TR/Crypt.XPACK.Gen

BlackHawk94 · 04.10.2009, 11:39

Hallo Leute,
Habe folgendes Problem mit diesem oben genannten Plagegeist. Und zwar hat er sich bei mir in dem ordner system volume information/_restore in 2 dateien reingeklemmt(A0052100.exe und A0052099.exe) Kann mir einer weiterhelfen???

gruß

BlackHawk94

BlackHawk94 · 04.10.2009, 15:05

So eine weitere info:
Hab nochmal antivir durchlaufen lassen und jetzt ist auch A0052117.exe betroffen. Alle 3 dateien sind in der Quarantäne. Aber habe auch gelesen dass dies ein Fehlalarm wäre, ist es jetzt bei mir Fehlalarm oder ernst??

nochdigger · 04.10.2009, 16:34

Hallo und

arbeite bitte zuerst diese Anleitung ab
http://www.trojaner-board.de/69886-a...-beachten.html
und poste anschließend alle entstandenen Logs hierher, hänge sie an oder wenn sie zu groß sein sollten,
lade sie bei einem Filehoster hoch (z.B. File-Upload.net - Ihr kostenloser File Hoster!)

MFG

BlackHawk94 · 04.10.2009, 17:10

eine frage zum Anti-Malware: Muss ich vorher die 3 aus der Quarantäne nehmen oder erkennt er die so???

Bericht MBAM:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2905
Windows 5.1.2600 Service Pack 2

04.10.2009 18:45:10
mbam-log-2009-10-04 (18-45-10).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 218063
Laufzeit: 39 minute(s), 55 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Download\30.06.09_Test Copy\Ahead.NeroMIX.v1.4.0.25\cr-n6601.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\Download\30.06.09_Test Copy\Nero.Burnung.Rom.6.6.0.15a\Keygen-ORiON\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

BlackHawk94 · 04.10.2009, 18:06

RSIT info.txt:
info.txt logfile of random's system information tool 1.06 2009-10-04 19:05:00

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Sansa Media Converter-->"C:\Programme\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
@BIOS -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
18 Wheels of Steel: Haulin' -->C:\Programme\18 Wheels of Steel Haulin\uninst.exe
ACDSee Pro-->MsiExec.exe /I{71E42058-1C26-4B3B-ACEE-9583AD5F20B8}
Acronis*True*Image*Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Agnitum Outpost Firewall Pro-->C:\Programme\Agnitum\Outpost Firewall\uninst.exe
AMD Processor Driver-->C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0007 -removeonly
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
Audiograbber Lame PlugIn 3.96 APS -->C:\WINDOWS\uninstall\Audiograbber Lame PlugIn\setup.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Big Mutha Truckers 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FA075505-EFF6-4006-8E9F-921E09774684}\Setup.exe" -l0x7
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty(R) 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Canon iP4300 Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP4300\UNINST.EXE
Canon iP4300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Setup Utility 2.3-->"C:\Programme\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Cobra 11 - Burning Wheels Demo (remove only)-->"C:\Programme\Cobra 11 - Burning Wheels Demo\Uninstall.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.0-->"C:\Programme\DVDFab 5\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Euro Truck Simulator 1.00-->C:\Programme\Euro Truck Simulator\uninst.exe
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FlatOut2-->MsiExec.exe /I{7E641E46-81DB-4D1D-906A-48342523051C}
FlorensiaEU 1.08.17-->C:\Programme\Netts\uninst.exe
Free YouTube Download 2.2-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe"
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe" -l0x7
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
IsoBuster 2.3-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
jetAudio Basic-->C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe -runfromtemp -l0x0007 -removeonly
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Landwirtschafts-Simulator 2009-->"C:\Programme\Landwirtschafts-Simulator 2009\unins000.exe"
Logitech SetPoint-->"C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Lotus Notes-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Lotus\Notes\Uninst.isu
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Enterprise Edition (Deutsch)-->"C:\Programme\Microsoft Visual Studio\VB98\Setup\1031\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Miranda IM 0.8.0-->C:\Programme\Miranda IM\Uninstall.exe
MozBackup 1.4.9-->C:\Programme\MozBackup\Uninstall.exe
Mozilla Firefox (3.5.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.43-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed Underground 2-->C:\Programme\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ Most Wanted-->C:\Programme\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Reloaded PlugIn Pack-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6F3A55C7-A2A1-4B4A-8D00-341C270C73E4}\setup.exe" -l0x7 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenAL-->"C:\Programme\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}
Packet Tracer 3.2-->"C:\Programme\Packet Tracer 3.2\unins000.exe"
Pariah-->C:\Programme\Pariah\System\Setup.exe uninstall "Pariah"
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF-Viewer-->"C:\Programme\Tracker Software\PDF Viewer\unins000.exe"
PDF-XChange Shell Extensions-->"C:\Programme\Tracker Software\Shell Extensions\unins000.exe"
PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
ProtectDisc Driver, Version 11-->C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe
Pure-->C:\Programme\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0007 Pure -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Schiffsim 2006-->"C:\Programme\Vstep\Schiffsim2006\uninstall.exe"
SIW version 2009-07-28-->"C:\Programme\SIW\unins000.exe"
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Splinter Cell Pandora Tomorrow-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x7
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TeraCopy 2.0 beta 3-->"C:\Programme\TeraCopy\unins000.exe"
Tom Clancy's H.A.W.X Demo-->"C:\Programme\InstallShield Installation Information\{6C596FD6-C378-4399-93F1-43A206759B23}\setup.exe" -runfromtemp -l0x0007 -removeonly
Tom Clancy's Splinter Cell Chaos Theory-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}\setup.exe" -l0x7 -removeonly
Tom Clancy's Splinter Cell-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A174402A-2EE6-4B86-A930-7BC85A9933BD}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VLC media player 1.0.1-->C:\Programme\VideoLAN\VLC\uninstall.exe
WBFS Manager 3.0-->C:\Programme\WBFS\WBFS Manager 3.0\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
Wise Disk Cleaner 4.52-->"C:\Programme\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 4 Free 4.62-->"C:\Programme\Wise Registry Cleaner\unins000.exe"
World Racing 2-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC} /l1031
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)
FW: Outpost Firewall Pro

======System event log======

Computer Name: AMD5400
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 2305
Source Name: Service Control Manager
Time Written: 20090817102545.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: AMD5400
Event Code: 7036
Message: Dienst "Netzwerkverbindungen" befindet sich jetzt im Status "Ausgeführt".

Record Number: 2304
Source Name: Service Control Manager
Time Written: 20090817102545.000000+120
Event Type: Informationen
User:

Computer Name: AMD5400
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 2303
Source Name: Service Control Manager
Time Written: 20090817102545.000000+120
Event Type: Informationen
User:

Computer Name: AMD5400
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Netzwerkverbindungen" gesendet.

Record Number: 2302
Source Name: Service Control Manager
Time Written: 20090817102545.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: AMD5400
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 2301
Source Name: Service Control Manager
Time Written: 20090817102545.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: AMD5400
Event Code: 4097
Message: Die Anwendung "C:\Programme\Euro Truck Simulator\game.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 27.06.2009 um 14:30:44.484
Ausnahme: c0000005 an Adresse 0040E9AC (game!cvar_register_variable)

Record Number: 97
Source Name: DrWatson
Time Written: 20090627143044.000000+120
Event Type: Informationen
User:

Computer Name: AMD5400
Event Code: 1000
Message: Fehlgeschlagene Anwendung game.exe, Version 1.3.0.0, fehlgeschlagenes Modul game.exe, Version 1.3.0.0, Fehleradresse 0x0000e9ac.

Record Number: 96
Source Name: Application Error
Time Written: 20090627143030.000000+120
Event Type: Fehler
User:

Computer Name: AMD5400
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 95
Source Name: Avira AntiVir
Time Written: 20090627093837.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: AMD5400
Event Code: 4097
Message: Die Anwendung "C:\Programme\Euro Truck Simulator\game.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 26.06.2009 um 12:47:19.843
Ausnahme: c0000005 an Adresse 0040E9AC (game!cvar_register_variable)

Record Number: 94
Source Name: DrWatson
Time Written: 20090626124719.000000+120
Event Type: Informationen
User:

Computer Name: AMD5400
Event Code: 1000
Message: Fehlgeschlagene Anwendung game.exe, Version 1.3.0.0, fehlgeschlagenes Modul game.exe, Version 1.3.0.0, Fehleradresse 0x0000e9ac.

Record Number: 93
Source Name: Application Error
Time Written: 20090626124701.000000+120
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

BlackHawk94 · 04.10.2009, 18:07

RSIT log.txt(part1):
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-10-04 19:04:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 315 GB (66%) free of 477 GB
Total RAM: 1983 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:58, on 04.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Opera\opera.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programme\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3837DB4D-CF61-4514-8E2E-9D28357A2E56}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programme\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 6993 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
PDF-XChange Viewer IE-Plugin - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll [2009-08-14 1093400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"Outpost Firewall"=C:\Programme\Agnitum\Outpost Firewall\outpost.exe [2006-10-20 94720]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-11-27 4386336]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2008-11-27 165144]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2008-11-27 962584]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-11-11 15360]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoDrives"=00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c96c4b2-5e82-11de-a95a-00241d14a36c}]
shell\AutoRun\command - D:\setup.exe

======List of files/folders created in the last 1 months======

2009-10-04 19:04:44 ----D---- C:\Programme\trend micro
2009-10-04 19:04:42 ----D---- C:\rsit
2009-10-04 18:02:16 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2009-10-04 18:02:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-10-04 18:02:11 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-04 17:56:02 ----D---- C:\Programme\CCleaner
2009-09-28 14:46:29 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\portable
2009-09-27 16:25:42 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahead
2009-09-27 16:20:55 ----N---- C:\WINDOWS\UNNeroVision.exe
2009-09-27 16:20:48 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-09-27 16:20:48 ----N---- C:\WINDOWS\system32\picn20.dll
2009-09-27 16:20:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead
2009-09-27 14:29:26 ----D---- C:\Programme\Alcohol Soft
2009-09-27 13:51:52 ----D---- C:\Programme\Team-GEAR
2009-09-19 16:17:21 ----D---- C:\Sicherung IPTE Marco
2009-09-19 16:08:21 ----D---- C:\Programme\PowerQuest
2009-09-19 14:00:30 ----D---- C:\Programme\WBFS
2009-09-19 14:00:26 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-09-19 14:00:23 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-09-19 14:00:15 ----D---- C:\WINDOWS\system32\de-DE
2009-09-19 13:59:19 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-19 13:59:17 ----D---- C:\Programme\MSBuild
2009-09-19 13:59:16 ----D---- C:\WINDOWS\system32\en-US
2009-09-19 13:59:13 ----D---- C:\Programme\Reference Assemblies
2009-09-19 13:58:50 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-19 13:58:50 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-19 13:58:50 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-19 13:58:50 ----D---- C:\a7183d2c260b049710a4923ec2d40982
2009-09-19 13:57:00 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-19 13:56:57 ----D---- C:\Programme\MSXML 6.0
2009-09-15 17:32:25 ----D---- C:\Max Crass Method (ARM7)
2009-09-15 14:44:11 ----D---- C:\Programme\Solid Edge V20
2009-09-15 14:41:15 ----RSD---- C:\WINDOWS\assembly
2009-09-15 14:40:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-14 14:47:55 ----D---- C:\Programme\Netts
2009-09-14 14:09:45 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
2009-09-14 14:09:37 ----D---- C:\Programme\Opera
2009-09-12 10:23:17 ----D---- C:\Programme\Lotus
2009-09-12 08:40:44 ----A---- C:\WINDOWS\lotus.ini
2009-09-12 08:40:42 ----A---- C:\WINDOWS\system32\nwnsp32.dll
2009-09-11 18:42:03 ----D---- C:\Programme\Pariah
2009-09-11 18:16:39 ----D---- C:\Programme\LEGO Media
2009-09-11 17:57:51 ----D---- C:\Programme\Croteam
2009-09-11 17:47:18 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-09-11 17:46:27 ----D---- C:\Programme\Microsoft.NET
2009-09-11 17:44:39 ----D---- C:\Programme\Microsoft Works
2009-09-11 17:43:45 ----D---- C:\WINDOWS\SHELLNEW
2009-09-11 17:43:16 ----D---- C:\Programme\Microsoft Office
2009-09-11 15:04:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
2009-09-11 14:40:39 ----RA---- C:\WINDOWS\system32\xmltok.dll
2009-09-11 14:40:39 ----RA---- C:\WINDOWS\system32\xmlparse.dll
2009-09-11 14:40:39 ----RA---- C:\WINDOWS\system32\xmlinst.exe
2009-09-11 14:40:38 ----N---- C:\WINDOWS\system32\msxml3a.dll
2009-09-11 14:35:25 ----D---- C:\Programme\Ubi Soft

BlackHawk94 · 04.10.2009, 18:09

RSIT log.txt(part 2):
======List of files/folders modified in the last 1 months======

2009-10-04 19:04:50 ----D---- C:\WINDOWS\Prefetch
2009-10-04 19:04:44 ----RD---- C:\Programme
2009-10-04 18:48:11 ----D---- C:\Programme\Mozilla Firefox
2009-10-04 18:47:57 ----D---- C:\WINDOWS\Temp
2009-10-04 18:47:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-04 18:47:51 ----D---- C:\WINDOWS
2009-10-04 18:47:44 ----A---- C:\WINDOWS\ODBC.INI
2009-10-04 18:46:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-04 18:08:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeraCopy
2009-10-04 18:02:13 ----D---- C:\WINDOWS\system32\drivers
2009-10-04 18:01:31 ----D---- C:\Download
2009-10-04 17:58:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-10-04 17:58:27 ----D---- C:\WINDOWS\Minidump
2009-10-04 17:58:27 ----D---- C:\WINDOWS\Debug
2009-10-04 10:43:36 ----D---- C:\Programme\Mozilla Thunderbird
2009-10-03 19:12:00 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2009-10-03 17:55:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-02 14:18:39 ----D---- C:\Programme\Q3Arena
2009-09-29 19:39:44 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss
2009-09-28 16:46:29 ----HD---- C:\WINDOWS\inf
2009-09-28 15:32:46 ----SHD---- C:\WINDOWS\Installer
2009-09-27 16:20:50 ----D---- C:\Programme\Ahead
2009-09-27 16:20:48 ----D---- C:\WINDOWS\system32
2009-09-27 15:24:36 ----D---- C:\Programme\Gemeinsame Dateien\Logishrd
2009-09-27 15:24:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-27 13:51:52 ----HD---- C:\Programme\InstallShield Installation Information
2009-09-26 11:14:02 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-09-19 14:00:30 ----D---- C:\WINDOWS\WinSxS
2009-09-19 13:59:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-19 13:59:15 ----RSD---- C:\WINDOWS\Fonts
2009-09-19 13:59:03 ----D---- C:\WINDOWS\system32\spool
2009-09-19 13:57:58 ----D---- C:\Programme\Internet Explorer
2009-09-19 12:27:53 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2009-09-19 12:27:53 ----D---- C:\WINDOWS\system32\wbem
2009-09-17 16:38:11 ----D---- C:\Programme\Spybot - Search & Destroy
2009-09-16 17:44:25 ----D---- C:\Programme\EA GAMES
2009-09-16 17:44:16 ----D---- C:\WINDOWS\system32\DirectX
2009-09-14 14:53:58 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-09-11 17:47:09 ----A---- C:\WINDOWS\win.ini
2009-09-11 17:46:54 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-09-11 17:44:06 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-09-11 17:43:28 ----D---- C:\WINDOWS\Help
2009-09-11 17:43:16 ----D---- C:\WINDOWS\pchealth
2009-09-11 17:39:37 ----D---- C:\WINDOWS\system
2009-09-11 14:47:38 ----D---- C:\Programme\Ubisoft
2009-09-08 22:02:00 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-07 20:41:31 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SandBox;Outpost Firewall Sandbox Driver; \??\C:\Programme\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VFILT;Outpost Firewall Kernel Driver; \??\C:\Programme\Agnitum\Outpost Firewall\kernel\FILTNT.SYS []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-28 55656]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-21 44704]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL []
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\ARP.DLL []
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\CONTENT.DLL []
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL []
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL []
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL []
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL []
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-06-21 10368]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL []
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\PROTECT.DLL []
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL); \??\C:\Programme\Agnitum\Outpost Firewall\kernel\SECRET.DLL []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-11-11 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-11-11 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-11-11 17024]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2008-11-27 554264]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-28 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-25 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 OutpostFirewall;Outpost Firewall Service; C:\Programme\Agnitum\Outpost Firewall\outpost.exe [2006-10-20 94720]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-11-11 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-11-11 14336]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

nochdigger · 04.10.2009, 18:30

Hallo

schlechte Nachrichten, da du Keygens auf deinem System verwendest
(du hast dir selbst ne Backdoor installiert

)

Zitat:

C:\Download\30.06.09_Test Copy\Ahead.NeroMIX.v1.4.0.25\cr-n6601.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\Download\30.06.09_Test Copy\Nero.Burnung.Rom.6.6.0.15a\Keygen-ORiON\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

hast du eine Neuinstallation des Systems gewonnen und ich stelle den Support hiermit ein.

Ändere nach der Neuinstallation oder von einem sauberen System aus alle deine Pass- und Kennwörter.
Wenn du eine Sicherung deiner Daten durchführen möchtest,
lass die Finger von ausführbare Dateien
und Dateien aus unsicheren Quellen wie P2P.
Musik, Videos, Bilder und Officedateien können i.d.R. problemlos gesichert werden,
sollten aber vor dem wiederverwenden mit einem aktuellem Antivirenprogramm überprüft werden.

MFG

BlackHawk94 · 04.10.2009, 18:47

Kann ich nicht irwie den Backdoor runtermachen??? Zwar hab ich vorhern Backup gemacht hab aber nicht wirklich lust den ganzen rechner nen tagdurchlaufen zu lassen?? Weil den keygen hab ich gar nicht benutzt weil ich noch ne lizenz von meinem bruder hatte. Das ist auch erst heute morgen gekommen habe aber den ordner seit 2wochen schon drauf und zwischendrin 5scans gemacht

TR/Crypt.XPACK.Gen

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen