.exe H:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe H:\Programme\T-DSL SpeedManager\TSMSvc.exe H:\lotus\organize\easyclip.exe H:\WINDOWS\system32\wuauclt.exe H:\Programme\Mozilla Firefox\firefox.exe H:\WINDOWS\system32\spoolsv.exe H:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - H:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - H:\Programme\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Spamihilator] "H:\Programme\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [avgnt] "H:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [T-DSL SpeedMgr] "H:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "H:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "H:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "H:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] H:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] H:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VirtualCloneDrive] "H:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [PDFPrint] "H:\Programme\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [GrooveMonitor] "H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [ISUSPM Startup] H:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "H:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [T-DSL-Manager-Setup] H:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\{13D3FE3C-C175-4BA3-9483-5BB01B502F19}\T-DSL Manager.msi O4 - HKLM\..\Run: [CleanUp XP] H:\Programme\CleanUp XP\CleanUp.exe -h O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: T-DSL Manager.lnk = ? O4 - Global Startup: Biet-O-Matic.exe.lnk = H:\Programme\Biet-O-Matic\Biet-O-Matic.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = H:\Programme\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Lotus Organizer EasyClip.lnk = H:\lotus\organize\easyclip.exe O4 - Global Startup: Lotus Schnellstart.lnk = H:\lotus\wordpro\ltsstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - H:\Programme\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - H:\Programme\PPLive\PPLive.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6\ICQ.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221577971296 O17 - HKLM\System\CCS\Services\Tcpip\..\{48ACE964-DDED-4C51-B3F2-715986A6640D}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABF9C00-969A-44F2-B296-34D685A25A3B}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\..\{48ACE964-DDED-4C51-B3F2-715986A6640D}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.173 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - H:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - H:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - H:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - H:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Hotspot Manager (HotSpotFSvc) - T-Systems Enterprise Services GmbH - H:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - H:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - H:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: RichiStudios Shutdown (RSShutdown) - RichiStudios - H:\Programme\shutdown\service.exe O23 - Service: ServiceLayer - Nokia. - H:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: T-DSL Manager (TDslMgrService) - T-Systems - H:\Programme\T-DSL Manager\DslMgrSvc.exe O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - H:\Programme\T-DSL SpeedManager\TSMSvc.exe -- End of file - 13532 bytes |
Alles wieder in Ordnung |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:22 Uhr. |
Copyright ©2000-2025, Trojaner-Board