Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Schon wieder "copy of mbr" Backdoor von Profis installiert?

Schon wieder "copy of mbr" Backdoor von Profis installiert?


Log-Analyse und Auswertung: Schon wieder "copy of mbr" Backdoor von Profis installiert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.10.2008, 16:35   #1
Squadron
 
Schon wieder "copy of mbr" Backdoor von Profis installiert? - Standard

Schon wieder "copy of mbr" Backdoor von Profis installiert?


Hallo,

könnt Ihr da mal einen Blick drauf werfen? Wir hatte die komplette Hardware getauscht, aber wir befürchten, schon wieder gehackt worden zu sein.

Gmer:

Code:
ATTFilter
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-18 17:14:17
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.14 ----

?      C:\Program Files\Kaspersky Internet Security 2009\avp.exe[884] C:\Windows\system32\kernel32.dll                                                time/date stamp mismatch; unknown module: 32.dll
.text  C:\Program Files\Kaspersky Internet Security 2009\avp.exe[884] USER32.dll!GetAppCompatFlags2 + 880                                             77AB6390 4 Bytes  [ 70, 11, 41, 6D ]
?      C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] C:\Windows\system32\kernel32.dll                                               time/date stamp mismatch; unknown module: 32.dll
.text  C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] USER32.dll!GetAppCompatFlags2 + 880                                            77AB6390 4 Bytes  [ 70, 11, 41, 6D ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    018C04A8
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             018C04D2
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 018C04FC
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    018C0526
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   018C0550
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   018C057A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               018C05A4
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 018C05CE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  018C05F8
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               018C0622
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           018C064C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 018C0676
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  018C06A0
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 018C06CA
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 018C06F4
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                 018C071E
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             018C0748
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   018C0772
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    018C079C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             018C07C6
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   018C07F0
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 018C081A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    018C0844
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     018C086E
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  018C0898
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    018C08C2
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     018C08EC
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  018C0916
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    018C0940
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   018C0D5A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                018C0D84
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                018C0DAE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            018C0DD8
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  018C0E02
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                018C0E2C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            018C0E56
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  018C0E80
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   018C0EAA
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  018C0ED4
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  018C0EFE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            018C0F28
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            018C0F52
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   018C0F7C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                018C0FA6
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  018C0FD0
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  018F0010
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   018F003A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                018F0064
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  018F008E
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                  018F00B8
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     018F00E2
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    018F010C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              018F0136
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    018F0160
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     018F018A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  018F01B4
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              018F01DE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     018F057A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   018F0994
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  018F09BE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  018F09E8
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                018F0A12
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   018F0A3C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  01910160
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                0191018A
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   019101B4
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                  019101DE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01910208
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]            01910232
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             018C0208
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    018C0358
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    018C01DE
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 018C025C
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   018C0286
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 018C02DA
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             018C0232
IAT    C:\Program Files\Kaspersky Internet Security 2009\avp.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   018C0304

---- Registry - GMER 1.0.14 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5e0fe4                                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5e0fe4@00125aa185dd                                                       0x1B 0x38 0x6E 0x77 ...
Reg    HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00125a5e0fe4                                                                        
Reg    HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00125a5e0fe4@00125aa185dd                                                           0x1B 0x38 0x6E 0x77 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                                                        0xE8 0xD9 0xFC 0xF0 ...

---- Disk sectors - GMER 1.0.14 ----

Disk   \Device\Harddisk0\DR0                                                                                                                          sector 01: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 02: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 03: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 04: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 05: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 06: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 07: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 08: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 09: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 10: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 11: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 12: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 13: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 14: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 15: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 16: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 17: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 18: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 19: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 20: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 21: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 22: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 23: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 24: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 25: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 26: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 27: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 28: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 29: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 30: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 31: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 32: rootkit-like behavior; copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 33: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 34: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 35: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 36: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 37: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 38: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 39: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 40: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 41: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 42: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 43: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 44: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 45: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 46: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 47: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 48: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 49: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 50: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 51: copy of MBR
Disk   \Device\Harddisk0\DR0                                                                                                                          sector 52: copy of MBR
Disk   \Device

---- EOF - GMER 1.0.14 ----

Danke für Eure Tipps. In der nächsten Antwort poste ich das HJT-File.

Gruß
Squad

Alt 18.10.2008, 16:36   #2
Squadron
 
Schon wieder "copy of mbr" Backdoor von Profis installiert? - Standard

Schon wieder "copy of mbr" Backdoor von Profis installiert?


und hier der Inhalt von HJT:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:58, on 18.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\STAMPIT\Binary\STRAY.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TAPICall\TAPICall_Core.exe
C:\Program Files\WISO\Sparbuch 2008\urteilsmonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Money\System\reminder.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [CanonUPW_000] C:\PROGRA~1\COMMON~1\Canon\UPW\200~1.0\UPWClean.exe /UPWClean "C:\Users\Klaus\AppData\Local\Temp\CanonUPW_000"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3584104523-2783686551-1197710267-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Klaus-Benutzer')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - S-1-5-21-3584104523-2783686551-1197710267-1001 Startup: Microsoft Office Outlook 2007.lnk = ? (User 'Klaus-Benutzer')
O4 - S-1-5-21-3584104523-2783686551-1197710267-1001 Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (User 'Klaus-Benutzer')
O4 - S-1-5-21-3584104523-2783686551-1197710267-1001 User Startup: Microsoft Office Outlook 2007.lnk = ? (User 'Klaus-Benutzer')
O4 - S-1-5-21-3584104523-2783686551-1197710267-1001 User Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (User 'Klaus-Benutzer')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TAPICall.lnk = C:\Program Files\TAPICall\TAPICall_Core.exe
O4 - Global Startup: WISO Urteilsmonitor.lnk = C:\Program Files\WISO\Sparbuch 2008\urteilsmonitor.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A7EC45-4833-4F9E-B9C9-5DAAF51B64F0}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FireDTV Common Interface (FDTvCISvc) - Digital Everywhere - C:\Program Files\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10267 bytes
__________________
Antwort

Themen zu Schon wieder "copy of mbr" Backdoor von Profis installiert?
.dll, avp.exe, backdoor, bytes, c:\windows, center, code, files, filter, gehackt, harddisk, hardware, internet, internet security, kaspersky, media center, microsoft, registry, scan, security, service, services, shell, shell32.dll, software, system, system32, version


« mal wieder csrss.exe | Trojaner von BetDefender entdeckt »


Ähnliche Themen: Schon wieder "copy of mbr" Backdoor von Profis installiert?


  1. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  2. WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"
    Log-Analyse und Auswertung - 19.02.2015 (10)
  3. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. "Polizei-Trojaner - österr. Variante" - Ist mein PC wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  7. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  8. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. "Copy of Shortcut to (1).ink" (virus?) auf USBstick- Datenübertragung ohne virenübertragung möglich?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (9)
  10. MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (24)
  11. "BDS/Backdoor.Gen" in "C:\Windows\Installer\MSI7D1E.tmp"
    Plagegeister aller Art und deren Bekämpfung - 08.02.2010 (1)
  12. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  13. ich glaub es nicht, schon wieder! "TR/Crypt.XPACK.Gen"
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (2)
  14. Windows XP neu installiert "Anwendungen werden installiert"?
    Alles rund um Windows - 26.05.2009 (2)
  15. Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"
    Log-Analyse und Auswertung - 21.10.2008 (14)
  16. "Hijacked Internet access by WebHancer" installiert "Antivirus 2009 XP"
    Log-Analyse und Auswertung - 18.08.2008 (1)
  17. Escan findet wieder "backdoor (ircbot) trojans"
    Plagegeister aller Art und deren Bekämpfung - 15.04.2008 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schon wieder "copy of mbr" Backdoor von Profis installiert? - Hallo, könnt Ihr da mal einen Blick drauf werfen? Wir hatte die komplette Hardware getauscht, aber wir befürchten, schon wieder gehackt worden zu sein. Gmer: Code: Alles auswählen Aufklappen ATTFilter - Schon wieder "copy of mbr" Backdoor von Profis installiert?...
Archiv
Du betrachtest: Schon wieder "copy of mbr" Backdoor von Profis installiert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19