Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virtumonde und Virtumonde.prx

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.09.2008, 09:44   #1
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hallo,

ich habe auf meinen Laptop mit Spybot 4 Einträge über die Trojaner Virtumonde und Virtumonde.prx gefunden. Die beiden Einträge zu Virtumonde sind immer in der Registrierung an der gleichen Stelle, selbst nach manuellem löschen stellen sie sich von selbst wieder her obwohl ich den Prozeß mit Spybot verweigere.

Die beiden Einträge zu Virtumonde.prx beziehen sich immer auf eine Datei im system32 Ordner und den entsprechenden Eintrag in der Registrierung.
Ich habe bisher 2-3 mal die Datei in system32 mit Eraser komplett gelöscht, nach dem Neustart taucht sie jedoch immer wieder auf, jedoch in einer anderen system32 Datei.

Internetseiten laden erst nach dem ich 5-10 mal Refresh geklickt habe und mein ganzer Laptop lagged gewaltig. Ich habe schon VirtumondeBeGone und einige andere Fix-Programme ausprobiert und etliche Anleitungen befolgt, jedoch ohne Erfolg, sie finden nie etwas oder beheben das Problem nicht. Ich habe meinen Laptop schon 3 mal "plattgemacht" aber immer wieder dasselbe. Ich hoffe ihr könnt mir helfen.

Alt 25.09.2008, 11:10   #2
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hier das HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:36, on 25.09.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DAEMON Tools Lite\YASU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6726E985-77CC-4E1D-B964-1D8D68B534B4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8FB59FD-1605-455B-835C-B425A23FFEE3} - (no file)
O2 - BHO: (no name) - {F75C33E9-057B-4E9E-83AC-96B32EDD3E45} - C:\Windows\system32\awttrOHX.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingD4503] cmd /c del "C:\Windows\system32\rbdrtoav.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: czrszm.dll gjfzfh.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 6452 bytes
__________________


Alt 25.09.2008, 11:15   #3
myrtille
/// TB-Ausbilder
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hi,

erstelle bitte einen Scan mit Malwarebytes und lasse alle Funde löschen. Poste dann alle Funde hier.

lg myrtille
__________________
__________________

Alt 25.09.2008, 17:32   #4
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Sorry hat etwas länger gedauert

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1204
Windows 6.0.6000

25.09.2008 18:31:12
mbam-log-2008-09-25 (18-31-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 145419
Laufzeit: 1 hour(s), 37 minute(s), 54 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\awttrOHX.dll (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e87e782-4ea6-44aa-a7be-b4a209449b22} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e87e782-4ea6-44aa-a7be-b4a209449b22} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35cfe9b1-81c2-4d01-a350-a759292ad7fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awttrohx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttrohx -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\awttrOHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\XHOrttwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\XHOrttwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gqgisyjc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\cjysigqg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ruowkinn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nnikwour.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\aahwdi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dchrwpif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gxsqmoob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\smkcqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Alt 26.09.2008, 13:09   #5
myrtille
/// TB-Ausbilder
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hi,

sieht doch ganz gut aus.

Erstelle bitte ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier

lg myrtille

__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 29.09.2008, 12:49   #6
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Das log.txt ist zu groß @.@ kann ich nicht mal als Anhang dranpacken, hier erstmal das info.txt

info.txt logfile of random's system information tool 1.02 2008-09-29 00:12:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\DEU\USE_G\DOCUNINS.EXE
EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eraser-->"C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ESET Smart Security-->MsiExec.exe /I{58E05C78-4785-443D-8A1B-CBFF49C2A84E}
FINAL FANTASY XI: Chains of Promathia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}
FINAL FANTASY XI: Die Flügel der Göttin-->C:\Program Files\InstallShield Installation Information\{19451766-07CE-4A79-9A6A-61FC0395C319}\setup.exe -runfromtemp -l0x0407
FINAL FANTASY XI: Rise of the Zilart-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}
FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}
FINAL FANTASY XI-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45105F2B-0294-4354-A92A-5D1F575E24A5}
FUSSBALL MANAGER 08-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 08\eauninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
PlayOnline Viewer & Tetra Master-->C:\Program Files\InstallShield Installation Information\{A82B049B-14E7-4E0E-946D-024AC4050EF8}\setup.exe -runfromtemp -l0x0407
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tracks Eraser Pro v7.0-->"C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UltraISO Premium V9.0-->"C:\Program Files\UltraISO\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
xp-AntiSpy 3.96-8-->C:\Program Files\xp-AntiSpy\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall
AS: ESET Smart Security 3.0
AS: Spybot - Search and Destroy
AS: Windows-Defender (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Alt 29.09.2008, 12:50   #7
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Log Part 1:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Nils at 2008-09-29 13:41:54
Microsoft® Windows Vista™ Home Premium
System drive C: has 68 GB (60%) free of 114 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:01, on 29.09.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nils\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nils.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6726E985-77CC-4E1D-B964-1D8D68B534B4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8FB59FD-1605-455B-835C-B425A23FFEE3} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: czrszm.dll gjfzfh.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5996 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6726E985-77CC-4E1D-B964-1D8D68B534B4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB59FD-1605-455B-835C-B425A23FFEE3}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-05-07 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-05-07 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-05-07 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-05-07 67584]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-03-06 303104]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-06-10 1447168]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]


1-Klick-Wartung.job
SA.DAT
SCHEDLGU.TXT


1-Klick-Wartung.job
SA.DAT
SCHEDLGU.TXT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="czrszm.dll gjfzfh.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-09-29 00:12:21 ----D---- C:\rsit
2008-09-26 13:19:09 ----D---- C:\Users\Nils\AppData\Roaming\temp
2008-09-25 15:15:00 ----D---- C:\Users\Nils\AppData\Roaming\Adobe
2008-09-25 15:04:29 ----D---- C:\Users\Nils\AppData\Roaming\Malwarebytes
2008-09-25 15:04:24 ----D---- C:\ProgramData\Malwarebytes
2008-09-25 15:04:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 13:52:29 ----A---- C:\Windows\system32\winipsec.dll
2008-09-25 13:52:29 ----A---- C:\Windows\system32\polstore.dll
2008-09-25 13:52:29 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-25 13:52:29 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-09-25 13:51:25 ----A---- C:\Windows\system32\riched32.dll
2008-09-25 13:51:25 ----A---- C:\Windows\system32\riched20.dll
2008-09-25 13:51:22 ----A---- C:\Windows\system32\rasser.dll
2008-09-25 13:51:22 ----A---- C:\Windows\system32\rasdiag.dll
2008-09-25 13:51:22 ----A---- C:\Windows\system32\rascfg.dll
2008-09-25 13:51:21 ----A---- C:\Windows\system32\rasmxs.dll
2008-09-25 13:51:21 ----A---- C:\Windows\system32\netcfgx.dll
2008-09-25 13:51:21 ----A---- C:\Windows\system32\msftedit.dll
2008-09-25 13:51:20 ----A---- C:\Windows\system32\icsunattend.exe
2008-09-25 13:51:19 ----A---- C:\Windows\system32\ipnathlp.dll
2008-09-25 13:51:18 ----A---- C:\Windows\system32\wshqos.dll
2008-09-25 13:51:18 ----A---- C:\Windows\system32\traffic.dll
2008-09-25 13:51:18 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-25 13:51:18 ----A---- C:\Windows\system32\localspl.dll
2008-09-25 13:51:17 ----A---- C:\Windows\system32\dps.dll
2008-09-25 13:51:17 ----A---- C:\Windows\system32\cdd.dll
2008-09-25 13:50:12 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-25 13:50:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-25 13:50:08 ----A---- C:\Windows\system32\gameux.dll
2008-09-25 13:49:05 ----A---- C:\Windows\system32\ACCTRES.dll
2008-09-25 13:49:04 ----A---- C:\Windows\system32\msoert2.dll
2008-09-25 13:49:04 ----A---- C:\Windows\system32\msoeacct.dll
2008-09-25 13:47:58 ----A---- C:\Windows\system32\wtsapi32.dll
2008-09-25 13:47:54 ----A---- C:\Windows\explorer.exe
2008-09-25 13:47:52 ----A---- C:\Windows\system32\sysmain.dll
2008-09-25 13:47:50 ----A---- C:\Windows\system32\wlansvc.dll
2008-09-25 13:47:50 ----A---- C:\Windows\system32\wlanmsm.dll
2008-09-25 13:47:50 ----A---- C:\Windows\system32\wlanhlp.dll
2008-09-25 13:47:50 ----A---- C:\Windows\system32\wlanapi.dll
2008-09-25 13:47:49 ----A---- C:\Windows\system32\wlansec.dll
2008-09-25 13:46:55 ----A---- C:\Windows\system32\WebClnt.dll
2008-09-25 13:45:19 ----A---- C:\Windows\system32\winsrv.dll
2008-09-25 13:45:19 ----A---- C:\Windows\system32\csrsrv.dll
2008-09-25 13:43:11 ----A---- C:\Windows\system32\shell32.dll
2008-09-25 13:40:13 ----A---- C:\Windows\system32\tzres.dll
2008-09-25 13:38:46 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-09-25 13:35:02 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-25 13:30:46 ----A---- C:\Windows\system32\msscp.dll
2008-09-25 13:29:08 ----A---- C:\Windows\system32\wmploc.DLL
2008-09-25 13:29:07 ----A---- C:\Windows\system32\wmp.dll
2008-09-25 13:29:07 ----A---- C:\Windows\system32\spwmp.dll
2008-09-25 13:29:06 ----A---- C:\Windows\system32\dxmasf.dll
2008-09-25 13:29:05 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-09-25 13:28:18 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-09-25 13:28:17 ----A---- C:\Windows\system32\wfapigp.dll
2008-09-25 13:28:17 ----A---- C:\Windows\system32\MPSSVC.dll

2008-09-25 13:28:17 ----A---- C:\Windows\system32\icfupgd.dll
2008-09-25 13:28:17 ----A---- C:\Windows\system32\cmifw.dll
2008-09-25 13:28:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-09-25 13:28:03 ----A---- C:\Windows\NeroDigital.ini
2008-09-25 13:25:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-25 13:25:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-25 13:25:02 ----D---- C:\Users\Nils\AppData\Roaming\GRETECH
2008-09-25 13:24:48 ----A---- C:\Windows\system32\DWWIN.EXE
2008-09-25 13:24:06 ----A---- C:\Windows\system32\msxml3.dll
2008-09-25 13:24:05 ----A---- C:\Windows\system32\msxml3r.dll
2008-09-25 13:22:42 ----A---- C:\Windows\system32\SET7824.tmp
2008-09-25 13:22:42 ----A---- C:\Windows\system32\SET52CD.tmp
2008-09-25 13:22:42 ----A---- C:\Windows\system32\hcrstco.dll
2008-09-25 13:10:33 ----A---- C:\Windows\system32\netcfg.exe
2008-09-25 13:10:31 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-09-25 13:10:30 ----A---- C:\Windows\system32\netiougc.exe
2008-09-25 13:07:53 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-09-25 13:07:52 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-09-25 13:07:52 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-09-25 13:07:52 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-09-25 13:07:51 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-09-25 13:07:51 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-09-25 13:07:51 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-09-25 13:07:49 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-09-25 13:07:47 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-09-25 13:07:46 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-09-25 13:07:45 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-09-25 13:07:44 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-09-25 13:07:44 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-09-25 13:07:44 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-09-25 13:07:43 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-09-25 13:07:42 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-09-25 13:07:40 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-09-25 13:07:40 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-09-25 13:07:39 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-09-25 13:07:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-25 13:07:36 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-09-25 13:07:36 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-25 13:07:35 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-09-25 13:07:35 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-09-25 13:07:35 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-09-25 13:07:34 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-09-25 13:07:34 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-09-25 13:07:33 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-09-25 13:07:32 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-09-25 13:07:31 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-09-25 13:07:29 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-09-25 13:07:28 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-09-25 13:07:28 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-09-25 13:07:27 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-09-25 13:07:26 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-09-25 13:07:25 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-09-25 13:07:22 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-09-25 13:07:17 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-09-25 13:07:16 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-09-25 13:07:15 ----A---- C:\Windows\system32\NlsData0045.dll
2008-09-25 13:07:14 ----A---- C:\Windows\system32\NlsData0047.dll
2008-09-25 13:07:14 ----A---- C:\Windows\system32\NlsData0046.dll
2008-09-25 13:07:13 ----A---- C:\Windows\system32\NlsData0049.dll
2008-09-25 13:07:13 ----A---- C:\Windows\system32\NlsData0039.dll
2008-09-25 13:07:12 ----A---- C:\Windows\system32\NlsData0021.dll
2008-09-25 13:07:12 ----A---- C:\Windows\system32\NlsData0020.dll
2008-09-25 13:07:11 ----A---- C:\Windows\system32\NlsData0022.dll
2008-09-25 13:07:10 ----A---- C:\Windows\system32\NlsData0026.dll
2008-09-25 13:07:10 ----A---- C:\Windows\system32\NlsData0024.dll
2008-09-25 13:07:09 ----A---- C:\Windows\system32\NlsData0027.dll
2008-09-25 13:07:09 ----A---- C:\Windows\system32\NlsData0010.dll
2008-09-25 13:07:08 ----A---- C:\Windows\system32\NlsData0013.dll
2008-09-25 13:07:08 ----A---- C:\Windows\system32\NlsData0011.dll
2008-09-25 13:07:07 ----A---- C:\Windows\system32\NlsData0018.dll
2008-09-25 13:07:07 ----A---- C:\Windows\system32\NlsData0000.dll
2008-09-25 13:07:06 ----A---- C:\Windows\system32\NlsData0019.dll
2008-09-25 13:07:06 ----A---- C:\Windows\system32\NlsData0002.dll
2008-09-25 13:07:06 ----A---- C:\Windows\system32\NlsData0001.dll
2008-09-25 13:07:05 ----A---- C:\Windows\system32\NlsData0007.dll
2008-09-25 13:07:05 ----A---- C:\Windows\system32\NlsData0003.dll
2008-09-25 13:07:04 ----A---- C:\Windows\system32\NlsData004a.dll
2008-09-25 13:07:04 ----A---- C:\Windows\system32\NlsData0009.dll
2008-09-25 13:07:03 ----A---- C:\Windows\system32\NlsData004c.dll
2008-09-25 13:07:03 ----A---- C:\Windows\system32\NlsData004b.dll
2008-09-25 13:07:02 ----A---- C:\Windows\system32\NlsData004e.dll
2008-09-25 13:07:02 ----A---- C:\Windows\system32\NlsData003e.dll
2008-09-25 13:07:02 ----A---- C:\Windows\system32\NlsData002a.dll
2008-09-25 13:07:01 ----A---- C:\Windows\system32\NlsData001a.dll
2008-09-25 13:07:00 ----A---- C:\Windows\system32\NlsData001d.dll
2008-09-25 13:07:00 ----A---- C:\Windows\system32\NlsData001b.dll
2008-09-25 13:06:59 ----A---- C:\Windows\system32\NlsData000c.dll
2008-09-25 13:06:59 ----A---- C:\Windows\system32\NlsData000a.dll
2008-09-25 13:06:58 ----A---- C:\Windows\system32\NlsData000f.dll
2008-09-25 13:06:58 ----A---- C:\Windows\system32\NlsData000d.dll
2008-09-25 13:06:57 ----A---- C:\Windows\system32\NlsData0416.dll
2008-09-25 13:06:57 ----A---- C:\Windows\system32\NlsData0414.dll
2008-09-25 13:06:56 ----A---- C:\Windows\system32\NlsData0816.dll
2008-09-25 13:06:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-25 13:06:55 ----A---- C:\Windows\system32\NlsData081a.dll
2008-09-25 13:06:54 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-09-25 13:06:54 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-09-25 13:03:45 ----A---- C:\Windows\system32\advpack.dll
2008-09-25 13:03:44 ----A---- C:\Windows\system32\ieapfltr.dll
2008-09-25 13:03:43 ----A---- C:\Windows\system32\wininet.dll
2008-09-25 13:03:43 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-25 13:03:42 ----A---- C:\Windows\system32\dxtrans.dll
2008-09-25 13:03:42 ----A---- C:\Windows\system32\dxtmsft.dll
2008-09-25 13:03:41 ----A---- C:\Windows\system32\ieui.dll
2008-09-25 13:03:40 ----A---- C:\Windows\system32\ieframe.dll
2008-09-25 13:03:38 ----A---- C:\Windows\system32\mshtmled.dll
2008-09-25 13:03:37 ----A---- C:\Windows\system32\mshtml.dll
2008-09-25 13:03:33 ----A---- C:\Windows\system32\mstime.dll
2008-09-25 13:03:32 ----A---- C:\Windows\system32\icardie.dll
2008-09-25 13:03:29 ----A---- C:\Windows\system32\ieUnatt.exe
2008-09-25 13:03:27 ----A---- C:\Windows\system32\urlmon.dll
2008-09-25 13:03:27 ----A---- C:\Windows\system32\pngfilt.dll
2008-09-25 13:03:27 ----A---- C:\Windows\system32\iesetup.dll
2008-09-25 13:03:27 ----A---- C:\Windows\system32\iernonce.dll
2008-09-25 13:03:27 ----A---- C:\Windows\system32\ie4uinit.exe
2008-09-25 13:00:49 ----A---- C:\Windows\system32\setupapi.dll
2008-09-25 12:59:51 ----A---- C:\Windows\system32\srclient.dll
2008-09-25 12:59:50 ----A---- C:\Windows\system32\srdelayed.exe
2008-09-25 12:59:50 ----A---- C:\Windows\system32\srcore.dll
2008-09-25 12:59:50 ----A---- C:\Windows\system32\rstrui.exe
2008-09-25 12:59:49 ----A---- C:\Windows\system32\wpd_ci.dll
2008-09-25 12:59:49 ----A---- C:\Windows\system32\winresume.exe
2008-09-25 12:59:49 ----A---- C:\Windows\system32\kd1394.dll
2008-09-25 12:59:48 ----A---- C:\Windows\system32\winload.exe
2008-09-25 12:59:48 ----A---- C:\Windows\system32\ci.dll
2008-09-25 12:59:47 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-09-25 12:59:47 ----A---- C:\Windows\system32\drvinst.exe
2008-09-25 12:59:47 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-09-25 12:59:46 ----A---- C:\Windows\system32\nshhttp.dll
2008-09-25 12:59:46 ----A---- C:\Windows\system32\kbd106n.dll
2008-09-25 12:59:46 ----A---- C:\Windows\system32\dpx.dll
2008-09-25 12:59:45 ----A---- C:\Windows\system32\unlodctr.exe
2008-09-25 12:59:45 ----A---- C:\Windows\system32\oleaut32.dll
2008-09-25 12:59:45 ----A---- C:\Windows\system32\lodctr.exe
2008-09-25 12:59:45 ----A---- C:\Windows\system32\loadperf.dll
2008-09-25 12:59:44 ----A---- C:\Windows\system32\prflbmsg.dll
2008-09-25 12:59:43 ----A---- C:\Windows\system32\schedsvc.dll
2008-09-25 12:59:42 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-09-25 12:59:41 ----A---- C:\Windows\system32\dispci.dll
2008-09-25 12:59:41 ----A---- C:\Windows\system32\batt.dll
2008-09-25 12:56:54 ----A---- C:\Windows\system32\WMASF.DLL
2008-09-25 12:56:54 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-09-25 12:56:54 ----A---- C:\Windows\system32\asferror.dll
2008-09-25 12:56:38 ----A---- C:\Windows\system32\gdi32.dll
2008-09-25 12:56:07 ----A---- C:\Windows\system32\slwmi.dll
2008-09-25 12:56:07 ----A---- C:\Windows\system32\SLC.dll
2008-09-25 12:56:07 ----A---- C:\Windows\system32\mcbuilder.exe
2008-09-25 12:56:06 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-09-25 12:56:05 ----A---- C:\Windows\system32\SLUINotify.dll

Alt 29.09.2008, 12:51   #8
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Und hier Teil 2, angefangen mit dem letzten Eintrag von Teil 1:

2008-09-25 12:56:05 ----A---- C:\Windows\system32\SLUINotify.dll
2008-09-25 12:56:05 ----A---- C:\Windows\system32\SLUI.exe
2008-09-25 12:56:05 ----A---- C:\Windows\system32\SLLUA.exe
2008-09-25 12:56:02 ----A---- C:\Windows\system32\SLsvc.exe
2008-09-25 12:56:02 ----A---- C:\Windows\system32\slcinst.dll
2008-09-25 12:55:38 ----A---- C:\Windows\system32\msxml6r.dll
2008-09-25 12:55:38 ----A---- C:\Windows\system32\msxml6.dll
2008-09-25 12:54:33 ----A---- C:\Windows\system32\schannel.dll
2008-09-25 12:54:32 ----A---- C:\Windows\system32\ntprint.exe
2008-09-25 12:54:32 ----A---- C:\Windows\system32\ntprint.dll
2008-09-25 12:54:29 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-09-25 12:54:29 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-09-25 12:54:29 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-09-25 12:54:29 ----A---- C:\Windows\system32\authui.dll
2008-09-25 12:54:28 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-09-25 12:54:28 ----A---- C:\Windows\system32\msvfw32.dll
2008-09-25 12:54:28 ----A---- C:\Windows\system32\avicap32.dll
2008-09-25 12:54:27 ----A---- C:\Windows\system32\sendmail.dll
2008-09-25 12:54:27 ----A---- C:\Windows\system32\msvidc32.dll
2008-09-25 12:54:27 ----A---- C:\Windows\system32\msrle32.dll
2008-09-25 12:54:27 ----A---- C:\Windows\system32\mciavi32.dll
2008-09-25 12:54:27 ----A---- C:\Windows\system32\avifil32.dll
2008-09-25 12:53:48 ----A---- C:\Windows\system32\wshrm.dll
2008-09-25 12:53:37 ----A---- C:\Windows\system32\sbunattend.exe
2008-09-25 12:52:59 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-09-25 12:52:59 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-09-25 12:52:59 ----A---- C:\Windows\system32\dnsapi.dll
2008-09-25 12:52:40 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-25 12:52:26 ----A---- C:\Windows\system32\INETRES.dll
2008-09-25 12:52:25 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-25 12:52:05 ----A---- C:\Windows\system32\wmi.dll
2008-09-25 12:52:04 ----A---- C:\Windows\system32\imagehlp.dll
2008-09-25 12:51:51 ----A---- C:\Windows\system32\quartz.dll
2008-09-25 12:51:26 ----A---- C:\Windows\system32\mcmde.dll
2008-09-25 12:51:25 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-25 12:51:25 ----A---- C:\Windows\system32\EncDec.dll
2008-09-25 12:51:07 ----A---- C:\Windows\system32\crypt32.dll
2008-09-25 12:50:54 ----D---- C:\Program Files\MSXML 4.0
2008-09-25 12:50:37 ----A---- C:\Windows\system32\poqexec.exe
2008-09-25 12:50:15 ----A---- C:\Windows\system32\user32.dll
2008-09-25 12:49:17 ----A---- C:\Windows\system32\qmgr.dll
2008-09-25 11:52:56 ----D---- C:\Program Files\EA SPORTS
2008-09-25 10:43:06 ----SH---- C:\Windows\system32\nnikwour.tmp
2008-09-25 10:40:52 ----A---- C:\Windows\system32\gjfzfh.dll
2008-09-25 10:40:52 ----A---- C:\Windows\system32\akmgnbuf.dll
2008-09-25 10:40:40 ----A---- C:\Windows\system32\dhamfyna.dll
2008-09-25 10:29:09 ----A---- C:\Windows\wininit.ini
2008-09-25 09:57:43 ----SH---- C:\Windows\system32\iuvrdagg.ini
2008-09-25 09:57:29 ----A---- C:\Windows\system32\czrszm.dll
2008-09-25 09:57:28 ----A---- C:\Windows\system32\olopofnb.dll
2008-09-25 09:20:07 ----D---- C:\Windows\Sun
2008-09-24 22:58:27 ----SH---- C:\Windows\system32\cjysigqg.tmp
2008-09-24 22:54:59 ----A---- C:\Windows\system32\javaws.exe
2008-09-24 22:54:59 ----A---- C:\Windows\system32\javaw.exe
2008-09-24 22:54:59 ----A---- C:\Windows\system32\java.exe
2008-09-24 22:54:22 ----D---- C:\Program Files\Java
2008-09-24 22:53:34 ----D---- C:\Program Files\Common Files\Java
2008-09-24 22:25:39 ----D---- C:\Program Files\Unlocker
2008-09-24 21:11:23 ----A---- C:\Windows\system32\d3dsftop.dll
2008-09-24 20:52:14 ----A---- C:\Windows\ntbtlog.txt
2008-09-24 20:45:00 ----D---- C:\Program Files\Trend Micro
2008-09-24 20:05:44 ----SH---- C:\Windows\system32\yphewcvg.ini
2008-09-24 20:03:18 ----A---- C:\ProgramData\pskt.ini
2008-09-24 20:03:17 ----A---- C:\ProgramData\BMfb6eedce.txt
2008-09-24 20:02:38 ----A---- C:\Windows\system32\f37e1a2c-.txt
2008-09-24 20:00:44 ----A---- C:\Windows\system32\wucltux.dll
2008-09-24 20:00:43 ----A---- C:\Windows\system32\wups2.dll
2008-09-24 20:00:43 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-24 20:00:43 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-24 20:00:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-24 20:00:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-24 19:59:51 ----A---- C:\Windows\system32\wups.dll
2008-09-24 19:59:51 ----A---- C:\Windows\system32\wudriver.dll
2008-09-24 19:59:51 ----A---- C:\Windows\system32\wuapi.dll
2008-09-24 19:59:25 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-24 19:59:25 ----A---- C:\Windows\system32\wuapp.exe
2008-09-24 19:55:48 ----D---- C:\Users\Nils\AppData\Roaming\Macromedia
2008-09-24 19:55:03 ----A---- C:\Windows\system32\schedlog.txt
2008-09-24 19:54:42 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-24 19:50:46 ----D---- C:\Program Files\ICQ6Toolbar
2008-09-24 19:50:44 ----D---- C:\ProgramData\ICQ
2008-09-24 19:50:38 ----D---- C:\Users\Nils\AppData\Roaming\ICQ
2008-09-24 19:49:59 ----D---- C:\Program Files\ICQ6
2008-09-24 19:49:57 ----D---- C:\Windows\system32\Macromed
2008-09-24 19:49:29 ----D---- C:\Program Files\Windows Live
2008-09-24 19:48:11 ----D---- C:\Program Files\uTorrent
2008-09-24 19:48:03 ----D---- C:\Users\Nils\AppData\Roaming\uTorrent
2008-09-24 19:43:45 ----D---- C:\Program Files\PlayOnline
2008-09-24 19:43:45 ----D---- C:\Program Files\Common Files\PlayOnline
2008-09-24 19:42:16 ----D---- C:\Users\Nils\AppData\Roaming\Nero
2008-09-24 19:41:53 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-09-24 19:39:17 ----D---- C:\ProgramData\Nero
2008-09-24 19:39:17 ----D---- C:\Program Files\Nero
2008-09-24 19:39:17 ----D---- C:\Program Files\Common Files\Nero
2008-09-24 19:38:07 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-09-24 19:38:06 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-09-24 19:36:51 ----D---- C:\Program Files\Common Files\xing shared
2008-09-24 19:36:38 ----A---- C:\Windows\system32\rmoc3260.dll
2008-09-24 19:36:15 ----A---- C:\Windows\system32\pndx5032.dll
2008-09-24 19:36:13 ----A---- C:\Windows\system32\pndx5016.dll
2008-09-24 19:35:57 ----A---- C:\Windows\system32\msvcr71.dll
2008-09-24 19:35:57 ----A---- C:\Windows\system32\msvcp71.dll
2008-09-24 19:35:54 ----A---- C:\Windows\system32\pncrt.dll
2008-09-24 19:35:44 ----D---- C:\ProgramData\Adobe
2008-09-24 19:35:16 ----D---- C:\Program Files\Common Files\Real
2008-09-24 19:35:11 ----D---- C:\Program Files\Real
2008-09-24 19:34:47 ----D---- C:\Users\Nils\AppData\Roaming\Real
2008-09-24 19:33:48 ----D---- C:\Program Files\Common Files\Adobe
2008-09-24 19:33:48 ----D---- C:\Program Files\Adobe
2008-09-24 19:30:46 ----D---- C:\Users\Nils\AppData\Roaming\DAEMON Tools
2008-09-24 19:27:58 ----D---- C:\Program Files\Common Files\EZB Systems
2008-09-24 19:27:45 ----D---- C:\Program Files\UltraISO
2008-09-24 19:25:43 ----D---- C:\Users\Nils\AppData\Roaming\WinRAR
2008-09-24 19:25:30 ----D---- C:\Program Files\WinRAR
2008-09-24 19:25:28 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-24 19:24:20 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-24 19:23:47 ----A---- C:\Windows\system32\PICSDK2.dll
2008-09-24 19:23:47 ----A---- C:\Windows\system32\PICSDK.ini
2008-09-24 19:23:47 ----A---- C:\Windows\system32\PICSDK.dll
2008-09-24 19:23:47 ----A---- C:\Windows\system32\PICEntry.dll
2008-09-24 19:23:47 ----A---- C:\Windows\system32\EpPicPrt.dll
2008-09-24 19:23:47 ----A---- C:\Windows\system32\EPPicMgr.dll
2008-09-24 19:23:20 ----D---- C:\ProgramData\EPSON
2008-09-24 19:21:41 ----HD---- C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-09-24 19:21:36 ----D---- C:\Program Files\Eraser
2008-09-24 19:20:45 ----D---- C:\Program Files\Haali
2008-09-24 19:20:09 ----D---- C:\Users\Nils\AppData\Roaming\Mozilla
2008-09-24 19:19:53 ----A---- C:\Windows\system32\E_DCINST.DLL
2008-09-24 19:19:51 ----A---- C:\Windows\system32\E_FLBCEE.DLL
2008-09-24 19:19:50 ----A---- C:\Windows\system32\E_FD4BCEE.DLL
2008-09-24 19:19:06 ----D---- C:\Program Files\Mozilla Firefox
2008-09-24 19:18:45 ----D---- C:\Program Files\epson
2008-09-24 19:18:43 ----A---- C:\Windows\system32\escwiad.dll
2008-09-24 19:18:32 ----A---- C:\Windows\CDE DX8400DEFGIPS.ini
2008-09-24 19:11:09 ----D---- C:\Program Files\xp-AntiSpy
2008-09-24 19:09:55 ----D---- C:\Windows\Panther
2008-09-24 19:09:11 ----D---- C:\Windows\system32\OEM
2008-09-24 19:08:48 ----AD---- C:\ProgramData\TEMP
2008-09-24 19:08:45 ----A---- C:\Windows\system32\STKIT432.DLL
2008-09-24 19:08:45 ----A---- C:\Windows\system32\msxml.dll
2008-09-24 19:08:39 ----D---- C:\Program Files\Registry Mechanic
2008-09-24 19:07:04 ----A---- C:\Windows\system32\oestore.dll
2008-09-24 19:07:03 ----D---- C:\Program Files\Acesoft
2008-09-24 19:05:16 ----D---- C:\Users\Nils\AppData\Roaming\TuneUp Software
2008-09-24 19:05:14 ----A---- C:\Windows\system32\uxtuneup.dll
2008-09-24 19:05:14 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2008-09-24 19:05:14 ----A---- C:\Windows\system32\authuitu.dll
2008-09-24 19:05:05 ----D---- C:\ProgramData\TuneUp Software
2008-09-24 19:04:50 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-09-24 19:04:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 19:03:53 ----D---- C:\Program Files\GRETECH
2008-09-24 19:03:07 ----D---- C:\Program Files\VideoLAN
2008-09-24 18:54:53 ----D---- C:\Users\Nils\AppData\Roaming\ESET
2008-09-24 18:54:04 ----D---- C:\ProgramData\ESET
2008-09-24 18:54:04 ----D---- C:\Program Files\ESET
2008-09-24 18:50:42 ----A---- C:\Windows\system32\msonpmon.dll
2008-09-24 18:50:21 ----D---- C:\Program Files\Microsoft Works
2008-09-24 18:50:11 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-24 18:50:03 ----D---- C:\Windows\PCHEALTH
2008-09-24 18:50:03 ----D---- C:\Program Files\Microsoft.NET
2008-09-24 18:47:11 ----D---- C:\ProgramData\Microsoft Help
2008-09-24 18:47:11 ----D---- C:\Program Files\Microsoft Office
2008-09-24 18:46:37 ----RHD---- C:\MSOCache
2008-09-24 18:34:57 ----D---- C:\Windows\system32\DEU
2008-09-24 18:34:57 ----A---- C:\Windows\system32\Imsmudlg.exe
2008-09-24 18:33:32 ----D---- C:\Users\Nils\AppData\Roaming\InstallShield
2008-09-24 18:33:32 ----D---- C:\Program Files\Intel
2008-09-24 18:32:20 ----A---- C:\Windows\system32\stlang.dll
2008-09-24 18:32:20 ----A---- C:\Windows\system32\stacsv.exe
2008-09-24 18:32:20 ----A---- C:\Windows\sttray.exe
2008-09-24 18:31:40 ----A---- C:\Windows\system32\staco.dll
2008-09-24 18:31:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-24 18:31:38 ----D---- C:\Program Files\SigmaTel
2008-09-24 18:31:38 ----A---- C:\Windows\system32\stcplx.dll
2008-09-24 18:31:38 ----A---- C:\Windows\system32\stapo.dll
2008-09-24 18:31:38 ----A---- C:\Windows\system32\stapi32.dll
2008-09-24 18:31:38 ----A---- C:\Windows\system32\stacutil.dll
2008-09-24 18:31:38 ----A---- C:\Windows\system32\ctppld.dll
2008-09-24 18:31:38 ----A---- C:\Windows\system32\ctapo32.dll
2008-09-24 18:27:15 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-09-24 18:27:08 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-24 18:27:03 ----A---- C:\Windows\system32\nvwssr.dll
2008-09-24 18:27:03 ----A---- C:\Windows\system32\nvwss.dll
2008-09-24 18:27:03 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-09-24 18:27:03 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-09-24 18:27:02 ----A---- C:\Windows\system32\nvvitvs.dll
2008-09-24 18:27:02 ----A---- C:\Windows\system32\nvudisp.exe
2008-09-24 18:27:02 ----A---- C:\Windows\system32\nvsvc.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvoglv32.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmobls.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmctray.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmccssr.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmccss.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-09-24 18:27:01 ----A---- C:\Windows\system32\nvmccs.dll
2008-09-24 18:27:00 ----A---- C:\Windows\system32\nvhotkey.dll
2008-09-24 18:27:00 ----A---- C:\Windows\system32\nvgamesr.dll
2008-09-24 18:27:00 ----A---- C:\Windows\system32\nvgames.dll
2008-09-24 18:27:00 ----A---- C:\Windows\system32\nvexpbar.dll
2008-09-24 18:26:59 ----A---- C:\Windows\system32\nvdispsr.dll
2008-09-24 18:26:58 ----A---- C:\Windows\system32\nvdisps.dll
2008-09-24 18:26:58 ----A---- C:\Windows\system32\nvd3dum.dll
2008-09-24 18:26:57 ----A---- C:\Windows\system32\nvcpluir.dll
2008-09-24 18:26:57 ----A---- C:\Windows\system32\nvcplui.exe
2008-09-24 18:26:56 ----A---- C:\Windows\system32\nvcpl.dll
2008-09-24 18:26:56 ----A---- C:\Windows\system32\nvcolor.exe
2008-09-24 18:26:56 ----A---- C:\Windows\system32\nvcodins.dll
2008-09-24 18:26:56 ----A---- C:\Windows\system32\nvcod.dll
2008-09-24 18:26:56 ----A---- C:\Windows\system32\nvapi.dll
2008-09-24 18:26:56 ----A---- C:\Windows\system32\dpinst.exe
2008-09-24 18:25:57 ----D---- C:\Intel
2008-09-24 18:25:51 ----D---- C:\dell
2008-09-24 18:23:38 ----D---- C:\Windows\system32\vmm32
2008-09-24 18:23:38 ----D---- C:\Program Files\Dell
2008-09-24 18:23:02 ----SHD---- C:\Windows\Installer
2008-09-24 18:22:02 ----D---- C:\Users\Nils\AppData\Roaming\Identities
2008-09-24 18:21:54 ----SD---- C:\Users\Nils\AppData\Roaming\Microsoft
2008-09-24 18:21:54 ----D---- C:\Users\Nils\AppData\Roaming\Media Center Programs
2008-09-24 18:19:55 ----SHD---- C:\Programme
2008-09-24 18:19:55 ----SHD---- C:\ProgramData\Vorlagen
2008-09-24 18:19:55 ----SHD---- C:\ProgramData\Startmenü
2008-09-24 18:19:55 ----SHD---- C:\ProgramData\Favoriten
2008-09-24 18:19:55 ----SHD---- C:\ProgramData\Dokumente
2008-09-24 18:19:55 ----SHD---- C:\ProgramData\Anwendungsdaten
2008-09-24 18:19:55 ----SHD---- C:\Program Files\Gemeinsame Dateien
2008-09-24 18:19:55 ----SHD---- C:\Dokumente und Einstellungen
2008-09-24 18:14:20 ----D---- C:\Windows\SoftwareDistribution
2008-09-24 18:12:38 ----D---- C:\Windows\system32\catroot2
2008-09-24 18:12:22 ----D---- C:\Windows\Debug
2008-09-24 18:10:38 ----D---- C:\Windows\Prefetch
2008-09-24 18:10:27 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2008-09-29 13:41:46 ----D---- C:\Windows\Temp
2008-09-26 12:31:10 ----D---- C:\Windows
2008-09-26 12:15:05 ----SD---- C:\Windows\Downloaded Program Files
2008-09-25 18:33:52 ----D---- C:\Windows\System32
2008-09-25 18:33:50 ----D---- C:\Windows\system32\drivers
2008-09-25 16:04:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-25 16:04:49 ----D---- C:\Windows\inf
2008-09-25 15:56:40 ----D---- C:\Windows\system32\ras
2008-09-25 15:56:40 ----D---- C:\Windows\system32\de-DE
2008-09-25 15:56:40 ----D---- C:\Program Files\Windows Calendar
2008-09-25 15:56:39 ----D---- C:\Windows\system32\icsxml
2008-09-25 15:56:38 ----D---- C:\Windows\AppPatch
2008-09-25 15:56:37 ----D---- C:\Windows\system32\wbem
2008-09-25 15:56:37 ----D---- C:\Program Files\Windows Mail
2008-09-25 15:56:37 ----D---- C:\Program Files\Common Files\System
2008-09-25 15:56:36 ----D---- C:\Windows\system32\XPSViewer
2008-09-25 15:56:35 ----D---- C:\Program Files\Windows Defender
2008-09-25 15:56:34 ----D---- C:\Windows\servicing
2008-09-25 15:56:34 ----D---- C:\Program Files\Windows Media Player
2008-09-25 15:56:32 ----D---- C:\Windows\ehome
2008-09-25 15:56:31 ----D---- C:\Windows\system32\migration
2008-09-25 15:56:29 ----D---- C:\Program Files\Internet Explorer
2008-09-25 15:56:22 ----D---- C:\Windows\system32\SLUI
2008-09-25 15:56:18 ----D---- C:\Program Files\Windows Sidebar
2008-09-25 15:56:15 ----D---- C:\Windows\winsxs
2008-09-25 15:51:46 ----D---- C:\Windows\system32\config
2008-09-25 15:04:24 ----HD---- C:\ProgramData
2008-09-25 15:04:23 ----RD---- C:\Program Files
2008-09-25 13:46:03 ----D---- C:\Windows\system32\catroot
2008-09-25 12:17:15 ----D---- C:\Windows\Logs
2008-09-25 12:13:58 ----D---- C:\Windows\system32\Tasks
2008-09-25 08:54:29 ----D---- C:\Windows\system32\WDI
2008-09-24 22:53:34 ----D---- C:\Program Files\Common Files
2008-09-24 20:38:07 ----SD---- C:\ProgramData\Microsoft
2008-09-24 20:01:37 ----D---- C:\Windows\rescache
2008-09-24 19:41:33 ----RSD---- C:\Windows\assembly
2008-09-24 19:39:15 ----D---- C:\Windows\Cursors
2008-09-24 19:20:34 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-24 19:18:43 ----D---- C:\Windows\twain_32
2008-09-24 19:05:19 ----D---- C:\Windows\Tasks
2008-09-24 18:50:06 ----RSD---- C:\Windows\Fonts
2008-09-24 18:47:53 ----D---- C:\Windows\ShellNew
2008-09-24 18:28:18 ----D---- C:\Windows\Help
2008-09-24 18:23:22 ----D---- C:\Windows\system32\restore
2008-09-24 18:22:15 ----SHD---- C:\$Recycle.Bin
2008-09-24 18:21:54 ----RD---- C:\Users
2008-09-24 18:19:55 ----D---- C:\Program Files\Windows NT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-02-26 73728]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-06-10 71688]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 bcm4sbxp;Broadcom 440x 10/100-integrierter Controller-XP-Treiber; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-09-25 14208]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-06-10 30728]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-05-07 7111840]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-09-25 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-03-06 323584]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-09-25 11264]
S1 d3dspp;d3dspp; \??\C:\Windows\system32\drivers\d3dspp.sys [2008-09-24 38912]
S3 ax6r6zpo;ax6r6zpo; C:\Windows\system32\drivers\ax6r6zpo.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-03-06 90112]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-06-10 19200]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-09-24 306432]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

Alt 29.09.2008, 13:00   #9
myrtille
/// TB-Ausbilder
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hi,
Arbeite bitte folgendes ab:
Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:
  • Doppelklick auf das Avenger-Symbol
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
ATTFilter
 
files to delete:
C:\Windows\system32\nnikwour.tmp
C:\Windows\system32\gjfzfh.dll
C:\Windows\system32\akmgnbuf.dll
C:\Windows\system32\dhamfyna.dll
C:\Windows\system32\iuvrdagg.ini
C:\Windows\system32\czrszm.dll
C:\Windows\system32\olopofnb.dll
C:\Windows\system32\cjysigqg.tmp
C:\Windows\system32\yphewcvg.ini
C:\ProgramData\pskt.ini
C:\ProgramData\BMfb6eedce.txt
C:\Windows\system32\f37e1a2c-.txt

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6726E985-77CC-4E1D-B964-1D8D68B534B4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB59FD-1605-455B-835C-B425A23FFEE3}

registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLS
         
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.


Poste danach das Log von Avenger und ein neues Hijackthislog.

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 29.09.2008, 18:30   #10
Thundro
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\nnikwour.tmp" deleted successfully.
File "C:\Windows\system32\gjfzfh.dll" deleted successfully.
File "C:\Windows\system32\akmgnbuf.dll" deleted successfully.
File "C:\Windows\system32\dhamfyna.dll" deleted successfully.
File "C:\Windows\system32\iuvrdagg.ini" deleted successfully.
File "C:\Windows\system32\czrszm.dll" deleted successfully.
File "C:\Windows\system32\olopofnb.dll" deleted successfully.
File "C:\Windows\system32\cjysigqg.tmp" deleted successfully.
File "C:\Windows\system32\yphewcvg.ini" deleted successfully.
File "C:\ProgramData\pskt.ini" deleted successfully.
File "C:\ProgramData\BMfb6eedce.txt" deleted successfully.
File "C:\Windows\system32\f37e1a2c-.txt" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6726E985-77CC-4E1D-B964-1D8D68B534B4}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB59FD-1605-455B-835C-B425A23FFEE3}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLS" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Und...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:21, on 29.09.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5798 bytes


Danke nochmal für die Hilfe

Übrigens kannst du mir eine Internet Security oder ein Anti-Virus Programm empfehlen? Norton ist irgendwie nicht so das Wahre und Ich hab gehört Kaspersky 2009 und Vista funktioniert nicht so ganz gut...

Alt 29.09.2008, 21:54   #11
myrtille
/// TB-Ausbilder
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hi,

die logs sehen sauber aus

Ich bin mit Antivir Free, Malwarebytes und Comodo glücklich geworden und empfehle das auch gerne weiter. Auch unter Vista. Allerdings ist das keine Suite.
Wenn du Norton deinstallieren willst, benutzt bitte das Removalprogramm von Norton: Link

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 09.10.2008, 17:07   #12
mina
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Halli Hallo,
habe das gleiche Problem mit Virtumonde.prx.



[edit]

Bitte eröffne, wie jeder andere hier auch, für dein Problem eine eigenes Thema.
Nur so wird sichergestellt as jedem User übersichtlich und individuell geholfen werden kann.


Danke.

[/edit]

Alt 10.07.2009, 01:36   #13
The.Jaxx
 
Virtumonde und Virtumonde.prx - Standard

Virtumonde und Virtumonde.prx



Hallo,

ich habe den selben Trojaner auf meiner Rechner, würde ihn auch gerne nach der hier geposteten Anleitung entfernen, allerdings weis ich nicht welche Dateien ich bei mir in "The Avenger" eintragen muss. Kann mir damit jemand helfen? Welche Logs hat myrtille benutzt um die Anleitung zusammenzustellen?

Dankeschoen!!

Gruss

The.Jaxx

Edit: Ups habe gerade gesehen dass ich dafür auch ein neues Thema erstellen soll.

Antwort

Themen zu Virtumonde und Virtumonde.prx
andere, anderen, beheben, datei, eintrag, einträge, eraser, gelöscht, gen, helfen, immer wieder, komplett, laden, laptop, löschen, neustart, ordner, problem, refresh, registrierung, seite, seiten, spybot, stelle, system, system32, trojaner, virtumonde, virtumonde.prx, von selbst




Ähnliche Themen: Virtumonde und Virtumonde.prx


  1. Virtumonde :(
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (4)
  2. Virtumonde
    Plagegeister aller Art und deren Bekämpfung - 30.01.2009 (0)
  3. Virtumonde
    Log-Analyse und Auswertung - 21.01.2009 (14)
  4. Virtumonde/Virtumonde.prx nicht entfernbar !!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2009 (29)
  5. Smitfraud C, virtumonde, virtumonde generic
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (11)
  6. Virtumonde und Co...?
    Log-Analyse und Auswertung - 07.01.2009 (2)
  7. Virtumonde
    Plagegeister aller Art und deren Bekämpfung - 06.01.2009 (6)
  8. Virtumonde.prx und Virtumonde
    Mülltonne - 30.12.2008 (1)
  9. Virtumonde, Virtumonde.generic und Smitfraud-C. lassen sich nicht entfernen
    Log-Analyse und Auswertung - 22.12.2008 (1)
  10. Infiziert mit Virtumonde generic,Virtumonde ,Smitfraud-C und virtumonde.prx
    Plagegeister aller Art und deren Bekämpfung - 17.12.2008 (0)
  11. Spybot meldet Smitfraud-C. Virtumonde & Virtumonde.generic Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 15.12.2008 (1)
  12. Virtumonde.prx
    Log-Analyse und Auswertung - 05.12.2008 (2)
  13. Smitfraud-C. & Virtumonde & Virtumonde.generic
    Log-Analyse und Auswertung - 01.12.2008 (7)
  14. Smitfraud-C./Virtumonde/Virtumonde.prx
    Plagegeister aller Art und deren Bekämpfung - 25.11.2008 (22)
  15. Virtumonde
    Log-Analyse und Auswertung - 25.06.2008 (10)
  16. Virtumonde
    Plagegeister aller Art und deren Bekämpfung - 25.05.2008 (17)
  17. Virtumonde
    Mülltonne - 29.10.2007 (0)

Zum Thema Virtumonde und Virtumonde.prx - Hallo, ich habe auf meinen Laptop mit Spybot 4 Einträge über die Trojaner Virtumonde und Virtumonde.prx gefunden. Die beiden Einträge zu Virtumonde sind immer in der Registrierung an der gleichen - Virtumonde und Virtumonde.prx...
Archiv
Du betrachtest: Virtumonde und Virtumonde.prx auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.