Virtumonde komplett entfernt?

Atilie · 23.10.2008, 08:54

Hallo alle miteinander!

Laut Spybot habe ich mir Virtumonde eingefangen. Ich bin der Anleitung aus einem anderen Post gefolgt, bekomme jedoch manchmal noch Popups.
(http://www.trojaner-board.de/23940-iwe-kann-man-virtumonde-entfernen.html)
Wäre also dankbar wenn mal jemand über den Hijack-Log gucken könnte.

Grüße Alex

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51:36, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Antivirus\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAMME\PANDA ANTIVIRUS\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programme\Panda Antivirus\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
C:\Programme\Panda Antivirus\PsImSvc.exe
C:\Programme\Panda Antivirus\PskSvc.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Panda Antivirus\pavsrv51.exe
C:\Programme\Panda Antivirus\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Panda Antivirus\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\VolumeTracker.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\OpenVPN\bin\openvpn-gui.exe
C:\Programme\OpenVPN\bin\openvpn.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Panda Antivirus\psimreal.exe
C:\Dokumente und Einstellungen\Ati\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.***.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\\Panda Antivirus\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: VolumeTracker.lnk = C:\VolumeTracker.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202679034188
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA9CF91-34F8-4DD4-ABEC-194A0D2E2B59}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll bkwuny.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programme\\Panda Antivirus\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\TPSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8095 bytes

Chris4You · 23.10.2008, 09:40

Hi,

der zweite Eintrag in der Zeile...
O20 - AppInit_DLLs: acaptuser32.dll bkwuny.dll
Wenn wir den per HJ oder Avenger fixen, dann fliegt die acaptuser32.dll ebenfalls raus (und die sollte i. O. sein)...

Was ist das hier:
C:\VolumeTracker.exe

Lass bitte mal MAM laufen, danach RSIT und Datfind.bat...

MAM:
Malwarebytes Antimalware.
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Fullscann und alles beseitigen lassen, log posten

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
Lade Random's System Information Tool (RSIT) herunter http://filepony.de/download-rsit/
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Datfind (Neusten Dateien finden)
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

chris

Atilie · 23.10.2008, 15:40

Hallo Chris4You,

danke erstmal für deine Hilfe!

Ich habe die Programme alle laufen lassen.
MAM hat ja noch ganz schön viel gefunden.

Der VolumeTracker ist in Ordnung habe ich mir selber installiert.

Grüße Alex

MAM:
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1308
Windows 5.1.2600 Service Pack 3

23.10.2008 16:16:23
mbam-log-2008-10-23 (16-16-23).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 234492
Laufzeit: 26 minute(s), 3 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 17

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\mxjlailq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyyvTLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bkwuny.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ojdrvvow.dll (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08524a27-deb7-4dad-a29e-710774b7c981} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{08524a27-deb7-4dad-a29e-710774b7c981} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efe1f1da-9253-4bc8-b1d6-ec970414a467} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efe1f1da-9253-4bc8-b1d6-ec970414a467} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10f523db (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyyvtlf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyyvtlf -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\xxyyvTLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FLTvyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FLTvyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siggdi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxjlailq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qlialjxm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkwuny.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ojdrvvow.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4JCHA5OT\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ELQFS9ER\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MH8LEXU7\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8DE4849-8FA5-469B-B274-15B1C0366A54}\RP142\A0029532.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8DE4849-8FA5-469B-B274-15B1C0366A54}\RP142\A0029536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avkxhrvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqpQKB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnNfeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtgurmoi.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

DATFIND
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von c:\

23.10.2008 16:26 0 dirdat.txt
23.10.2008 16:18 1.610.612.736 pagefile.sys
22.10.2008 13:22 237 VundoFix.txt
20.10.2008 17:39 0 itouch_config_crash_info.txt
24.08.2008 19:15 1.340 Prodinfo.txt
13.05.2008 19:34 251.712 ntldr
11.02.2008 17:45 51.694.346 regbackup.reg
11.02.2008 01:09 0 itouch_crash_info.txt
11.02.2008 00:33 223 boot.ini
10.02.2008 22:49 0 IO.SYS
10.02.2008 22:49 0 CONFIG.SYS
10.02.2008 22:49 0 MSDOS.SYS
10.02.2008 22:49 0 AUTOEXEC.BAT
04.08.2004 14:00 4.952 bootfont.bin
04.08.2004 14:00 47.564 NTDETECT.COM
29.11.2003 23:23 36.864 VolumeTracker.exe
16 Datei(en) 1.662.649.974 Bytes
0 Verzeichnis(se), 9.584.463.872 Bytes frei

Verzeichnis von C:\WINDOWS\system32

23.10.2008 16:18 12.598 wpa.dbl
23.10.2008 15:30 0 1bd6e7a5-.txt
22.10.2008 12:35 73.706 perfc007.dat
22.10.2008 12:35 60.760 perfc009.dat
22.10.2008 12:35 400.600 perfh009.dat
22.10.2008 12:35 415.096 perfh007.dat
22.10.2008 12:35 961.472 PerfStringBackup.INI
22.10.2008 12:29 195 PavCPL.dat
22.10.2008 12:22 1.382.273 wugpfdmp.ini
15.10.2008 10:37 175.464 FNTCACHE.DAT
10.10.2008 18:34 413.696 wrap_oal.dll
10.10.2008 18:34 110.592 OpenAL32.dll
03.10.2008 12:59 359.340 TZLog.log
05.09.2008 23:31 267.304 WgaLogon.dll
05.09.2008 23:30 1.480.232 LegitCheckControl.dll
05.09.2008 23:30 952.360 WgaTray.exe
29.08.2008 12:56 3 EPCI17.dll
26.08.2008 13:28 16.208.504 MRT.exe
31.07.2008 10:41 238.088 xactengine3_2.dll
31.07.2008 10:41 68.616 XAPOFX1_1.dll
31.07.2008 10:40 509.448 XAudio2_2.dll
29.07.2008 16:05 1.296.896 SPort.dll
19.07.2008 23:19 4.096 crash
18.07.2008 22:10 94.920 cdm.dll
18.07.2008 22:10 53.448 wuauclt.exe
18.07.2008 22:10 45.768 wups2.dll
18.07.2008 22:10 36.552 wups.dll
18.07.2008 22:10 33.992 wucltui.dll.mui
18.07.2008 22:09 29.896 wuaucpl.cpl.mui
18.07.2008 22:09 29.896 wuapi.dll.mui
18.07.2008 22:09 325.832 wucltui.dll
18.07.2008 22:09 215.752 wuaucpl.cpl
18.07.2008 22:09 563.912 wuapi.dll
18.07.2008 22:09 1.811.656 wuaueng.dll
18.07.2008 22:08 21.192 wuaueng.dll.mui
12.07.2008 11:44 6.944 jupdate-1.6.0_07-b06.log
12.07.2008 08:18 467.984 d3dx10_39.dll
12.07.2008 08:18 3.851.784 D3DX9_39.dll
12.07.2008 08:18 1.493.528 D3DCompiler_39.dll
11.07.2008 14:42 62.976 tzchange.exe
07.07.2008 22:26 253.952 es.dll
06.07.2008 23:54 46 DonationCoder_urlsnooper_InstallInfo.dat

olume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von C:\WINDOWS

23.10.2008 16:19 51 iTouch.ini
23.10.2008 16:18 0 0.log
23.10.2008 16:18 2.048 bootstat.dat
23.10.2008 16:17 1.532 SchedLgU.Txt
23.10.2008 16:17 1.812.181 WindowsUpdate.log
23.10.2008 16:17 1.930 puexjmoc.txt
23.10.2008 09:08 3.843 setupapi.log
22.10.2008 13:33 230 WININIT.INI
22.10.2008 12:31 630 win.ini
15.10.2008 10:14 2.634 DIFx.log
03.10.2008 13:03 112.898 spupdsvc.log
03.10.2008 13:03 352 spupdsvc.log.1.log
03.10.2008 13:01 21.700 WgaNotify.log
03.10.2008 13:01 119.338 updspapi.log
03.10.2008 13:00 31.886 ntdtcsetup.log
03.10.2008 13:00 8.711 ocmsn.log
03.10.2008 13:00 8.242 tabletoc.log
03.10.2008 13:00 72.404 tsoc.log
03.10.2008 13:00 165.916 iis6.log
03.10.2008 13:00 13.013 KB938464.log
03.10.2008 13:00 27.832 netfxocm.log
03.10.2008 13:00 12.248 MedCtrOC.log
03.10.2008 13:00 7.842 msgsocm.log
03.10.2008 13:00 160.760 FaxSetup.log
03.10.2008 13:00 48.744 msmqinst.log
03.10.2008 12:59 15.337 KB952287.log
03.10.2008 12:59 1.374 imsins.BAK
03.10.2008 12:59 33.547 KB951072-v2.log
03.10.2008 12:59 20.082 KB950974.log
03.10.2008 12:59 20.470 KB953838-IE7.log
03.10.2008 12:59 10.802 KB952954.log
03.10.2008 12:59 6.862 KB946648.log
03.10.2008 12:59 6.627 KB951066.log
03.10.2008 12:59 10.971 KB929399.log
03.10.2008 12:58 6.424 KB953839.log
12.09.2008 11:47 216 wiadebug.log
12.09.2008 10:39 50 wiaservc.log
02.09.2008 15:55 69 NeroDigital.ini
01.09.2008 15:14 60.416 ALCFDRTM.VER
29.08.2008 12:57 93 WatchTVProEx.ini
29.08.2008 12:57 80 MSBDA.INI
08.08.2008 11:13 13.598 KB951748.log
08.08.2008 11:13 13.173 KB951978.log
08.08.2008 11:12 11.676 KB941569.log
20.07.2008 22:46 55 WINLIFE.INI
15.07.2008 00:34 26.950 WMFDist11.log
15.07.2008 00:33 12.797 Wudf01000Inst.log
14.07.2008 23:42 612.766 DPINST.LOG
02.07.2008 18:41 20.616 KB951698.log
02.07.2008 18:41 16.069 KB951376-v2.log
02.07.2008 18:41 20.807 KB950759-IE7.log
02.07.2008 18:41 7.796 KB950762.log
02.07.2008 18:41 7.096 KB950760.log

olume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10F5-2374

Verzeichnis von C:\WINDOWS

23.10.2008 16:19 51 iTouch.ini
23.10.2008 16:18 0 0.log
23.10.2008 16:18 2.048 bootstat.dat
23.10.2008 16:17 1.532 SchedLgU.Txt
23.10.2008 16:17 1.812.181 WindowsUpdate.log
23.10.2008 16:17 1.930 puexjmoc.txt
23.10.2008 09:08 3.843 setupapi.log
22.10.2008 13:33 230 WININIT.INI
22.10.2008 12:31 630 win.ini
15.10.2008 10:14 2.634 DIFx.log
03.10.2008 13:03 112.898 spupdsvc.log
03.10.2008 13:03 352 spupdsvc.log.1.log
03.10.2008 13:01 21.700 WgaNotify.log
03.10.2008 13:01 119.338 updspapi.log
03.10.2008 13:00 31.886 ntdtcsetup.log
03.10.2008 13:00 8.711 ocmsn.log
03.10.2008 13:00 8.242 tabletoc.log
03.10.2008 13:00 72.404 tsoc.log
03.10.2008 13:00 165.916 iis6.log
03.10.2008 13:00 13.013 KB938464.log
03.10.2008 13:00 27.832 netfxocm.log
03.10.2008 13:00 12.248 MedCtrOC.log
03.10.2008 13:00 7.842 msgsocm.log
03.10.2008 13:00 160.760 FaxSetup.log
03.10.2008 13:00 48.744 msmqinst.log
03.10.2008 12:59 15.337 KB952287.log
03.10.2008 12:59 1.374 imsins.BAK
03.10.2008 12:59 33.547 KB951072-v2.log
03.10.2008 12:59 20.082 KB950974.log
03.10.2008 12:59 20.470 KB953838-IE7.log
03.10.2008 12:59 10.802 KB952954.log
03.10.2008 12:59 6.862 KB946648.log
03.10.2008 12:59 6.627 KB951066.log
03.10.2008 12:59 10.971 KB929399.log
03.10.2008 12:58 6.424 KB953839.log
12.09.2008 11:47 216 wiadebug.log
12.09.2008 10:39 50 wiaservc.log
02.09.2008 15:55 69 NeroDigital.ini
01.09.2008 15:14 60.416 ALCFDRTM.VER
29.08.2008 12:57 93 WatchTVProEx.ini
29.08.2008 12:57 80 MSBDA.INI
08.08.2008 11:13 13.598 KB951748.log
08.08.2008 11:13 13.173 KB951978.log
08.08.2008 11:12 11.676 KB941569.log
20.07.2008 22:46 55 WINLIFE.INI
15.07.2008 00:34 26.950 WMFDist11.log
15.07.2008 00:33 12.797 Wudf01000Inst.log
14.07.2008 23:42 612.766 DPINST.LOG
02.07.2008 18:41 20.616 KB951698.log
02.07.2008 18:41 16.069 KB951376-v2.log
02.07.2008 18:41 20.807 KB950759-IE7.log
02.07.2008 18:41 7.796 KB950762.log
02.07.2008 18:41 7.096 KB950760.log

RSIT INFO
info.txt logfile of random's system information tool 1.04 2008-10-23 16:23:49

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
.
.
.
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AMD Processor Driver-->C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0007 -removeonly
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CIB pdf brewer 2.3.12-->C:\Programme\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
Cisco Systems VPN Client 5.0.02.0090-->MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
Combined Community Codec Pack 2008-01-24-->"C:\Programme\Combined Community Codec Pack\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"D:\Programme\Compiler\C\Dev-Cpp\uninstall.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
.
.
.
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriveImage XML-->"C:\Programme\DriveImage XML\Uninstall.exe" "C:\Programme\DriveImage XML\install.log" -u
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
GG E-Sports Platform-->C:\Programme\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GIMP 2.4.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Ati\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
.
.
Java(TM) SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 UNINSTALL
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Maple 10-->"C:\Programme\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mass Effect-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Mass Effect.exe
MATLAB R2008a-->C:\Programme\MATLAB\uninstall\uninstall.exe C:\Programme\MATLAB\
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
.
.
.
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe
MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++-->C:\Programme\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{1B14B0C3-2D60-477C-A1FE-B88E60948854}
OpenVPN 2.0.9-gui-1.0.3-->C:\Programme\OpenVPN\Uninstall.exe
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus Pro 2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\SETUP.exe" -l0x7 -removeonly
Panda NanoScan-->C:\Programme\Panda Security\NanoScan\nanounst.exe
PowerDVD Ultra-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000407 /z-uninstall
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
QIP 8070 Jeak Edition-->C:\Programme\QIP\uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
.
.
.
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TightVNC 1.3.9-->C:\Programme\TightVNC\unins000.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6h-->C:\Programme\VideoLAN\VLC\uninstall.exe
WC3Banlist-->"E:\Games\Warcraft 3\Tools\WC3Banlist\unins000.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Programme\WinPcap\uninstall.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.96-7-->C:\Programme\xp-AntiSpy\Uninstall.exe
Zattoo 3.2.4 Beta-->C:\Programme\Zattoo\uninst.exe

=====HijackThis Backups=====

O20 - AppInit_DLLs: acaptuser32.dll siggdi.dll

======Hosts File======

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\CIB pdf brewer;C:\Programme\MATLAB\bin;C:\Programme\MATLAB\bin\win32;C:\Programme\Java\jdk1.6.0_06\bin;C:\Programme\MySQL\MySQL Server 5.0\bin;C:\Programme\\Panda Antivirus\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2302
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Atilie · 23.10.2008, 15:42

Hier noch die das RSIT- Log. (Nicht alles war zu viel)

RSITLOG
Logfile of random's system information tool 1.04 (written by random/random)
Run by *** at 2008-10-23 16:24:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (30%) free of 30 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:15, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Antivirus\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAMME\PANDA ANTIVIRUS\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programme\Panda Antivirus\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
C:\Programme\Panda Antivirus\PsImSvc.exe
C:\Programme\Panda Antivirus\PskSvc.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Panda Antivirus\pavsrv51.exe
C:\Programme\Panda Antivirus\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\VolumeTracker.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\***\Desktop\Ati.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.***.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.***.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.***.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.***.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.***.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\\Panda Antivirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\\Panda Antivirus\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: VolumeTracker.lnk = C:\VolumeTracker.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202679034188
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA9CF91-34F8-4DD4-ABEC-194A0D2E2B59}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programme\\Panda Antivirus\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programme\\Panda Antivirus\TPSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8022 bytes

Chris4You · 23.10.2008, 15:59

Hi,

irgendwie fehlt mir das Mittelteil vom RSIT-Log... Das mit den Diensten etc.
Bitte posten...

HJ-Log sieht schon mal gut aus, muss aber noch nichts heissen...

Eventuell noch Silentrunner:
Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen.
Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten.
http://www.silentrunners.org/Silent%20Runners.zip

Und einen Scann mit good-old-Kapi:
http://www.kaspersky.com/de/virusscanner

chris

Atilie · 23.10.2008, 16:06

Hier erstmal der Rest.
Die anderen Tools schmeiße ich jetzt an.

RSITREST
======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"zBrowser Launcher"=C:\Programme\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
""= []
"APVXDWIN"=C:\Programme\\Panda Antivirus\APVXDWIN.EXE [2008-07-16 857344]
"SCANINICIO"=C:\Programme\\Panda Antivirus\Inicio.exe [2008-07-07 50432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-03-21 486856]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

C:\Dokumente und Einstellungen\Ati\Startmenü\Programme\Autostart
VolumeTracker.lnk - C:\VolumeTracker.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=1
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe"="C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"E:\Games\Warcraft 3\Tools\ListChecker\pickup.listchecker.exe"="E:\Games\Warcraft 3\Tools\ListChecker\pickup.listchecker.exe:*:Enabled

ickup.listchecker"
"C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"E:\Games\Warcraft III\ListChecker\pickup.listchecker.exe"="E:\Games\Warcraft III\ListChecker\pickup.listchecker.exe:*:Enabled

ickup.listchecker"
"E:\Games\Warcraft 3\ListChecker\pickup.listchecker.exe"="E:\Games\Warcraft 3\ListChecker\pickup.listchecker.exe:*:Enabled

ickup.listchecker"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Games\PES 9\pes2009.exe"="E:\Games\PES 9\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - C:\PROGRA~1\\PANDAA~1\PavScrip.exe "%1" %*
.vbs - open - C:\PROGRA~1\\PANDAA~1\PavScrip.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-23 16:22:43 ----D---- C:\rsit
2008-10-23 16:17:19 ----A---- C:\WINDOWS\puexjmoc.txt
2008-10-23 15:37:53 ----D---- C:\Dokumente und Einstellungen\Ati\Anwendungsdaten\Malwarebytes
2008-10-23 15:37:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-10-23 15:37:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-22 12:28:51 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2008-10-22 12:28:50 ----A---- C:\WINDOWS\system32\TpUtil.dll
2008-10-22 12:28:50 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2008-10-22 12:28:50 ----A---- C:\WINDOWS\system32\PavLspHook.dll
2008-10-22 12:28:50 ----A---- C:\WINDOWS\system32\pavipc.dll
2008-10-22 12:28:49 ----D---- C:\WINDOWS\system32\PAV
2008-10-22 12:28:49 ----A---- C:\WINDOWS\system32\PavSHook.dll
2008-10-22 12:28:49 ----A---- C:\WINDOWS\system32\avldr.dll
2008-10-22 12:28:48 ----D---- C:\Programme\Panda Antivirus
2008-10-22 12:28:48 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Panda Security
2008-10-22 12:28:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
2008-10-22 12:27:16 ----D---- C:\Programme\Gemeinsame Dateien\Panda Security
2008-10-22 12:22:54 ----SH---- C:\WINDOWS\system32\wugpfdmp.ini
2008-10-22 12:20:10 ----A---- C:\WINDOWS\system32\1bd6e7a5-.txt
2008-10-22 12:09:54 ----D---- C:\VundoFix Backups
2008-10-22 12:09:54 ----A---- C:\VundoFix.txt
2008-10-20 17:39:48 ----A---- C:\itouch_config_crash_info.txt
2008-10-19 19:17:17 ----A---- C:\WINDOWS\iTouch.ini
2008-10-16 12:12:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
2008-10-15 10:04:31 ----D---- C:\Programme\TightVNC
2008-10-10 18:35:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-10 18:35:18 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-10 18:35:17 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-10 18:35:16 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-10 18:35:15 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-10 18:35:14 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-10 18:35:14 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-10 18:35:14 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-10 18:35:14 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-10 18:35:14 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-10 18:35:13 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-10 18:35:13 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-10 18:35:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-10 18:35:11 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-10 18:35:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-10 18:34:46 ----D---- C:\WINDOWS\Logs
2008-10-10 18:34:46 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2008-10-10 18:34:46 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2008-10-03 13:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-03 12:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-03 12:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-03 12:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-03 12:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-03 12:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-03 12:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-03 12:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-03 12:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-03 12:55:45 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-01 18:10:51 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-10-01 18:10:48 ----D---- C:\Programme\MyPhoneExplorer

======List of files/folders modified in the last 1 months======

2008-10-23 16:22:56 ----D---- C:\WINDOWS\Prefetch
2008-10-23 16:22:47 ----D---- C:\WINDOWS\Temp
2008-10-23 16:22:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-23 16:21:06 ----D---- C:\Programme\Mozilla Firefox
2008-10-23 16:19:09 ----D---- C:\WINDOWS\system32
2008-10-23 16:18:59 ----D---- C:\WINDOWS\system32\drivers
2008-10-23 16:17:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-23 16:17:19 ----D---- C:\WINDOWS
2008-10-23 15:37:47 ----D---- C:\Programme
2008-10-23 15:29:35 ----D---- C:\Programme\Mozilla Thunderbird
2008-10-22 13:33:21 ----A---- C:\WINDOWS\WININIT.INI
2008-10-22 13:07:19 ----D---- C:\Programme\QIP
2008-10-22 12:35:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 12:31:18 ----N---- C:\WINDOWS\win.ini
2008-10-22 12:29:04 ----HD---- C:\WINDOWS\inf
2008-10-22 12:28:55 ----SHD---- C:\WINDOWS\Installer
2008-10-22 12:28:49 ----HD---- C:\Programme\InstallShield Installation Information
2008-10-22 12:27:16 ----D---- C:\Programme\Gemeinsame Dateien
2008-10-22 11:58:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-10-21 23:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 23:28:58 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azureus
2008-10-15 12:51:44 ----SD---- C:\WINDOWS\Tasks
2008-10-15 10:36:52 ----D---- C:\WINDOWS\system32\config
2008-10-15 10:19:10 ----D---- C:\Programme\Super Convert
2008-10-15 10:18:36 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-10-15 10:18:35 ----D---- C:\Programme\Mobile Master
2008-10-15 10:14:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-15 09:59:40 ----D---- C:\Dokumente und Einstellungen\Ati\Anwendungsdaten\MyPhoneExplorer
2008-10-10 18:35:19 ----D---- C:\WINDOWS\system32\DirectX
2008-10-10 18:35:09 ----RSD---- C:\WINDOWS\assembly
2008-10-08 23:54:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2008-10-08 21:24:45 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2008-10-03 13:06:15 ----D---- C:\Programme\Spybot - Search & Destroy
2008-10-03 13:03:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-03 13:02:43 ----D---- C:\Programme\Internet Explorer
2008-10-03 13:01:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 13:00:55 ----D---- C:\WINDOWS\WinSxS
2008-10-03 12:59:48 ----A---- C:\WINDOWS\imsins.BAK
2008-10-03 12:59:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-03 12:59:15 ----D---- C:\Programme\Messenger
2008-10-03 12:55:49 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-03 12:55:46 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 43520]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Programme\CyberLink\PowerDVD\000.fcl []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
R3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 14095]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S3 awn1wuwn;awn1wuwn; C:\WINDOWS\system32\drivers\awn1wuwn.sys []
S3 Bridge;MAC-Brücke; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-03-20 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-03-20 21672]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\72.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 MySQL;MySQL; C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Programme\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 PAVFNSVR;Panda Function Service; C:\Programme\\Panda Antivirus\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Programme\Gemeinsame Dateien\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Programme\\Panda Antivirus\pavsrv51.exe [2008-07-04 288512]
R2 PSIMSVC;Panda IManager Service; C:\Programme\\Panda Antivirus\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Programme\\Panda Antivirus\PskSvc.exe [2008-06-25 28928]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 TPSrv;Panda TPSrv; C:\Programme\\Panda Antivirus\TPSrv.exe [2008-07-17 157440]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-28 651720]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 OpenVPNService;OpenVPN Service; C:\Programme\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-17 354560]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-07-13 611664]

-----------------EOF-----------------

Virtumonde komplett entfernt?

Log-Analyse und Auswertung: Virtumonde komplett entfernt?