Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner eingefangen, Antivirenprogramme starten nicht mehr!

Trojaner eingefangen, Antivirenprogramme starten nicht mehr!


Log-Analyse und Auswertung: Trojaner eingefangen, Antivirenprogramme starten nicht mehr!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.01.2010, 18:55   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen, Antivirenprogramme starten nicht mehr! - Standard

Trojaner eingefangen, Antivirenprogramme starten nicht mehr!


Zweimal info.txt?
Ich brauch die log.txt!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.01.2010, 20:03   #2
undiX
 
Trojaner eingefangen, Antivirenprogramme starten nicht mehr! - Standard

Trojaner eingefangen, Antivirenprogramme starten nicht mehr!


Zitat:
Zitat von cosinus Beitrag anzeigen
Zweimal info.txt?
Ich brauch die log.txt!!
au sry, da hab ich mich wohl vertan. Hier nochmal der log.txt
Daneben hab ich versucht Malewarebytes zum laufen zu kriegen und nachdem ich ein bisschen was ausprobiert und umbenannt habe, hab ichs auch geschafft
Den Malewarebytes report poste ich hinter dem Log.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Lukas at 2010-01-02 19:57:53
Microsoft Windows XP Professional Service Pack 2
System drive C: has 106 GB (69%) free of 153 GB
Total RAM: 511 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:59, on 02.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WZShutdown\P_zero.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\msa.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\TrojanHunter 5.2\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe
C:\Programme\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\hh.exe
C:\DOKUME~1\Lukas\LOKALE~1\Temp\c.exe
C:\Programme\Malwarebytes' Anti-Malware3\gg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\Downloads\RSIT(2).exe
C:\Programme\trend micro\Lukas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programme\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [WZShutdown] C:\WZShutdown\P_zero.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 5.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware3\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [J8RPLTROBQ] C:\DOKUME~1\Lukas\LOKALE~1\Temp\c.exe
O4 - HKCU\..\Run: [ICQ] "C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-746137067-790525478-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Wireless Configuration Utility HW.61.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSvcCDA.EXE (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca1944dc15eb58) (gupdate1ca1944dc15eb58) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10374 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-10 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]
{A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - SYSTRAN Web Translator 5.0 - C:\Programme\SYSTRAN\5.0\Personal\IEPlugIn.dll [2005-03-10 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WZShutdown"=C:\WZShutdown\P_zero.exe [2007-12-26 276480]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"SetDefPrt"=C:\Programme\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-07-19 933888]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-11-12 141600]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"THGuard"=C:\Programme\TrojanHunter 5.2\THGuard.exe [2009-08-27 1063072]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware3\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"J8RPLTROBQ"=C:\DOKUME~1\Lukas\LOKALE~1\Temp\c.exe [2009-12-26 168960]
"ICQ"=C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WZShutdown]
C:\WZShutdown\P_zero.exe [2007-12-26 276480]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
Wireless Configuration Utility HW.61.lnk - C:\Programme\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.61 V.1.10\WlanCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-18 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Steam\SteamApps\hakkefruchtzwerck\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\hakkefruchtzwerck\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\Last.fm\LastFM.exe"="C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\Steam\SteamApps\halfknut29\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\halfknut29\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"H:\PSP\ICQ6\ICQ.exe"="H:\PSP\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\viviplay(2).exe"="C:\Programme\viviplay(2).exe:*:Enabled:ViViMediaPlay"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\uusee\UUSeePlayer.exe"="C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Steam\SteamApps\killer1981998\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\killer1981998\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe"="C:\Dokumente und Einstellungen\Lukas\Eigene Dateien\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-01-02 19:01:58 ----D---- C:\Dokumente und Einstellungen\Lukas\Anwendungsdaten\Malwarebytes
2010-01-02 18:56:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-02 18:56:17 ----D---- C:\Programme\Malwarebytes' Anti-Malware3
2010-01-02 18:48:43 ----D---- C:\Programme\trend micro
2010-01-02 18:48:40 ----D---- C:\rsit
2010-01-02 18:23:22 ----D---- C:\Programme\CCleaner
2009-12-27 17:26:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-27 17:26:08 ----D---- C:\Programme\Alwil Software
2009-12-27 17:17:41 ----D---- C:\Dokumente und Einstellungen\Lukas\Anwendungsdaten\TrojanHunter
2009-12-27 15:40:26 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-12-27 15:40:26 ----D---- C:\Programme\TrojanHunter 5.2
2009-12-27 14:57:46 ----D---- C:\Programme\TrendMicro
2009-12-27 14:16:40 ----D---- C:\Programme\Avira
2009-12-27 14:16:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-27 13:47:12 ----D---- C:\Programme\Malwarebytes'
2009-12-27 13:37:37 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-27 13:09:23 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-27 13:06:28 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2009-12-26 14:27:13 ----A---- C:\WINDOWS\msa.exe
2009-12-26 14:26:58 ----A---- C:\WINDOWS\system32\sshnas.dll
2009-12-25 22:03:46 ----D---- C:\Programme\iPod
2009-12-25 22:03:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 22:01:05 ----D---- C:\Programme\QuickTime
2009-12-25 21:57:55 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-12-18 17:30:18 ----SHD---- C:\found.004
2009-12-16 22:00:52 ----D---- C:\Ausdrucken Bilder!
2009-12-14 21:30:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps
2009-12-14 21:22:29 ----D---- C:\Programme\SCHLECKER
2009-12-13 14:33:11 ----D---- C:\bilda
2009-12-11 16:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-11 16:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-11 16:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-11 16:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-11 16:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-11 16:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-02 19:54:14 ----D---- C:\WINDOWS\Prefetch
2010-01-02 19:41:07 ----SD---- C:\WINDOWS\Tasks
2010-01-02 18:57:56 ----D---- C:\WINDOWS\system32\drivers
2010-01-02 18:56:17 ----D---- C:\Programme
2010-01-02 18:48:32 ----D---- C:\Programme\Mozilla Firefox
2010-01-02 18:27:14 ----D---- C:\WINDOWS\Debug
2010-01-02 18:27:14 ----D---- C:\WINDOWS
2010-01-02 18:27:09 ----D---- C:\WINDOWS\Temp
2010-01-02 16:17:22 ----D---- C:\WINDOWS\system32
2010-01-02 01:05:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 17:08:44 ----SHD---- C:\WINDOWS\Installer
2009-12-30 17:08:38 ----D---- C:\WINDOWS\WinSxS
2009-12-28 02:08:36 ----D---- C:\WINDOWS\system32\config
2009-12-28 01:40:13 ----D---- C:\Programme\uusee
2009-12-28 01:23:11 ----D---- C:\Programme\AdVantage
2009-12-27 17:52:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-27 14:16:49 ----HD---- C:\WINDOWS\inf
2009-12-25 22:13:57 ----D---- C:\Dokumente und Einstellungen\Lukas\Anwendungsdaten\Apple Computer
2009-12-25 22:06:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 22:04:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 22:04:19 ----D---- C:\Programme\iTunes
2009-12-25 22:03:44 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-12-25 21:58:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-12-25 21:58:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-23 18:24:54 ----D---- C:\WINDOWS\system32\Adobe
2009-12-11 16:54:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-11 16:46:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-11 16:45:14 ----D---- C:\Programme\Internet Explorer
2009-12-11 16:44:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-08 21:28:13 ----D---- C:\Dokumente und Einstellungen\Lukas\Anwendungsdaten\TVU Networks
2009-12-03 19:02:45 ----D---- C:\Programme\PokerStars

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-27 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-17 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 ithsgt;ithsgt; C:\WINDOWS\System32\DRIVERS\ithsgt.sys [2007-04-26 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\System32\DRIVERS\lilsgt.sys [2007-04-26 12032]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-17 25416]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-05-18 2164736]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12288]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 a28h0sd6;a28h0sd6; C:\WINDOWS\system32\drivers\a28h0sd6.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 kxwdmdrv;kX WDM Driver Service; C:\WINDOWS\system32\drivers\kx.sys []
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
S3 OmniUsb;Ideazon Usb Keyboard Driver; C:\WINDOWS\System32\DRIVERS\OmniUsb.sys [2004-04-03 28640]
S3 OmniUsbl;Ideazon Usbl Keyboard Driver; C:\WINDOWS\System32\DRIVERS\OmniUsbl.sys [2004-04-03 8160]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\System32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-05-18 479232]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service für NetWare; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-15 604488]
R2 UMWdf;Windows-Benutzermodus-Treiberframework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-05-17 520192]
S2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.EXE []
S2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe []
S2 ForcewareWebInterface;Forceware Web Interface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -k runservice []
S2 gupdate1ca1944dc15eb58;Google Update Service (gupdate1ca1944dc15eb58); C:\Programme\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S2 nSvcIp;ForceWare IP service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe []
S2 nSvcLog;ForceWare user log service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe []
S2 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-15 361288]
S4 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------














MALEWAREBYTES REPORT





Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3480
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02.01.2010 20:01:44
mbam-log-2010-01-02 (20-01-44).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 229756
Laufzeit: 53 minute(s), 16 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 7
Infizierte Dateien: 24

Infizierte Speicherprozesse:
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
\\?\globalroot\systemroot\system32\H8SRTujdsxrdxdo.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.

Infizierte Dateien:
\\?\globalroot\systemroot\system32\H8SRTujdsxrdxdo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Advantage\AdVantage.cch (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\AdVantageupdate.exe (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programme\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Lukas\Lokale Einstellungen\Temp\c.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
__________________
Antwort

Themen zu Trojaner eingefangen, Antivirenprogramme starten nicht mehr!
antivir, ask toolbar, ask.com, avg, avgnt, avgnt.exe, avira, bho, browseui preloader, controlcenter, defense, desktop, down, einstellungen, excel, firefox, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, malware, malware defense, mozilla, object, programm, server, software, starten, starten nicht, system, trojaner, trojaner eingefangen, windows, windows xp, wireless lan


« Probleme nach Entfernung von Renos.jm | "Advertisement" Problem »


Ähnliche Themen: Trojaner eingefangen, Antivirenprogramme starten nicht mehr!


  1. Windows 7: Spiele starten nicht mehr und PC starten funktioniert manchmal nicht
    Plagegeister aller Art und deren Bekämpfung - 08.05.2015 (17)
  2. Trojaner bei Firefox und Chrome/ mbam lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.09.2014 (15)
  3. Antivirenprogramme nicht mehr aktivierbar
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2014 (1)
  4. Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme
    Log-Analyse und Auswertung - 11.01.2014 (22)
  5. Antivirenprogramme lassen sich nicht installieren/starten
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (7)
  6. GVU-Trojaner, Windows-Vista lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 26.08.2013 (24)
  7. GUV Trojaner eingefangen, Windows XP SP3 Rechner lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (15)
  8. antivirenprogramme funktionieren nicht mehr / instabieles systhem
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (5)
  9. Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  10. Antivirus Programme starten nicht mehr//Systemreset geht nicht mehr
    Log-Analyse und Auswertung - 03.01.2010 (1)
  11. Trojaner chin09.win - kann Antivirenprogramme nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 03.01.2010 (2)
  12. Programme starten nicht mehr / Explorer nicht mehr durch Firewall blockiert
    Log-Analyse und Auswertung - 08.10.2009 (11)
  13. Antivirenprogramme funktionieren nicht mehr, wie schlimm ist es?
    Log-Analyse und Auswertung - 25.06.2007 (1)
  14. Wintems macht probleme und Antivirenprogramme können nicht mehr installiert werden
    Log-Analyse und Auswertung - 15.02.2007 (3)
  15. Schlimmer Befund: Antivirenprogramme, abgesicherter Modus und Internet tun nicht mehr
    Log-Analyse und Auswertung - 10.02.2007 (14)
  16. unbekannten Trojaner wie erkennen ? Antivirenprogramme finden ihn nicht.
    Plagegeister aller Art und deren Bekämpfung - 12.01.2007 (24)
  17. Trojaner Smitfraud.c: Computer lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 01.07.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner eingefangen, Antivirenprogramme starten nicht mehr! - Zweimal info.txt? Ich brauch die log.txt!! - Trojaner eingefangen, Antivirenprogramme starten nicht mehr!...
Archiv
Du betrachtest: Trojaner eingefangen, Antivirenprogramme starten nicht mehr! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131