| |
| |||||||
Log-Analyse und Auswertung: Backdoor.Win32.Breolab.bvWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.07.2009, 21:20
| #1 |
 |  Backdoor.Win32.Breolab.bv Hi ihr Wissenden, og. Trojaner habe ich mir eingefangen...Nach 4 Tagen rumsuchen nach onlinescannern, u.a. activescan, panda, avira hat mir der Kaspersky einige Dateien angezeigt....Daraufhin habe ich mit der 30Tage-Testversion jetzt alles erwischt, hoffe ich aufjedenfall. Da hängen hinter mir noch ca. 20 Leute die sich diesen Trojaner auf einer gehackten privaten HP geholt haben, nein nicht meine  und irgendwie auf Hilfe hoffen.Naja, dann schaut mal bitte: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:00:59, on 29.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\ANT 4 MailChecking\ant4mc.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WISO Urteilsmonitor.lnk = C:\Programme\WISO\Sparbuch 2008\urteilsmonitor.exe O4 - Global Startup: ANT 4 MailChecking.lnk = C:\Programme\ANT 4 MailChecking\ant4mc.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210865269515 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 7217 bytes Gruß Anke |
|
29.07.2009, 21:29
| #2 | |
  | Backdoor.Win32.Breolab.bv Hallo und
__________________ Zitat:
Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. ciao, andreas
__________________ |
|
29.07.2009, 21:32
| #3 |
| | Backdoor.Win32.Breolab.bv Hallo,
__________________ich kann dir bei einem Backdoor nur ein Neuaufsetzen ans Herz legen, da sich darüber ein Fremder Zugriff auf deinem PC/System verschafft, er bekommt alles mit (Passwörter etc.) Was ein Backdoor eigentlich ist?: Backdoor ? Wikipedia Hier ein Hilfelink zum Neuaufsetzen des Systems: http://www.trojaner-board.de/51262-a...sicherung.html Lies dort alles genau durch. wenn Fragen sind hier her  Nach dem Neuaufsetzen ändere bitte sofort alle kenn- und Passwörter von dem frischen System aus. Wenn Du sie sofort ändern möchtest dann bitte von einem SAUBEREN PC aus. Hoffe ich konnt dir genügend Informationen entgegenbringen. Auf gutes Gelingen EDIT: Aber wenn du es trotzdem bereinigen möchtest halte dich an John.doe!
__________________ Geändert von Angel21 (29.07.2009 um 21:41 Uhr) |
|
29.07.2009, 22:05
| #4 | |
| | Backdoor.Win32.Breolab.bv Hi John, (muß grinsen bei deinem Nick) Zitat:
 Gruß Anke |
|
29.07.2009, 22:08
| #5 |
| | Backdoor.Win32.Breolab.bv Das Log von Malwarebytes und die beiden Logs von RSIT sollst du hier natürlich posten. Die Gedankenleser unter uns haben immer noch Urlaub. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
29.07.2009, 23:09
| #6 | |
| | Backdoor.Win32.Breolab.bvCode:
ATTFilter Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2527
Windows 5.1.2600 Service Pack 3
30.07.2009 00:05:31
mbam-log-2009-07-30 (00-05-22).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 220766
Laufzeit: 41 minute(s), 28 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\Gipsy\lokale einstellungen\Temp\TMP2F.tmp (Trojan.Dropper) -> No action taken.
c:\dokumente und einstellungen\Gipsy\lokale einstellungen\Temp\TMP40.tmp (Trojan.Dropper) -> No action taken.
c:\dokumente und einstellungen\Gipsy\lokale einstellungen\Temp\TMP82.tmp (Trojan.Dropper) -> No action taken.
C:\Dokumente und Einstellungen\Gipsy\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
Nr. 2 kommt dann gleich.... Zitat:
 Gruß Anke |
|
29.07.2009, 23:12
| #7 |
| | Backdoor.Win32.Breolab.bv Hast du bei Malwarebytes auch löschen lassen, so wie es in der Anleitung steht? Dort steht No action taken. Die Funde sind nicht schön, da muss noch mehr sein.  ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
29.07.2009, 23:24
| #8 |
| | Backdoor.Win32.Breolab.bv Ne ich nicht  , verdammt langer Tag/e Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Anke at 2009-07-30 00:12:24 Microsoft Windows XP Professional Service Pack 3 System drive C: has 251 GB (83%) free of 302 GB Total RAM: 2046 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:12:29, on 30.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\ANT 4 MailChecking\ant4mc.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Anke\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Anke.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-73586283-492894223-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gipsy') O4 - HKUS\S-1-5-21-73586283-492894223-682003330-1005\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe (User 'Gipsy') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WISO Urteilsmonitor.lnk = C:\Programme\WISO\Sparbuch 2008\urteilsmonitor.exe O4 - Global Startup: ANT 4 MailChecking.lnk = C:\Programme\ANT 4 MailChecking\ant4mc.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210865269515 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 7494 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-11 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-07-03 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-11 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "Adobe Photo Downloader"=C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-26 16132608] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-07-09 570664] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-05-11 148888] "TrojanScanner"=C:\Programme\Trojan Remover\Trjscan.exe [2009-06-01 1059720] "AVP"=C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart ANT 4 MailChecking.lnk - C:\Programme\ANT 4 MailChecking\ant4mc.exe Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE C:\Dokumente und Einstellungen\Anke\Startmenü\Programme\Autostart WISO Urteilsmonitor.lnk - C:\Programme\WISO\Sparbuch 2008\urteilsmonitor.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\fsetup.exe"="H:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Temp\7zS8.tmp\SymNRT.exe"="C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-07-30 00:12:24 ----D---- C:\rsit 2009-07-29 23:15:39 ----D---- C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Malwarebytes 2009-07-29 23:15:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-07-29 23:15:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-07-29 22:47:44 ----D---- C:\Programme\CCleaner 2009-07-29 21:58:43 ----D---- C:\Programme\Trend Micro 2009-07-28 18:25:04 ----D---- C:\Programme\Kaspersky Lab 2009-07-28 18:10:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files 2009-07-28 15:35:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2009-07-28 15:35:54 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-07-27 22:43:39 ----D---- C:\Programme\ESET 2009-07-27 16:41:20 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-07-27 16:40:04 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-07-27 16:40:04 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-07-27 16:40:04 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-07-27 16:40:04 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-07-27 16:40:04 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-07-27 16:40:02 ----D---- C:\Programme\Trojan Remover 2009-07-27 16:40:02 ----D---- C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Simply Super Software 2009-07-27 16:40:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software 2009-07-27 13:43:49 ----D---- C:\Programme\Trojancheck 6 2009-07-15 19:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-15 19:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-15 19:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-03 15:48:56 ----A---- C:\WINDOWS\system32\klogon.dll ======List of files/folders modified in the last 1 months====== 2009-07-30 00:12:01 ----D---- C:\WINDOWS\Temp 2009-07-30 00:10:22 ----D---- C:\Programme\Mozilla Firefox 2009-07-30 00:02:34 ----D---- C:\WINDOWS\Prefetch 2009-07-29 23:15:35 ----D---- C:\WINDOWS\system32\drivers 2009-07-29 23:15:10 ----RD---- C:\Programme 2009-07-29 22:54:28 ----D---- C:\WINDOWS\Debug 2009-07-29 22:54:28 ----D---- C:\WINDOWS 2009-07-29 22:41:58 ----D---- C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\WTablet 2009-07-29 21:56:36 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-07-29 20:27:17 ----HD---- C:\WINDOWS\inf 2009-07-29 20:26:58 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-29 20:26:56 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-28 18:26:03 ----SHD---- C:\WINDOWS\Installer 2009-07-28 18:25:37 ----D---- C:\WINDOWS\system32 2009-07-28 18:21:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-07-28 18:21:25 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-07-28 18:14:04 ----D---- C:\WTablet 2009-07-28 15:35:55 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-27 17:47:09 ----D---- C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Adobe 2009-07-27 17:43:52 ----D---- C:\Diashow 2009-07-25 19:45:54 ----SD---- C:\WINDOWS\Tasks 2009-07-25 19:44:45 ----D---- C:\Programme\Gemeinsame Dateien 2009-07-15 19:12:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-02 12:30:10 ----D---- C:\Programme\ADAC TourPlaner® 2006 2007 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-28 296976] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-31 2371584] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-02 4403712] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 6144] S3 ASFWHide;ASFWHide; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ASFWHide [] S3 msloop;Microsoft Loopbackadaptertreiber; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-31 483328] R2 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920] R2 AVP;Kaspersky Anti-Virus; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-11 152984] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2006-09-06 942080] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-07-31 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-11-21 315392] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-16 654848] S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120] -----------------EOF----------------- |
|
29.07.2009, 23:25
| #9 |
| | Backdoor.Win32.Breolab.bvCode:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-07-30 00:12:31
======Uninstall list======
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe"
ADAC TourPlaner® 2006/2007-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17716C16-8810-47B9-BD20-3C34E126BE96}\SETUP.exe" -l0x7 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ahnenblatt-->C:\WINDOWS\system32\GKSUI20.EXE C:\Programme\Ahnenblatt\Uninstall0B2A.DAT
ANT 4 MailChecking 3.5-->"C:\Programme\ANT 4 MailChecking\unins000.exe"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!DSL-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\FRITZ!DSL\WebUnins.isu -cC:\Programme\FRITZ!DSL\Webunins.dll
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ESET Online Scanner v3-->C:\Programme\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Exifer-->C:\Programme\Exifer\unins000.exe
FileZilla Client 3.1.6-->C:\Programme\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\PROGRA~1\WS_FTP~1\uninst.isu" -c"C:\PROGRA~1\WS_FTP~1\FTPInstUtils.dll"
Jalbum 8.1-->C:\Programme\Jalbum8.1\Uninstall.exe
Jalbum-->MsiExec.exe /I{12576AB1-F34C-40C0-8875-66515C2755C8}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Meine CEWE FOTOWELT-->"C:\Programme\CeWe Color\Meine CEWE FOTOWELT\uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.12)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{664C3BDC-1BCF-4EA6-A127-E61430501031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Noiseware Community Edition-->MsiExec.exe /I{92CA58DD-4475-461C-828B-4A832B1EC080}
Nokia Connectivity Cable Driver-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA}
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PENTAX Digital Camera Utility-->C:\PROGRA~1\Pentax\DIGITA~1\UNINST.EXE C:\PROGRA~1\Pentax\DIGITA~1\INSTALL.LOG
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
S400-->C:\WINDOWS\system32\CNMS400.EXE -@C:\WINDOWS\IsUn0407.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S400 Installer\Inst\DeIsL1.isu" -pCanon S400-c"C:\BJPrinter\CNMWINDOWS\Canon S400 Installer\Inst\bjinst.dll
Security Update für Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
ShiftN 3.1-->"C:\Programme\ShiftN\unins000.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Tablett-->C:\Programme\Tablet\Remove.exe /u
Trojan Remover 6.7.9-->"C:\Programme\Trojan Remover\unins000.exe"
Trojancheck 6-->"C:\Programme\Trojancheck 6\unins000.exe"
Turbo Lister 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Programme\VideoLAN\VLC\uninstall.exe
Web Album Generator 1.8.2-->"C:\Programme\Web Album Generator\unins000.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: Kaspersky Anti-Virus
======System event log======
Computer Name: WOLFSISTER
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 1438
Source Name: Service Control Manager
Time Written: 20090706110623.000000+120
Event Type: Informationen
User:
Computer Name: WOLFSISTER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.
Record Number: 1437
Source Name: Service Control Manager
Time Written: 20090706110622.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: WOLFSISTER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.
Record Number: 1436
Source Name: Service Control Manager
Time Written: 20090706110617.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: WOLFSISTER
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 1435
Source Name: Service Control Manager
Time Written: 20090706110617.000000+120
Event Type: Informationen
User:
Computer Name: WOLFSISTER
Event Code: 17
Message:
Record Number: 1434
Source Name: avgntflt
Time Written: 20090706110157.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name: WOLFSISTER
Event Code: 0
Message:
Record Number: 8147
Source Name: Nero BackItUp Scheduler 3
Time Written: 20090719171020.000000+120
Event Type: Informationen
User:
Computer Name: WOLFSISTER
Event Code: 2570
Message: Der Adobe Active File-Monitor-Service wurde gestartet.
Record Number: 8146
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090719171016.000000+120
Event Type:
User:
Computer Name: WOLFSISTER
Event Code: 105
Message: The service was started.
Record Number: 8145
Source Name: ATI Smart
Time Written: 20090719171014.000000+120
Event Type: Informationen
User:
Computer Name: WOLFSISTER
Event Code: 1007
Message: Der Endbenutzer-Lizenzvertrag wurde zuvor abgelehnt.
Record Number: 8144
Source Name: WgaSetup
Time Written: 20090719171011.000000+120
Event Type: Informationen
User:
Computer Name: WOLFSISTER
Event Code: 1006
Message: Der Endbenutzer-Lizenzvertrag wurde zuvor akzeptiert.
Record Number: 8143
Source Name: WgaSetup
Time Written: 20090719171011.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Intel\DMIX;C:\Programme\Gemeinsame Dateien\GIS\Tools
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
|
|
29.07.2009, 23:41
| #10 |
| | Backdoor.Win32.Breolab.bv Poste bitte das Log von Trojan Remover. Das Log bekommst du über Menüzeile: File => View Logfile. Kontrolliere, ob im Ordner C:\WINDOWS\Temp\ eine Datei _ex-68.exe ist, falls ja, dann lade sie bei und hoch => http://www.trojaner-board.de/54791-a...ner-board.html ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? Geändert von john.doe (29.07.2009 um 23:47 Uhr) |
|
29.07.2009, 23:59
| #11 |
| | Backdoor.Win32.Breolab.bv von oben nach unten...kommt noch was... Code:
ATTFilter ***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.9.2583. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 00:49:54 30 Jul 2009
Using Database v7366
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Simply Super Software\Trojan Remover\
Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Dokumente und Einstellungen\Anke\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programme\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
00:49:54: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
00:49:55: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036800 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11.01.2008 22:16
Modified: 11.01.2008 22:16
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe Photo Downloader
Value Data: "C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe"
C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe
67488 bytes
Created: 11.09.2007 00:43
Modified: 11.09.2007 00:43
Company: Adobe Systems Incorporated
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16132608 bytes
Created: 14.07.2008 19:11
Modified: 26.04.2007 14:27
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 14.07.2008 19:11
Modified: 03.05.2005 18:43
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
570664 bytes
Created: 09.07.2008 15:39
Modified: 09.07.2008 15:39
Company: Nero AG
--------------------
Value Name: NBKeyScan
Value Data: "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
2221352 bytes
Created: 08.06.2008 09:31
Modified: 08.06.2008 09:31
Company: Nero AG
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Programme\Java\jre6\bin\jusched.exe"
C:\Programme\Java\jre6\bin\jusched.exe
148888 bytes
Created: 11.05.2009 15:43
Modified: 11.05.2009 15:43
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot
C:\Programme\Trojan Remover\Trjscan.exe
1059720 bytes
Created: 27.07.2009 16:40
Modified: 01.06.2009 17:06
Company: Simply Super Software
--------------------
Value Name: AVP
Value Data: "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
303376 bytes
Created: 03.07.2009 15:56
Modified: 03.07.2009 15:56
Company: Kaspersky Lab
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Malwarebytes' Anti-Malware
Value Data: C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
414992 bytes
Created: 29.07.2009 23:15
Modified: 13.07.2009 13:36
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
--------------------
Value Name: MSMSGS
Value Data: "C:\Programme\Messenger\msmsgs.exe" /background
C:\Programme\Messenger\msmsgs.exe
1695232 bytes
Created: 15.05.2008 14:25
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
--------------------
Value Name: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
1840424 bytes
Created: 24.06.2008 16:06
Modified: 24.06.2008 16:06
Company: Nero AG
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
00:49:59: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
00:49:59: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
00:50:00: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------
************************************************************
00:50:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
00:50:00: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
00:50:01: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AdobeActiveFileMonitor6.0
ImagePath: C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
124832 bytes
Created: 11.09.2007 00:45
Modified: 11.09.2007 00:45
Company: [no info]
----------
Key: ASFWHide
ImagePath: \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ASFWHide
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ASFWHide - [file not found to scan]
----------
Key: AtiHdmiService
ImagePath: system32\drivers\AtiHdmi.sys
C:\WINDOWS\system32\drivers\AtiHdmi.sys
84992 bytes
Created: 16.05.2008 11:15
Modified: 20.07.2007 13:40
Company: ATI Research Inc.
----------
Key: AVM IGD CTRL Service
ImagePath: C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
81920 bytes
Created: 15.05.2008 16:08
Modified: 21.11.2005 11:34
Company: AVM Berlin
----------
Key: AVP
ImagePath: "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
303376 bytes
Created: 03.07.2009 15:56
Modified: 03.07.2009 15:56
Company: Kaspersky Lab
----------
Key: Bonjour Service
ImagePath: C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Bonjour\mDNSResponder.exe
229376 bytes
Created: 28.02.2006 13:42
Modified: 28.02.2006 13:42
Company: Apple Computer, Inc.
----------
Key: de_serv
ImagePath: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
315392 bytes
Created: 15.05.2008 16:08
Modified: 21.11.2005 10:48
Company: AVM Berlin
----------
Key: e1express
ImagePath: system32\DRIVERS\e1e5132.sys
C:\WINDOWS\system32\DRIVERS\e1e5132.sys
254872 bytes
Created: 15.05.2008 16:56
Modified: 13.04.2007 20:33
Company: Intel Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
654848 bytes
Created: 16.05.2008 12:25
Modified: 16.05.2008 12:25
Company: Macrovision Europe Ltd.
----------
Key: gusvc
ImagePath: "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 23.01.2009 03:34
Modified: 01.08.2008 00:16
Company: Google
----------
Key: klbg
ImagePath: system32\drivers\klbg.sys
C:\WINDOWS\system32\drivers\klbg.sys
33808 bytes
Created: 15.12.2008 20:41
Modified: 15.12.2008 20:41
Company: Kaspersky Lab
----------
Key: klmouflt
ImagePath: system32\DRIVERS\klmouflt.sys
C:\WINDOWS\system32\DRIVERS\klmouflt.sys
19472 bytes
Created: 16.05.2009 20:59
Modified: 16.05.2009 20:59
Company: Kaspersky Lab
----------
Key: msloop
ImagePath: system32\DRIVERS\loop.sys
C:\WINDOWS\system32\DRIVERS\loop.sys
4992 bytes
Created: 15.05.2008 14:57
Modified: 17.08.2001 13:53
Company: Microsoft Corporation
----------
Key: Nero BackItUp Scheduler 3
ImagePath: C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
877864 bytes
Created: 08.06.2008 09:31
Modified: 08.06.2008 09:31
Company: Nero AG
----------
Key: NMIndexingService
ImagePath: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
537896 bytes
Created: 24.06.2008 16:05
Modified: 24.06.2008 16:05
Company: Nero AG
----------
Key: pavboot
ImagePath: system32\drivers\pavboot.sys
C:\WINDOWS\system32\drivers\pavboot.sys
28544 bytes
Created: 25.07.2009 12:48
Modified: 19.06.2008 17:24
Company: Panda Security, S.L.
----------
Key: PLFlash DeviceIoControl Service
ImagePath: C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
81920 bytes
Created: 19.12.2006 10:30
Modified: 19.12.2006 10:30
Company: Prolific Technology Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{6074636A-89F7-45A6-8C9E-8DBBDEE3D5CF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
----------
Key: wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
5632 bytes
Created: 28.07.2008 21:24
Modified: 14.02.2006 14:18
Company: Wacom Technology
----------
Key: wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
6144 bytes
Created: 28.07.2008 21:24
Modified: 14.02.2006 14:19
Company: Wacom Technology
----------
************************************************************
00:50:04: Scanning -----VXD ENTRIES-----
************************************************************
00:50:04: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
00:50:04: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Kaspersky Anti-Virus
CLSID: {dd230880-495a-11d1-b064-008048ec2fc5}
Path: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\shellex.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\shellex.dll
104976 bytes
Created: 03.07.2009 15:49
Modified: 03.07.2009 15:49
Company: Kaspersky Lab
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
File: [CLSID does not appear to reference a file]
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~2\Trshlex.dll
C:\PROGRA~1\TROJAN~2\Trshlex.dll
479744 bytes
Created: 27.07.2009 16:40
Modified: 03.05.2009 17:16
Company: Simply Super Software
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: C:\Programme\WS_FTP Pro\wsftpsi.dll
C:\Programme\WS_FTP Pro\wsftpsi.dll
151597 bytes
Created: 16.05.2008 12:06
Modified: 02.09.2003 18:54
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------
Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4}
Path: C:\Programme\Nero\Nero8\Nero BackItUp\NBShell.dll
C:\Programme\Nero\Nero8\Nero BackItUp\NBShell.dll
263464 bytes
Created: 08.06.2008 09:31
Modified: 08.06.2008 09:31
Company: Nero AG
----------
************************************************************
00:50:05: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
2037032 bytes
Created: 24.06.2008 13:45
Modified: 24.06.2008 13:45
Company: Nero AG
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10.05.2007 22:54
Modified: 10.05.2007 22:54
Company: Adobe Systems, Inc.
----------
************************************************************
00:50:05: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
BHO: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
68112 bytes
Created: 03.07.2009 15:48
Modified: 03.07.2009 15:48
Company: Kaspersky Lab
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
264720 bytes
Created: 03.07.2009 15:48
Modified: 03.07.2009 15:48
Company: Kaspersky Lab
----------
************************************************************
00:50:06: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
00:50:06: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
00:50:06: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
00:50:06: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll]
File: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
80400 bytes
Created: 03.07.2009 15:49
Modified: 03.07.2009 15:49
Company: Kaspersky Lab
----------
File: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
80400 bytes
Created: 03.07.2009 15:49
Modified: 03.07.2009 15:49
Company: Kaspersky Lab
----------
************************************************************
00:50:06: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
00:50:06: Scanning ------ COMMON STARTUP GROUP ------
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
ANT 4 MailChecking.lnk - links to C:\PROGRA~1\ANT4MA~1\ant4mc.exe
C:\PROGRA~1\ANT4MA~1\ant4mc.exe
596480 bytes
Created: 19.08.2002 00:37
Modified: 19.08.2002 00:37
Company: Christoph Schmoliner
--------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-HS- 84 bytes
Created: 15.05.2008 15:20
Modified: 15.05.2008 14:28
Company: [no info]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini - no action taken on this file
--------------------
Microsoft Office.lnk - links to C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
83360 bytes
Created: 13.02.2001 01:01
Modified: 13.02.2001 01:01
Company: Microsoft Corporation
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
00:50:06: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Parameters: update all silent
Schedule: Um 19:45 wöchentlich jeden Mo, Sa, ab dem 25.07.2009
Next Run Time: 01.08.2009 19:45:00
Status: Ready
Status: SYSTEM
Comments: Dies führt ein geplantes Update mit Ad-Aware druch.
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe - [file not found to scan]
----------
Taskname: WGASetup
File: C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
455048 bytes
Created: 28.04.2009 21:26
Modified: 10.03.2009 22:18
Company: Microsoft Corporation
Parameters: /autoauto
Schedule: Bei Anmeldung des Benutzers starten
Next Run Time:
Status: Ready
Status: SYSTEM
Comments:
----------
************************************************************
00:50:07: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
00:50:07: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.voxacm160
File: vct3216.acm
C:\WINDOWS\system32\vct3216.acm
82944 bytes
Created: 14.07.2008 18:07
Modified: 22.05.2003 00:50
Company: Voxware, Inc.
----------
Value: msacm.alf2cd
File: alf2cd.acm
C:\WINDOWS\system32\alf2cd.acm
38912 bytes
Created: 14.07.2008 18:07
Modified: 22.05.2003 00:50
Company: NCT Company
----------
Value: msacm.ac3acm
File: AC3ACM.acm
C:\WINDOWS\system32\AC3ACM.acm
81920 bytes
Created: 14.07.2008 18:07
Modified: 04.02.2004 22:11
Company: fccHandler
----------
Value: vidc.dvsd
File: mcdvd_32.dll
C:\WINDOWS\system32\mcdvd_32.dll
261632 bytes
Created: 14.07.2008 18:07
Modified: 27.09.2007 15:22
Company: MainConcept
----------
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
638976 bytes
Created: 14.07.2008 18:07
Modified: 27.09.2007 15:22
Company: DivXNetworks, Inc.
----------
************************************************************
00:50:09: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
|
|
30.07.2009, 00:01
| #12 |
| | Backdoor.Win32.Breolab.bvCode:
ATTFilter ************************************************************ 00:50:09: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp 1440054 bytes Created: 15.05.2008 14:27 Modified: 15.05.2008 14:27 Company: [no info] ---------- Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Grüne Idylle.bmp C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp 1440054 bytes Created: 15.05.2008 14:27 Modified: 15.05.2008 14:27 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 00:50:09: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:23 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\winlogon.exe 513024 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:23 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\services.exe 111104 bytes Created: 04.08.2004 12:00 Modified: 09.02.2009 13:21 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\Ati2evxx.exe 483328 bytes Created: 16.05.2008 11:15 Modified: 31.07.2007 22:52 Company: ATI Technologies Inc. -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:23 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\spoolsv.exe 57856 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:23 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe - file already scanned -------------------- C:\Programme\FRITZ!DSL\IGDCTRL.EXE - file already scanned -------------------- C:\Programme\Bonjour\mDNSResponder.exe - file already scanned -------------------- C:\Programme\Java\jre6\bin\jqs.exe 152984 bytes Created: 11.05.2009 15:43 Modified: 11.05.2009 15:43 Company: Sun Microsystems, Inc. -------------------- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned -------------------- C:\WINDOWS\system32\IoctlSvc.exe - file already scanned -------------------- C:\WINDOWS\system32\wdfmgr.exe 38912 bytes Created: 28.01.2005 13:44 Modified: 28.01.2005 13:44 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\Tablet.exe 942080 bytes Created: 28.07.2008 21:24 Modified: 06.09.2006 09:42 Company: Wacom Technology, Corp. -------------------- C:\WINDOWS\System32\alg.exe 44544 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\wbem\wmiapsrv.exe 126464 bytes Created: 15.05.2008 14:25 Modified: 14.04.2008 04:23 Company: Microsoft Corporation -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe - file already scanned -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\WTablet\TabUserW.exe 131072 bytes Created: 28.07.2008 21:24 Modified: 06.09.2006 09:43 Company: Wacom Technology, Corp. -------------------- C:\WINDOWS\system32\Tablet.exe - file already scanned -------------------- C:\WINDOWS\RTHDCPL.EXE - file already scanned -------------------- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe - file already scanned -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Programme\Messenger\msmsgs.exe - file already scanned -------------------- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe - file already scanned -------------------- C:\Programme\ANT 4 MailChecking\ant4mc.exe 596480 bytes Created: 19.08.2002 00:37 Modified: 19.08.2002 00:37 Company: Christoph Schmoliner -------------------- C:\WINDOWS\system32\csrss.exe - file already scanned -------------------- C:\WINDOWS\system32\winlogon.exe - file already scanned -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\WTablet\TabUserW.exe - file already scanned -------------------- C:\WINDOWS\system32\Tablet.exe - file already scanned -------------------- C:\WINDOWS\RTHDCPL.EXE - file already scanned -------------------- C:\Programme\Java\jre6\bin\jusched.exe - file already scanned -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Programme\Messenger\msmsgs.exe - file already scanned -------------------- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe - file already scanned -------------------- C:\Programme\ANT 4 MailChecking\ant4mc.exe - file already scanned -------------------- C:\WINDOWS\system32\wuauclt.exe 51224 bytes Created: 15.05.2008 14:26 Modified: 16.10.2008 15:09 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\NOTEPAD.EXE 70144 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\NOTEPAD.EXE - file already scanned -------------------- C:\Programme\Mozilla Firefox\firefox.exe 307704 bytes Created: 16.05.2008 11:51 Modified: 28.07.2009 15:03 Company: Mozilla Corporation -------------------- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe 207376 bytes Created: 03.07.2009 15:45 Modified: 03.07.2009 15:45 Company: Kaspersky Lab -------------------- C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Simply Super Software\Trojan Remover\xgi7.exe FileSize: 3015544 [This is a Trojan Remover component] -------------------- ************************************************************ 00:50:13: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 00:50:13 30 Jul 2009 Total Scan time: 00:00:18 ************************************************************ ***** THE SYSTEM HAS BEEN RESTARTED ***** 27.07.2009 16:48:40: Trojan Remover has been restarted ======================================================= Removing the following registry keys: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WgaLogon - already removed (or did not exist) ======================================================= 27.07.2009 16:48:40: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.9.2583. For information, email support@simplysup.com [Unregistered version] Scan started at: 16:43:16 27 Jul 2009 Using Database v7366 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Simply Super Software\Trojan Remover\ Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Dokumente und Einstellungen\Anke\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Programme\Trojan Remover\ Running with Administrator privileges ************************************************************ The following Anti-Malware program(s) are loaded: Avira AntiVir ************************************************************ ************************************************************ 16:43:16: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 16:43:16: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1036800 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26624 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:23 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 515072 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Adobe Reader Speed Launcher Value Data: "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe 39792 bytes Created: 11.01.2008 22:16 Modified: 11.01.2008 22:16 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe Photo Downloader Value Data: "C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe" C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe 67488 bytes Created: 11.09.2007 00:43 Modified: 11.09.2007 00:43 Company: Adobe Systems Incorporated -------------------- Value Name: RTHDCPL Value Data: RTHDCPL.EXE C:\WINDOWS\RTHDCPL.EXE 16132608 bytes Created: 14.07.2008 19:11 Modified: 26.04.2007 14:27 Company: Realtek Semiconductor Corp. -------------------- Value Name: Alcmtr Value Data: ALCMTR.EXE C:\WINDOWS\ALCMTR.EXE 69632 bytes Created: 14.07.2008 19:11 Modified: 03.05.2005 18:43 Company: Realtek Semiconductor Corp. -------------------- Value Name: NeroFilterCheck Value Data: C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe 570664 bytes Created: 09.07.2008 15:39 Modified: 09.07.2008 15:39 Company: Nero AG -------------------- Value Name: NBKeyScan Value Data: "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe 2221352 bytes Created: 08.06.2008 09:31 Modified: 08.06.2008 09:31 Company: Nero AG -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Programme\Java\jre6\bin\jusched.exe" C:\Programme\Java\jre6\bin\jusched.exe 148888 bytes Created: 11.05.2009 15:43 Modified: 11.05.2009 15:43 Company: Sun Microsystems, Inc. -------------------- Value Name: avgnt Value Data: "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min C:\Programme\Avira\AntiVir Desktop\avgnt.exe 209153 bytes Created: 05.06.2009 18:13 Modified: 02.03.2009 13:08 Company: Avira GmbH -------------------- Value Name: TrojanScanner Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot C:\Programme\Trojan Remover\Trjscan.exe 1059720 bytes Created: 27.07.2009 16:40 Modified: 01.06.2009 17:06 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 04.08.2004 12:00 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- Value Name: MSMSGS Value Data: "C:\Programme\Messenger\msmsgs.exe" /background C:\Programme\Messenger\msmsgs.exe 1695232 bytes Created: 15.05.2008 14:25 Modified: 14.04.2008 04:22 Company: Microsoft Corporation -------------------- Value Name: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Value Data: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe 1840424 bytes Created: 24.06.2008 16:06 Modified: 24.06.2008 16:06 Company: Nero AG -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 16:43:19: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 16:43:19: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 16:43:19: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. -------------------- ************************************************************ 16:43:19: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 16:43:20: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************************ 16:43:20: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeActiveFileMonitor6.0 ImagePath: C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 124832 bytes Created: 11.09.2007 00:45 Modified: 11.09.2007 00:45 Company: [no info] ---------- Key: AntiVirSchedulerService ImagePath: "C:\Programme\Avira\AntiVir Desktop\sched.exe" C:\Programme\Avira\AntiVir Desktop\sched.exe 108289 bytes Created: 05.06.2009 18:13 Modified: 09.06.2009 11:39 Company: Avira GmbH ---------- Key: AntiVirService ImagePath: "C:\Programme\Avira\AntiVir Desktop\avguard.exe" C:\Programme\Avira\AntiVir Desktop\avguard.exe 185089 bytes Created: 05.06.2009 18:13 Modified: 09.06.2009 11:39 Company: Avira GmbH ---------- Key: ASFWHide ImagePath: \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ASFWHide C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ASFWHide - [file not found to scan] ---------- Key: AtiHdmiService ImagePath: system32\drivers\AtiHdmi.sys C:\WINDOWS\system32\drivers\AtiHdmi.sys 84992 bytes Created: 16.05.2008 11:15 Modified: 20.07.2007 13:40 Company: ATI Research Inc. ---------- Key: avgio ImagePath: \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys C:\Programme\Avira\AntiVir Desktop\avgio.sys 11608 bytes Created: 05.06.2009 18:13 Modified: 13.02.2009 12:35 Company: Avira GmbH ---------- Key: AVM IGD CTRL Service ImagePath: C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE 81920 bytes Created: 15.05.2008 16:08 Modified: 21.11.2005 11:34 Company: AVM Berlin ---------- Key: Bonjour Service ImagePath: C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Bonjour\mDNSResponder.exe 229376 bytes Created: 28.02.2006 13:42 Modified: 28.02.2006 13:42 Company: Apple Computer, Inc. ---------- Key: de_serv ImagePath: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe 315392 bytes Created: 15.05.2008 16:08 Modified: 21.11.2005 10:48 Company: AVM Berlin ---------- Key: e1express ImagePath: system32\DRIVERS\e1e5132.sys C:\WINDOWS\system32\DRIVERS\e1e5132.sys 254872 bytes Created: 15.05.2008 16:56 Modified: 13.04.2007 20:33 Company: Intel Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 654848 bytes |
|
30.07.2009, 00:02
| #13 |
| | Backdoor.Win32.Breolab.bvCode:
ATTFilter Key: FLEXnet Licensing Service
ImagePath: "C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
654848 bytes
Created: 16.05.2008 12:25
Modified: 16.05.2008 12:25
Company: Macrovision Europe Ltd.
----------
Key: gusvc
ImagePath: "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 23.01.2009 03:34
Modified: 01.08.2008 00:16
Company: Google
----------
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programme\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
1029456 bytes
Created: 03.07.2009 16:49
Modified: 03.07.2009 16:49
Company: Lavasoft
----------
Key: msloop
ImagePath: system32\DRIVERS\loop.sys
C:\WINDOWS\system32\DRIVERS\loop.sys
4992 bytes
Created: 15.05.2008 14:57
Modified: 17.08.2001 13:53
Company: Microsoft Corporation
----------
Key: Nero BackItUp Scheduler 3
ImagePath: C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
877864 bytes
Created: 08.06.2008 09:31
Modified: 08.06.2008 09:31
Company: Nero AG
----------
Key: NMIndexingService
ImagePath: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe"
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
537896 bytes
Created: 24.06.2008 16:05
Modified: 24.06.2008 16:05
Company: Nero AG
----------
Key: pavboot
ImagePath: system32\drivers\pavboot.sys
C:\WINDOWS\system32\drivers\pavboot.sys
28544 bytes
Created: 25.07.2009 12:48
Modified: 19.06.2008 17:24
Company: Panda Security, S.L.
----------
Key: PLFlash DeviceIoControl Service
ImagePath: C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
81920 bytes
Created: 19.12.2006 10:30
Modified: 19.12.2006 10:30
Company: Prolific Technology Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{6074636A-89F7-45A6-8C9E-8DBBDEE3D5CF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
----------
Key: wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
5632 bytes
Created: 28.07.2008 21:24
Modified: 14.02.2006 14:18
Company: Wacom Technology
----------
Key: wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
6144 bytes
Created: 28.07.2008 21:24
Modified: 14.02.2006 14:19
Company: Wacom Technology
----------
************************************************************
16:43:26: Scanning -----VXD ENTRIES-----
************************************************************
16:43:26: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : WgaLogon
DLLName: WgaLogon.dll
WgaLogon.dll - this reference has been removed [file not found to scan]
----------
************************************************************
16:46:22: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
84832 bytes
Created: 03.07.2009 16:49
Modified: 03.07.2009 16:49
Company:
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Programme\Avira\AntiVir Desktop\shlext.dll
C:\Programme\Avira\AntiVir Desktop\shlext.dll
286977 bytes
Created: 05.06.2009 18:13
Modified: 09.06.2009 11:39
Company: Avira GmbH
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~2\Trshlex.dll
C:\PROGRA~1\TROJAN~2\Trshlex.dll
479744 bytes
Created: 27.07.2009 16:40
Modified: 03.05.2009 17:16
Company: Simply Super Software
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: C:\Programme\WS_FTP Pro\wsftpsi.dll
C:\Programme\WS_FTP Pro\wsftpsi.dll
151597 bytes
Created: 16.05.2008 12:06
Modified: 02.09.2003 18:54
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------
Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4}
Path: C:\Programme\Nero\Nero8\Nero BackItUp\NBShell.dll
C:\Programme\Nero\Nero8\Nero BackItUp\NBShell.dll
263464 bytes
Created: 08.06.2008 09:31
Modified: 08.06.2008 09:31
Company: Nero AG
----------
************************************************************
16:46:25: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
2037032 bytes
Created: 24.06.2008 13:45
Modified: 24.06.2008 13:45
Company: Nero AG
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10.05.2007 22:54
Modified: 10.05.2007 22:54
Company: Adobe Systems, Inc.
----------
************************************************************
16:46:26: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
16:46:26: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
16:46:26: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
16:46:26: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
16:46:26: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
16:46:27: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
16:46:27: Scanning ------ COMMON STARTUP GROUP ------
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
ANT 4 MailChecking.lnk - links to C:\PROGRA~1\ANT4MA~1\ant4mc.exe
C:\PROGRA~1\ANT4MA~1\ant4mc.exe
596480 bytes
Created: 19.08.2002 00:37
Modified: 19.08.2002 00:37
Company: Christoph Schmoliner
--------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-HS- 84 bytes
Created: 15.05.2008 15:20
Modified: 15.05.2008 14:28
Company: [no info]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini - no action taken on this file
--------------------
Microsoft Office.lnk - links to C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
83360 bytes
Created: 13.02.2001 01:01
Modified: 13.02.2001 01:01
Company: Microsoft Corporation
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
16:46:29: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
566632 bytes
Created: 03.07.2009 16:49
Modified: 03.07.2009 16:49
Company: Lavasoft
Parameters: update all silent
Schedule: Um 19:45 wöchentlich jeden Mo, Sa, ab dem 25.07.2009
Next Run Time: 27.07.2009 19:45:00
Status: Has not run
Status: SYSTEM
Comments: Dies führt ein geplantes Update mit Ad-Aware druch.
----------
Taskname: WGASetup
File: C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
455048 bytes
Created: 28.04.2009 21:26
Modified: 10.03.2009 22:18
Company: Microsoft Corporation
Parameters: /autoauto
Schedule: Bei Anmeldung des Benutzers starten
Next Run Time:
Status: Ready
Status: SYSTEM
Comments:
----------
************************************************************
16:46:32: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
16:46:32: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.voxacm160
File: vct3216.acm
C:\WINDOWS\system32\vct3216.acm
82944 bytes
Created: 14.07.2008 18:07
Modified: 22.05.2003 00:50
Company: Voxware, Inc.
----------
Value: msacm.alf2cd
File: alf2cd.acm
C:\WINDOWS\system32\alf2cd.acm
38912 bytes
Created: 14.07.2008 18:07
Modified: 22.05.2003 00:50
Company: NCT Company
----------
Value: msacm.ac3acm
File: AC3ACM.acm
C:\WINDOWS\system32\AC3ACM.acm
81920 bytes
Created: 14.07.2008 18:07
Modified: 04.02.2004 22:11
Company: fccHandler
----------
Value: vidc.dvsd
File: mcdvd_32.dll
C:\WINDOWS\system32\mcdvd_32.dll
261632 bytes
Created: 14.07.2008 18:07
Modified: 27.09.2007 15:22
Company: MainConcept
----------
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
638976 bytes
Created: 14.07.2008 18:07
Modified: 27.09.2007 15:22
Company: DivXNetworks, Inc.
----------
************************************************************
16:46:40: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp
C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp
1440054 bytes
Created: 15.05.2008 14:27
Modified: 15.05.2008 14:27
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Grüne Idylle.bmp
C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp
1440054 bytes
Created: 15.05.2008 14:27
Modified: 15.05.2008 14:27
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
16:46:44: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
513024 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 04.08.2004 12:00
Modified: 09.02.2009 13:21
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
483328 bytes
Created: 16.05.2008 11:15
Modified: 31.07.2007 22:52
Company: ATI Technologies Inc.
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
--------------------
C:\Programme\Avira\AntiVir Desktop\sched.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe - file already scanned
--------------------
C:\Programme\Avira\AntiVir Desktop\avguard.exe - file already scanned
--------------------
C:\Programme\FRITZ!DSL\IGDCTRL.EXE - file already scanned
--------------------
C:\Programme\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Programme\Java\jre6\bin\jqs.exe
152984 bytes
Created: 11.05.2009 15:43
Modified: 11.05.2009 15:43
Company: Sun Microsystems, Inc.
--------------------
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned
--------------------
C:\WINDOWS\system32\IoctlSvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\wdfmgr.exe
38912 bytes
Created: 28.01.2005 13:44
Modified: 28.01.2005 13:44
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\Tablet.exe
942080 bytes
Created: 28.07.2008 21:24
Modified: 06.09.2006 09:42
Company: Wacom Technology, Corp.
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 15.05.2008 14:25
Modified: 04.08.2004 12:00
Company: Microsoft Corporation
--------------------
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 15.05.2008 14:25
Modified: 06.02.2009 12:10
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 15.05.2008 14:25
Modified: 14.04.2008 04:23
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 04.08.2004 12:00
Modified: 14.04.2008 04:22
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\Tablet.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe - file already scanned
--------------------
C:\Programme\ANT 4 MailChecking\ant4mc.exe
596480 bytes
Created: 19.08.2002 00:37
Modified: 19.08.2002 00:37
Company: Christoph Schmoliner
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Programme\Trojancheck 6\tcguard.exe
590336 bytes
Created: 14.11.2002 17:23
Modified: 14.11.2002 17:23
Company:
--------------------
C:\WINDOWS\system32\csrss.exe - file already scanned
--------------------
C:\WINDOWS\system32\winlogon.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\Tablet.exe - file already scanned
--------------------
C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\Programme\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Programme\Avira\AntiVir Desktop\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Programme\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe - file already scanned
--------------------
C:\Programme\ANT 4 MailChecking\ant4mc.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
51224 bytes
Created: 15.05.2008 14:26
Modified: 16.10.2008 15:09
Company: Microsoft Corporation
--------------------
C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Simply Super Software\Trojan Remover\beh1A.exe
FileSize: 3015544
[This is a Trojan Remover component]
--------------------
************************************************************
16:46:50: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 16:46:50 27 Jul 2009
Total Scan time: 00:03:34
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
27.07.2009 16:47:05: restart commenced
************************************************************
|
|
30.07.2009, 00:14
| #14 | |
| | Backdoor.Win32.Breolab.bv Hi Andreas, Zitat:
Gruß Anke |
|
30.07.2009, 00:17
| #15 |
| | Backdoor.Win32.Breolab.bv Rootkitsuche mit SysProt
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu Backdoor.Win32.Breolab.bv |
| avira, avp, avp.exe, bho, bonjour, computer, downloader, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, hängen, kaspersky, logfile, mozilla, object, outlook express, plug-in, software, sparbuch, system, tastatur, trojaner, virtuelle tastatur, windows, windows xp, wiso |
Linear-Darstellung
