Virtumonde komplett entfernt?

Atilie

Hallo Chris4You,

danke erstmal für deine Hilfe!
Ich habe die Programme alle laufen lassen.
MAM hat ja noch ganz schön viel gefunden.
Der VolumeTracker ist in Ordnung habe ich mir selber installiert.

Grüße Alex

MAM:
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1308
Windows 5.1.2600 Service Pack 3

23.10.2008 16:16:23
mbam-log-2008-10-23 (16-16-23).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 234492
Laufzeit: 26 minute(s), 3 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 17

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\mxjlailq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyyvTLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bkwuny.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ojdrvvow.dll (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08524a27-deb7-4dad-a29e-710774b7c981} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{08524a27-deb7-4dad-a29e-710774b7c981} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efe1f1da-9253-4bc8-b1d6-ec970414a467} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efe1f1da-9253-4bc8-b1d6-ec970414a467} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10f523db (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyyvtlf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyyvtlf -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\xxyyvTLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FLTvyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FLTvyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siggdi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxjlailq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qlialjxm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkwuny.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ojdrvvow.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4JCHA5OT\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ELQFS9ER\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MH8LEXU7\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8DE4849-8FA5-469B-B274-15B1C0366A54}\RP142\A0029532.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8DE4849-8FA5-469B-B274-15B1C0366A54}\RP142\A0029536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avkxhrvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqpQKB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnNfeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtgurmoi.exe (Trojan.LowZones) -> Quarantined and deleted successfully.





DATFIND
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von c:\

23.10.2008 16:26 0 dirdat.txt
23.10.2008 16:18 1.610.612.736 pagefile.sys
22.10.2008 13:22 237 VundoFix.txt
20.10.2008 17:39 0 itouch_config_crash_info.txt
24.08.2008 19:15 1.340 Prodinfo.txt
13.05.2008 19:34 251.712 ntldr
11.02.2008 17:45 51.694.346 regbackup.reg
11.02.2008 01:09 0 itouch_crash_info.txt
11.02.2008 00:33 223 boot.ini
10.02.2008 22:49 0 IO.SYS
10.02.2008 22:49 0 CONFIG.SYS
10.02.2008 22:49 0 MSDOS.SYS
10.02.2008 22:49 0 AUTOEXEC.BAT
04.08.2004 14:00 4.952 bootfont.bin
04.08.2004 14:00 47.564 NTDETECT.COM
29.11.2003 23:23 36.864 VolumeTracker.exe
16 Datei(en) 1.662.649.974 Bytes
0 Verzeichnis(se), 9.584.463.872 Bytes frei

Verzeichnis von C:\WINDOWS\system32

23.10.2008 16:18 12.598 wpa.dbl
23.10.2008 15:30 0 1bd6e7a5-.txt
22.10.2008 12:35 73.706 perfc007.dat
22.10.2008 12:35 60.760 perfc009.dat
22.10.2008 12:35 400.600 perfh009.dat
22.10.2008 12:35 415.096 perfh007.dat
22.10.2008 12:35 961.472 PerfStringBackup.INI
22.10.2008 12:29 195 PavCPL.dat
22.10.2008 12:22 1.382.273 wugpfdmp.ini
15.10.2008 10:37 175.464 FNTCACHE.DAT
10.10.2008 18:34 413.696 wrap_oal.dll
10.10.2008 18:34 110.592 OpenAL32.dll
03.10.2008 12:59 359.340 TZLog.log
05.09.2008 23:31 267.304 WgaLogon.dll
05.09.2008 23:30 1.480.232 LegitCheckControl.dll
05.09.2008 23:30 952.360 WgaTray.exe
29.08.2008 12:56 3 EPCI17.dll
26.08.2008 13:28 16.208.504 MRT.exe
31.07.2008 10:41 238.088 xactengine3_2.dll
31.07.2008 10:41 68.616 XAPOFX1_1.dll
31.07.2008 10:40 509.448 XAudio2_2.dll
29.07.2008 16:05 1.296.896 SPort.dll
19.07.2008 23:19 4.096 crash
18.07.2008 22:10 94.920 cdm.dll
18.07.2008 22:10 53.448 wuauclt.exe
18.07.2008 22:10 45.768 wups2.dll
18.07.2008 22:10 36.552 wups.dll
18.07.2008 22:10 33.992 wucltui.dll.mui
18.07.2008 22:09 29.896 wuaucpl.cpl.mui
18.07.2008 22:09 29.896 wuapi.dll.mui
18.07.2008 22:09 325.832 wucltui.dll
18.07.2008 22:09 215.752 wuaucpl.cpl
18.07.2008 22:09 563.912 wuapi.dll
18.07.2008 22:09 1.811.656 wuaueng.dll
18.07.2008 22:08 21.192 wuaueng.dll.mui
12.07.2008 11:44 6.944 jupdate-1.6.0_07-b06.log
12.07.2008 08:18 467.984 d3dx10_39.dll
12.07.2008 08:18 3.851.784 D3DX9_39.dll
12.07.2008 08:18 1.493.528 D3DCompiler_39.dll
11.07.2008 14:42 62.976 tzchange.exe
07.07.2008 22:26 253.952 es.dll
06.07.2008 23:54 46 DonationCoder_urlsnooper_InstallInfo.dat

olume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von C:\WINDOWS

23.10.2008 16:19 51 iTouch.ini
23.10.2008 16:18 0 0.log
23.10.2008 16:18 2.048 bootstat.dat
23.10.2008 16:17 1.532 SchedLgU.Txt
23.10.2008 16:17 1.812.181 WindowsUpdate.log
23.10.2008 16:17 1.930 puexjmoc.txt
23.10.2008 09:08 3.843 setupapi.log
22.10.2008 13:33 230 WININIT.INI
22.10.2008 12:31 630 win.ini
15.10.2008 10:14 2.634 DIFx.log
03.10.2008 13:03 112.898 spupdsvc.log
03.10.2008 13:03 352 spupdsvc.log.1.log
03.10.2008 13:01 21.700 WgaNotify.log
03.10.2008 13:01 119.338 updspapi.log
03.10.2008 13:00 31.886 ntdtcsetup.log
03.10.2008 13:00 8.711 ocmsn.log
03.10.2008 13:00 8.242 tabletoc.log
03.10.2008 13:00 72.404 tsoc.log
03.10.2008 13:00 165.916 iis6.log
03.10.2008 13:00 13.013 KB938464.log
03.10.2008 13:00 27.832 netfxocm.log
03.10.2008 13:00 12.248 MedCtrOC.log
03.10.2008 13:00 7.842 msgsocm.log
03.10.2008 13:00 160.760 FaxSetup.log
03.10.2008 13:00 48.744 msmqinst.log
03.10.2008 12:59 15.337 KB952287.log
03.10.2008 12:59 1.374 imsins.BAK
03.10.2008 12:59 33.547 KB951072-v2.log
03.10.2008 12:59 20.082 KB950974.log
03.10.2008 12:59 20.470 KB953838-IE7.log
03.10.2008 12:59 10.802 KB952954.log
03.10.2008 12:59 6.862 KB946648.log
03.10.2008 12:59 6.627 KB951066.log
03.10.2008 12:59 10.971 KB929399.log
03.10.2008 12:58 6.424 KB953839.log
12.09.2008 11:47 216 wiadebug.log
12.09.2008 10:39 50 wiaservc.log
02.09.2008 15:55 69 NeroDigital.ini
01.09.2008 15:14 60.416 ALCFDRTM.VER
29.08.2008 12:57 93 WatchTVProEx.ini
29.08.2008 12:57 80 MSBDA.INI
08.08.2008 11:13 13.598 KB951748.log
08.08.2008 11:13 13.173 KB951978.log
08.08.2008 11:12 11.676 KB941569.log
20.07.2008 22:46 55 WINLIFE.INI
15.07.2008 00:34 26.950 WMFDist11.log
15.07.2008 00:33 12.797 Wudf01000Inst.log
14.07.2008 23:42 612.766 DPINST.LOG
02.07.2008 18:41 20.616 KB951698.log
02.07.2008 18:41 16.069 KB951376-v2.log
02.07.2008 18:41 20.807 KB950759-IE7.log
02.07.2008 18:41 7.796 KB950762.log
02.07.2008 18:41 7.096 KB950760.log

olume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von C:\WINDOWS

23.10.2008 16:19 51 iTouch.ini
23.10.2008 16:18 0 0.log
23.10.2008 16:18 2.048 bootstat.dat
23.10.2008 16:17 1.532 SchedLgU.Txt
23.10.2008 16:17 1.812.181 WindowsUpdate.log
23.10.2008 16:17 1.930 puexjmoc.txt
23.10.2008 09:08 3.843 setupapi.log
22.10.2008 13:33 230 WININIT.INI
22.10.2008 12:31 630 win.ini
15.10.2008 10:14 2.634 DIFx.log
03.10.2008 13:03 112.898 spupdsvc.log
03.10.2008 13:03 352 spupdsvc.log.1.log
03.10.2008 13:01 21.700 WgaNotify.log
03.10.2008 13:01 119.338 updspapi.log
03.10.2008 13:00 31.886 ntdtcsetup.log
03.10.2008 13:00 8.711 ocmsn.log
03.10.2008 13:00 8.242 tabletoc.log
03.10.2008 13:00 72.404 tsoc.log
03.10.2008 13:00 165.916 iis6.log
03.10.2008 13:00 13.013 KB938464.log
03.10.2008 13:00 27.832 netfxocm.log
03.10.2008 13:00 12.248 MedCtrOC.log
03.10.2008 13:00 7.842 msgsocm.log
03.10.2008 13:00 160.760 FaxSetup.log
03.10.2008 13:00 48.744 msmqinst.log
03.10.2008 12:59 15.337 KB952287.log
03.10.2008 12:59 1.374 imsins.BAK
03.10.2008 12:59 33.547 KB951072-v2.log
03.10.2008 12:59 20.082 KB950974.log
03.10.2008 12:59 20.470 KB953838-IE7.log
03.10.2008 12:59 10.802 KB952954.log
03.10.2008 12:59 6.862 KB946648.log
03.10.2008 12:59 6.627 KB951066.log
03.10.2008 12:59 10.971 KB929399.log
03.10.2008 12:58 6.424 KB953839.log
12.09.2008 11:47 216 wiadebug.log
12.09.2008 10:39 50 wiaservc.log
02.09.2008 15:55 69 NeroDigital.ini
01.09.2008 15:14 60.416 ALCFDRTM.VER
29.08.2008 12:57 93 WatchTVProEx.ini
29.08.2008 12:57 80 MSBDA.INI
08.08.2008 11:13 13.598 KB951748.log
08.08.2008 11:13 13.173 KB951978.log
08.08.2008 11:12 11.676 KB941569.log
20.07.2008 22:46 55 WINLIFE.INI
15.07.2008 00:34 26.950 WMFDist11.log
15.07.2008 00:33 12.797 Wudf01000Inst.log
14.07.2008 23:42 612.766 DPINST.LOG
02.07.2008 18:41 20.616 KB951698.log
02.07.2008 18:41 16.069 KB951376-v2.log
02.07.2008 18:41 20.807 KB950759-IE7.log
02.07.2008 18:41 7.796 KB950762.log
02.07.2008 18:41 7.096 KB950760.log



RSIT INFO
info.txt logfile of random's system information tool 1.04 2008-10-23 16:23:49

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
.
.
.
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AMD Processor Driver-->C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0007 -removeonly
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CIB pdf brewer 2.3.12-->C:\Programme\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
Cisco Systems VPN Client 5.0.02.0090-->MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
Combined Community Codec Pack 2008-01-24-->"C:\Programme\Combined Community Codec Pack\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"D:\Programme\Compiler\C\Dev-Cpp\uninstall.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
.
.
.
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriveImage XML-->"C:\Programme\DriveImage XML\Uninstall.exe" "C:\Programme\DriveImage XML\install.log" -u
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
GG E-Sports Platform-->C:\Programme\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GIMP 2.4.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Ati\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
.
.
Java(TM) SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 UNINSTALL
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Maple 10-->"C:\Programme\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mass Effect-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Mass Effect.exe
MATLAB R2008a-->C:\Programme\MATLAB\uninstall\uninstall.exe C:\Programme\MATLAB\
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
.
.
.
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe
MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++-->C:\Programme\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{1B14B0C3-2D60-477C-A1FE-B88E60948854}
OpenVPN 2.0.9-gui-1.0.3-->C:\Programme\OpenVPN\Uninstall.exe
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus Pro 2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\SETUP.exe" -l0x7 -removeonly
Panda NanoScan-->C:\Programme\Panda Security\NanoScan\nanounst.exe
PowerDVD Ultra-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000407 /z-uninstall
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
QIP 8070 Jeak Edition-->C:\Programme\QIP\uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
.
.
.
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TightVNC 1.3.9-->C:\Programme\TightVNC\unins000.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6h-->C:\Programme\VideoLAN\VLC\uninstall.exe
WC3Banlist-->"E:\Games\Warcraft 3\Tools\WC3Banlist\unins000.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Programme\WinPcap\uninstall.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.96-7-->C:\Programme\xp-AntiSpy\Uninstall.exe
Zattoo 3.2.4 Beta-->C:\Programme\Zattoo\uninst.exe

=====HijackThis Backups=====

O20 - AppInit_DLLs: acaptuser32.dll siggdi.dll

======Hosts File======

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\CIB pdf brewer;C:\Programme\MATLAB\bin;C:\Programme\MATLAB\bin\win32;C:\Programme\Java\jdk1.6.0_06\bin;C:\Programme\MySQL\MySQL Server 5.0\bin;C:\Programme\\Panda Antivirus\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2302
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------