TR/Vundo.Gen und seine bekämpfung

KingHeinz · 10.11.2008, 18:45

======List of files/folders modified in the last 1 months======

2008-11-10 18:30:50 ----D---- C:\Programme\Mozilla Firefox
2008-11-10 18:30:29 ----D---- C:\WINDOWS\system32
2008-11-10 18:30:29 ----D---- C:\WINDOWS
2008-11-10 18:28:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-10 18:24:58 ----A---- C:\WINDOWS\system.ini
2008-11-10 18:24:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-10 18:23:25 ----D---- C:\WINDOWS\system32\drivers
2008-11-10 18:21:44 ----D---- C:\WINDOWS\system32\config
2008-11-10 18:21:10 ----D---- C:\WINDOWS\AppPatch
2008-11-10 18:21:10 ----D---- C:\Programme\Gemeinsame Dateien
2008-11-10 18:19:40 ----RASH---- C:\boot.ini
2008-11-10 18:17:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 18:13:31 ----HD---- C:\WINDOWS\inf
2008-11-10 17:58:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-10 17:25:31 ----SHD---- C:\WINDOWS\Installer
2008-11-10 17:25:23 ----D---- C:\Programme\Java
2008-11-10 17:16:42 ----RD---- C:\Programme
2008-11-10 17:12:41 ----SD---- C:\WINDOWS\Tasks
2008-11-10 17:09:24 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2008-11-10 17:09:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2008-11-10 17:08:51 ----D---- C:\Programme\Adobe
2008-11-10 16:22:06 ----D---- C:\WINDOWS\Prefetch
2008-11-10 16:21:31 ----D---- C:\Dokumente und Einstellungen\KingHeinz\Anwendungsdaten\uTorrent
2008-11-10 16:16:15 ----HD---- C:\Programme\InstallShield Installation Information
2008-11-10 15:37:47 ----D---- C:\Downloads
2008-11-04 22:20:39 ----D---- C:\Dokumente und Einstellungen\KingHeinz\Anwendungsdaten\dvdcss
2008-11-04 17:07:42 ----D---- C:\Programme\DAEMON Tools
2008-11-04 16:37:44 ----D---- C:\Programme\uTorrent
2008-11-02 02:51:04 ----D---- C:\Programme\Electronic Arts
2008-11-02 02:51:03 ----D---- C:\WINDOWS\WinSxS
2008-11-02 02:51:03 ----D---- C:\WINDOWS\system32\DirectX
2008-11-01 17:19:16 ----D---- C:\Programme\EA Sports
2008-10-25 02:00:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 02:00:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 22:18:45 ----D---- C:\Programme\DivX
2008-10-23 19:47:57 ----D---- C:\Dokumente und Einstellungen\KingHeinz\Anwendungsdaten\Adobe
2008-10-23 18:28:12 ----RSD---- C:\WINDOWS\Fonts
2008-10-23 16:05:05 ----D---- C:\Programme\DVD Treasury
2008-10-21 12:39:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-17 02:01:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-17 02:00:41 ----D---- C:\Programme\Internet Explorer
2008-10-15 17:57:39 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 20:37:24 ----D---- C:\Brennen

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 KS0108;KS0108; \??\C:\Programme\LcdStudio\ks0108.sys []
R1 LC7981;LC7981; \??\C:\Programme\LcdStudio\LC7981.sys []
R1 n3900;n3900; \??\C:\Programme\LcdStudio\n3900.sys []
R1 SED133x;SED133x; \??\C:\Programme\LcdStudio\SED133x.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 T6963C;T6963C; \??\C:\Programme\LcdStudio\T6963c.sys []
R1 tvtool;tvtool; \??\C:\Programme\TVTool\tvtool.sys []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-16 38656]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
R3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-12 4397568]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 al36v966;al36v966; C:\WINDOWS\system32\drivers\al36v966.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-27 1918464]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R3 ServiceLayer;ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-27 434176]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-27 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-23 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 VundoFixSvc;VundoFix Service; VundoFixSVC.exe []

-----------------EOF-----------------

so das müsste alles sein
man man man ganz viel text
wer soll da durchblicken
danke schonmal für eure hilfe

TR/Vundo.Gen und seine bekämpfung

Log-Analyse und Auswertung: TR/Vundo.Gen und seine bekämpfung

TR/Vundo.Gen und seine bekämpfung

Ähnliche Themen: TR/Vundo.Gen und seine bekämpfung