Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BACKDOOR enteckt

BACKDOOR enteckt


Log-Analyse und Auswertung: BACKDOOR enteckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.11.2009, 22:32   #1
Shtirlitz
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


Hallo Zusammen, ich habe vor kurzem ein BACKDOOR eingefangen.
Seitdem ist der Rechner langsamer geworden und Antivir findet immer wieder neue Viren - Trojaner, Dropper etc.
Ich habe die hier beschriebene Prozedur durchgeführt (CCClean, MalWare, RSIT)
und nun poste ich die log-files.
Könnte mir jemand helfen und sagen, ob ich vielleicht doch ohne reinstallation meines BS auskomme?!
Vielen Dank
Gruß
Artur

Antimalware log

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3202
Windows 5.1.2600 Service Pack 2

20.11.2009 22:09:20
mbam-log-2009-11-20 (22-09-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 202363
Laufzeit: 37 minute(s), 7 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 0
Infizierte Dateien: 53

Infizierte Speicherprozesse:
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediasolaris (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca20321.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Macromedia\Common\d3ca20321.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026154.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026156.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028422.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028423.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028428.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028439.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028455.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028471.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028477.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028482.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028484.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028497.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028526.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028532.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029598.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029652.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028556.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028565.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028589.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028590.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028593.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028598.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028599.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029599.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029653.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030150.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030411.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030464.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030465.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030653.exe (Trojan.Agent) -> No action taken.
E:\Archiv\soft\RTR.exe (Trojan.Vundo) -> No action taken.
E:\Archiv\soft\brenn_soft\CloneDVD.2.8.9.2.Multilingual.Incl.Keygen-SnD\keygen.exe (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\brenn_soft\Nero.Premium.Edition.v7.0.8.2.German.incl.KeyMaker\KeyGen\KeyMaker.exe (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\eagle\CadSoft.Eagle.v4.16.German.Incl.Keymaker-AGAiN\AGAiN\Keygen.EXE (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\WinampPro.v5.2.1.497-SnD\WinampPro.v5.56\crack\KeyGen.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026159.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030662.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030665.EXE (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temp\c.exe (Trojan.Dropper) -> No action taken.

Alt 20.11.2009, 22:35   #2
Shtirlitz
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt Nr.2


RSIT log Log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Besitzer at 2009-11-20 22:16:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (87%) free of 100 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:13, on 20.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ASUS\Ai Booster\OverClk.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Besitzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Launch Ai Booster"=C:\Programme\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CloneCDTray"=C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-31 149280]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"rundll32.exe"= []
"WAB"=C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe [2009-11-20 18432]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"=C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"J:\fsetup.exe"="J:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\DCC295\DCC.exe"="C:\Programme\DCC295\DCC.exe:*:Enabledreambox Control Center"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Archiv\soft\Emule_gekrackt\emule.exe"="E:\Archiv\soft\Emule_gekrackt\emule.exe:*:Enabled:eMule"
"C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe"="C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"C:\Programme\RadioRipper\RadioRipper.exe"="C:\Programme\RadioRipper\RadioRipper.exe:*:Enabled:RadioRipper"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-20 22:16:56 ----D---- C:\rsit
2009-11-20 21:12:20 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2009-11-20 21:12:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-20 21:12:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-20 20:48:25 ----D---- C:\Programme\CCleaner
2009-11-14 15:51:00 ----A---- C:\WINDOWS\rasqervy.dll
2009-11-14 15:50:57 ----A---- C:\WINDOWS\sdfinacs.dll
2009-11-14 15:43:07 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-11-07 00:38:53 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-07 00:29:12 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 00:28:50 ----D---- C:\Programme\Lavasoft
2009-11-06 22:57:12 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RadioRipper
2009-11-06 22:32:46 ----D---- C:\WINDOWS\RegisteredPackages
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-06 21:02:34 ----D---- C:\Programme\RadioRipper
2009-11-02 21:34:22 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\streamripper
2009-11-02 21:34:05 ----D---- C:\Programme\Streamripper
2009-11-02 20:09:35 ----D---- C:\Programme\Ratajik Software
2009-11-02 19:48:58 ----D---- C:\Programme\No23 Recorder
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-11-20 22:16:51 ----A---- C:\WINDOWS\wincmd.ini
2009-11-20 22:16:15 ----SD---- C:\WINDOWS\Tasks
2009-11-20 22:13:18 ----D---- C:\WINDOWS\Temp
2009-11-20 22:13:08 ----D---- C:\Programme\Mozilla Firefox
2009-11-20 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-20 22:11:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-20 22:09:52 ----AD---- C:\WINDOWS
2009-11-20 21:47:08 ----D---- C:\WINDOWS\system32
2009-11-20 21:12:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 21:12:10 ----RD---- C:\Programme
2009-11-20 20:56:40 ----D---- C:\WINDOWS\Debug
2009-11-20 20:47:52 ----D---- C:\WINDOWS\Prefetch
2009-11-20 14:49:07 ----D---- C:\Dokumente und Einstellungen
2009-11-16 20:04:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 10:37:40 ----HD---- C:\WINDOWS\inf
2009-11-14 13:30:53 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
2009-11-07 11:55:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-07 00:31:51 ----D---- C:\WINDOWS\security
2009-11-07 00:30:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 00:29:12 ----SHD---- C:\WINDOWS\Installer
2009-11-07 00:28:46 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-06 22:39:45 ----D---- C:\Programme\Winamp
2009-11-06 22:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 22:33:10 ----D---- C:\Programme\Windows Media Player
2009-11-06 21:02:35 ----RSD---- C:\WINDOWS\assembly
2009-10-23 20:02:54 ----D---- C:\Programme\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-08-11 217664]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-24 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2008-11-05 223128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-20 1184912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------
__________________
Alt 20.11.2009, 22:41   #3
Shtirlitz
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


RSIT log Log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Besitzer at 2009-11-20 22:16:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (87%) free of 100 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:13, on 20.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ASUS\Ai Booster\OverClk.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Besitzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\ Common\d3ca203219.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Launch Ai Booster"=C:\Programme\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CloneCDTray"=C:\Programme\SlySoft\CloneCD\CloneCD Tray.exe [2005-05-19 57344]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMen u\CNSLMAIN.exe [2008-03-11 689488]
"MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\F reeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\ju sched.exe [2009-07-31 149280]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"rundll32.exe"= []
"WAB"=C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\ Common\d3ca203219.exe [2009-11-20 18432]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"=C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nok ia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemein same Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"J:\fsetup.exe"="J:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\DCC295\DCC.exe"="C:\Programme\DCC295 \DCC.exe:*:Enabledreambox Control Center"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme \Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Archiv\soft\Emule_gekrackt\emule.exe"="E:\Arch iv\soft\Emule_gekrackt\emule.exe:*:Enabled:eMule"
"C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe"=" C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe:*: Enabled:StationRipperConsole"
"C:\Programme\RadioRipper\RadioRipper.exe"="C:\Pro gramme\RadioRipper\RadioRipper.exe:*:Enabled:Radio Ripper"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE :*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-20 22:16:56 ----D---- C:\rsit
2009-11-20 21:12:20 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebyte s
2009-11-20 21:12:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-20 21:12:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-20 20:48:25 ----D---- C:\Programme\CCleaner
2009-11-14 15:51:00 ----A---- C:\WINDOWS\rasqervy.dll
2009-11-14 15:50:57 ----A---- C:\WINDOWS\sdfinacs.dll
2009-11-14 15:43:07 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-11-07 00:38:53 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-07 00:29:12 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 00:28:50 ----D---- C:\Programme\Lavasoft
2009-11-06 22:57:12 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RadioRipper
2009-11-06 22:32:46 ----D---- C:\WINDOWS\RegisteredPackages
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-06 21:02:34 ----D---- C:\Programme\RadioRipper
2009-11-02 21:34:22 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\streamrippe r
2009-11-02 21:34:05 ----D---- C:\Programme\Streamripper
2009-11-02 20:09:35 ----D---- C:\Programme\Ratajik Software
2009-11-02 19:48:58 ----D---- C:\Programme\No23 Recorder
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-11-20 22:16:51 ----A---- C:\WINDOWS\wincmd.ini
2009-11-20 22:16:15 ----SD---- C:\WINDOWS\Tasks
2009-11-20 22:13:18 ----D---- C:\WINDOWS\Temp
2009-11-20 22:13:08 ----D---- C:\Programme\Mozilla Firefox
2009-11-20 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-20 22:11:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-20 22:09:52 ----AD---- C:\WINDOWS
2009-11-20 21:47:08 ----D---- C:\WINDOWS\system32
2009-11-20 21:12:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 21:12:10 ----RD---- C:\Programme
2009-11-20 20:56:40 ----D---- C:\WINDOWS\Debug
2009-11-20 20:47:52 ----D---- C:\WINDOWS\Prefetch
2009-11-20 14:49:07 ----D---- C:\Dokumente und Einstellungen
2009-11-16 20:04:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 10:37:40 ----HD---- C:\WINDOWS\inf
2009-11-14 13:30:53 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
2009-11-07 11:55:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-07 00:31:51 ----D---- C:\WINDOWS\security
2009-11-07 00:30:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 00:29:12 ----SHD---- C:\WINDOWS\Installer
2009-11-07 00:28:46 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-06 22:39:45 ----D---- C:\Programme\Winamp
2009-11-06 22:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 22:33:10 ----D---- C:\Programme\Windows Media Player
2009-11-06 21:02:35 ----RSD---- C:\WINDOWS\assembly
2009-10-23 20:02:54 ----D---- C:\Programme\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-08-11 217664]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-24 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2008-11-05 223128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-20 1184912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------
__________________
Alt 20.11.2009, 22:42   #4
Shtirlitz
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


info.txt logfile of random's system information tool 1.06 2009-11-20 22:17:14

======Uninstall list======

-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.10.0 Build 1001-->MsiExec.exe /I{E2BD3BFB-8D1D-410D-B2F1-3BE80B7FFF72}
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ai Booster-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
ASUS Probe V2.24.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate-->C:\WINDOWS\IsUninst.exe -fC:\Programme\ASUS\AsusUpdate\Uninst.isu
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE 200 Scanner Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807 /L0x0007
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
CloneDVDmobile-->"C:\Programme\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Programme\SlySoft\CloneDVDmobile"
Cool & Quiet-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
dm Fotowelt-->"C:\Programme\dm\dm Fotowelt\uninstall.exe"
DreamBoxEdit -- The one and only settings editor for your Dreambox-->C:\Programme\DreamBoxEdit\uninstall.exe
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVDFab (remove only)-->"C:\Programme\DVDFab\uninstall.exe"
DVD-lab PRO 2.2-->"C:\Programme\DVDlabPro2\unins000.exe"
Gigaset QuickSync-->MsiExec.exe /I{AD125416-47EC-4255-88FF-205EF64D3DB2}
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe" /uninstall
ImgBurn (Remove Only)-->"C:\Programme\ImgBurn\uninstall.exe"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KONICA MINOLTA PagePro 1300W-->MUINST_N.EXE /PRN:"KONICA MINOLTA PagePro 1300W"
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x7
Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MPEG Suite 2001r2-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-MPEG Suite 2001r2.dat
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Multimedia Card Reader-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0AFECCA6-61A0-409F-9205-67613984209D} /l1031
Nero 7-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831031}
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Seagate Manager Installer-->"C:\Programme\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Streamripper (Remove only)-->C:\Programme\Streamripper\Uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TrueCrypt-->"C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u
UltraCompare Professional-->"C:\Programme\IDM Computer Solutions\UltraCompare\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraCompare\install.log" -u
UltraEdit-32-->"C:\Programme\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
VLC media player 0.9.4-->C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp Offizielle Deutsche Sprachdatei v5.56-->C:\Programme\Winamp\UninstWA_DE.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR-->C:\Programme\WinRAR\uninstall.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: *********
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".

Record Number: 16360
Source Name: Service Control Manager
Time Written: 20090928195341.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 16359
Source Name: Service Control Manager
Time Written: 20090928195341.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.

Record Number: 16358
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: *********
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".

Record Number: 16357
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.

Record Number: 16356
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: *********
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 2754
Source Name: SecurityCenter
Time Written: 20090425183147.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 2753
Source Name: Avira AntiVir
Time Written: 20090425183142.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: *********
Event Code: 105
Message: The service was started.

Record Number: 2752
Source Name: ATI Smart
Time Written: 20090425183132.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 101
Message: wuauclt (3840) Das Datenbankmodul wurde beendet.

Record Number: 2751
Source Name: ESENT
Time Written: 20090425093013.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 103
Message: wuaueng.dll (3840) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.

Record Number: 2750
Source Name: ESENT
Time Written: 20090425093013.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\IDM Computer Solutions\UltraEdit-32
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 55 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=3702
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Alt 20.11.2009, 23:27   #5
4RobSen8
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


Hallo und

Alleine deine Keygens qualifizieren dich fürs Neuaufsetzten.

Bitte folge diesen Links:

http://www.trojaner-board.de/75622-d...ittierung.html

http://www.trojaner-board.de/51262-a...sicherung.html

Und...für hinterher:
http://www.trojaner-board.de/73206-s...tml#post438298

Und von Keygens lässte gleich die Finger...

__________________
_____________________________________________
„Optimismus ist nur ein Mangel an Information.“
Heiner Müller

Sicherheit?->Allgemeine Informationen

Der Plural von Virus heisst "Vira"!
virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl.

Alt 21.11.2009, 10:12   #6
Shtirlitz
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


Ich habe aber alle infizierten Dateien gelöscht(keygens usw.). Trotzdem muss ich das System neu aufsetzen?

Alt 21.11.2009, 18:13   #7
4RobSen8
 
BACKDOOR enteckt - Standard

BACKDOOR enteckt


Ja, sollst du.
__________________
_____________________________________________
„Optimismus ist nur ein Mangel an Information.“
Heiner Müller

Sicherheit?->Allgemeine Informationen

Der Plural von Virus heisst "Vira"!
virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl.

Antwort

Themen zu BACKDOOR enteckt
.dll, 1.exe, ad-aware, anti-malware, antivir, antivir guard, avg, avira, backdoor, besitzer, bho, browser, computer, dateien, desktop, dll, dropper, einstellungen, excel, hijack, hijackthis, installation, internet, internet explorer, langsamer, malware, malware.trace, microsoft, mozilla, msacm32.drv, neue, realtek, rechner, registrierungsschlüssel, registry, rundll, rundll32.exe, software, system, system volume information, temp, trojan.agent, trojan.downloader, trojan.dropper, trojan.fakealert, trojan.vundo, trojaner, viren, windows, windows xp


« reader_s und restorer32_a in Ordner system32 | Bekomme Virus nicht weg »


Ähnliche Themen: BACKDOOR enteckt


  1. HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll
    Log-Analyse und Auswertung - 17.01.2014 (23)
  2. Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt
    Log-Analyse und Auswertung - 03.12.2013 (11)
  3. System bereinigen nach Backdoor.graybird / backdoor.rustock etc.
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (5)
  4. BDS/Backdoor.Gen' [backdoor]
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (7)
  5. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  6. Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt
    Log-Analyse und Auswertung - 21.04.2011 (29)
  7. Backdoor.Bot / Backdoor.Gootkit / Malware.Trace -> HiJackThis + Malwarebytes logfile
    Log-Analyse und Auswertung - 02.07.2010 (6)
  8. TR/Crypt.XPACK.Gen wurde enteckt-"kurze" systemdiagnose bitte
    Log-Analyse und Auswertung - 12.06.2009 (3)
  9. Backdoor.Trojan und Backdoor.Grybird
    Mülltonne - 13.10.2008 (0)
  10. Backdoor?
    Log-Analyse und Auswertung - 08.05.2008 (1)
  11. TR/BackDoor.NB
    Plagegeister aller Art und deren Bekämpfung - 26.04.2008 (4)
  12. Backdoor.GrayBird.K (BackDoor-ARR [McAfee]
    Plagegeister aller Art und deren Bekämpfung - 29.07.2007 (1)
  13. Backdoor Win 32.VB.aup
    Plagegeister aller Art und deren Bekämpfung - 05.06.2007 (4)
  14. Backdoor
    Log-Analyse und Auswertung - 23.04.2006 (1)
  15. backdoor.avc???
    Plagegeister aller Art und deren Bekämpfung - 25.08.2004 (3)
  16. Backdoor.sd.bot
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (2)
  17. Backdoor help thx
    Plagegeister aller Art und deren Bekämpfung - 05.08.2003 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BACKDOOR enteckt - Hallo Zusammen, ich habe vor kurzem ein BACKDOOR eingefangen. Seitdem ist der Rechner langsamer geworden und Antivir findet immer wieder neue Viren - Trojaner, Dropper etc. Ich habe die hier - BACKDOOR enteckt...
Archiv
Du betrachtest: BACKDOOR enteckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131