Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)

Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)


Log-Analyse und Auswertung: Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.12.2009, 22:01   #16
yaichino
 
Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242) - Standard

Logfiles von RSIT (1)


RSIT Logfile 1:

Logfile of random's system information tool 1.06 (written by random/random)
Run by yaichi_san at 2009-12-06 00:10:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (15%) free of 89 GB
Total RAM: 1014 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:52, on 06.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\V0230Mon.exe
C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Adobe\Photoshop 7.0\Photoshop.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Dokumente und Einstellungen\yaichi_san\Eigene Dateien\Downloads\RSIT.exe
C:\Dokumente und Einstellungen\yaichi_san\Eigene Dateien\Downloads\yaichi_san.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2096149
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
R3 - URLSearchHook: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Programme\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203634056703
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Programme\Norton Internet Security\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Norton Protection Center-Dienst (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 12783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2007-01-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Programme\BitComet\tools\BitCometBHO_1.2.1.2.dll [2008-01-25 496952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
Eazel-DE Toolbar - C:\Programme\Eazel-DE\tbEaze.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programme\google\googletoolbar2.dll [2007-01-19 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll [2008-07-28 882416]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Programme\StumbleUpon\StumbleUponIEBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar2.dll [2007-01-19 2427968]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2007-01-26 262144]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - Eazel-DE Toolbar - C:\Programme\Eazel-DE\tbEaze.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-03 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-11-08 61952]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-11-11 761945]
"hpWirelessAssistant"=C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"ccApp"=c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2007-02-22 52840]
"QPService"=C:\Programme\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start []
"Cpqset"=C:\Programme\HPQ\Default Settings\cpqset.exe []
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Lexmark X6100 Series"=C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe [2003-09-23 57344]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2007-12-31 185896]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-01-18 98304]
"!AVG Anti-Spyware"=C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"lxdimon.exe"=C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe [2007-05-07 435120]
"lxdiamon"=C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe [2007-03-05 20480]
"FaxCenterServer"=C:\Programme\\Lexmark Fax Solutions\fm3032.exe [2007-05-07 312240]
"V0230Mon.exe"=C:\WINDOWS\V0230Mon.exe [2006-09-07 32768]
"AVFX Engine"=C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-06-09 24576]
"CTRegRun"=C:\WINDOWS\CTRegRun.EXE [1999-10-10 41984]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
"BitComet"=C:\Programme\BitComet\BitComet.exe [2008-02-01 2194744]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]
"ClipIncSrvTray"=C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe [2009-03-16 668424]
"Veoh"=C:\Programme\Veoh Networks\Veoh\VeohClient.exe [2008-06-19 3664944]
""= []
"Creative Live! Cam Manager"=C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]
"Messenger (Yahoo!)"=C:\Programme\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0a\aoltray.exe
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Programme\AOL 9.0a\waol.exe"="C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\lxdicoms.exe"="C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe"="C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Programme\Lexmark 3500-4500 Series\App4R.exe"="C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Programme\Lexmark Fax Solutions\FaxCtr.exe"="C:\Programme\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe"="C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabledevice Monitor"
"C:\Dokumente und Einstellungen\yaichi_san\Lokale Einstellungen\Temp\lxdi\wireless\GERMAN\lxdiwpss.exe"="C:\Dokumente und Einstellungen\yaichi_san\Lokale Einstellungen\Temp\lxdi\wireless\GERMAN\lxdiwpss.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\WS_FTP Pro\ftp95pro.exe"="C:\Program Files\WS_FTP Pro\ftp95pro.exe:*:Enabled:WS_FTP 95"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\SightSpeed\SightSpeed.exe"="C:\Programme\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Programme\AOL 9.0a\waol.exe"="C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"C:\Programme\Lexmark 3500-4500 Series\app4r.exe"="C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea174a6-df1e-11dc-9b30-00130229bd6c}]
shell\AutoRun\command - G:\Autorun.exe /run
shell\Shell00\command - G:\Autorun.exe /run
shell\Shell01\command - G:\Autorun.exe /action
shell\Shell02\command - G:\Autorun.exe /uninstall


======List of files/folders created in the last 3 months======

2009-12-06 00:10:36 ----D---- C:\rsit
2009-12-04 17:12:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-30 23:26:05 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-30 19:43:48 ----D---- C:\Programme\CCleaner
2009-11-25 20:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 13:35:13 ----D---- C:\Programme\Conduit
2009-11-24 13:35:06 ----D---- C:\Programme\Eazel-DE
2009-11-24 13:34:07 ----D---- C:\Programme\AC3D 6.4.30
2009-11-13 18:24:27 ----D---- C:\Programme\Avira
2009-11-13 18:24:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-11-12 06:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-10-26 22:31:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-10-25 20:00:51 ----D---- C:\Programme\Microsoft Sync Framework
2009-10-25 19:59:12 ----D---- C:\Programme\Windows Live SkyDrive
2009-10-25 19:41:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-25 19:40:12 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-10-25 19:38:31 ----D---- C:\Programme\Microsoft
2009-10-25 19:22:39 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live
2009-10-15 19:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 19:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 19:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 19:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 19:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 19:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 19:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 19:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 19:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-09-13 17:57:14 ----D---- C:\Programme\VOCALOID
2009-09-09 20:51:10 ----D---- C:\Dokumente und Einstellungen\yaichi_san\Anwendungsdaten\Malwarebytes
2009-09-09 20:50:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-09 19:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 19:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 19:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

======List of files/folders modified in the last 3 months======

2009-12-06 00:09:10 ----D---- C:\WINDOWS\Prefetch
2009-12-05 23:38:57 ----D---- C:\WINDOWS\Tasks
2009-12-05 19:25:08 ----D---- C:\WINDOWS\Temp
2009-12-05 11:53:24 ----D---- C:\Programme\Mozilla Firefox
2009-12-05 11:06:45 ----ASH---- C:\hpqp.ini
2009-12-05 11:06:33 ----A---- C:\XP_TV.ini
2009-12-05 11:06:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-05 11:06:21 ----D---- C:\Dokumente und Einstellungen\yaichi_san\Anwendungsdaten\WTablet
2009-12-05 11:06:04 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-12-04 23:43:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-04 23:27:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-12-04 21:47:02 ----D---- C:\WINDOWS\system32\drivers
2009-12-04 21:47:02 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-04 19:52:50 ----D---- C:\WINDOWS\system32
2009-12-04 19:19:09 ----D---- C:\No23Recorder
2009-12-04 17:12:10 ----D---- C:\Programme
2009-12-02 19:40:31 ----SD---- C:\Dokumente und Einstellungen\yaichi_san\Anwendungsdaten\Microsoft
2009-12-02 18:29:41 ----A---- C:\WINDOWS\lexstat.ini
2009-12-01 23:30:03 ----D---- C:\WINDOWS
2009-12-01 20:06:00 ----D---- C:\Downloads
2009-11-30 20:07:57 ----D---- C:\WINDOWS\Debug
2009-11-30 20:07:52 ----D---- C:\WINDOWS\Minidump
2009-11-30 19:24:04 ----HD---- C:\WINDOWS\inf
2009-11-28 10:20:29 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-27 13:39:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-25 20:01:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 20:00:45 ----SHD---- C:\WINDOWS\Installer
2009-11-25 20:00:45 ----D---- C:\Config.Msi
2009-11-25 20:00:43 ----D---- C:\WINDOWS\WinSxS
2009-11-25 11:33:22 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 20:01:19 ----D---- C:\WINDOWS\ie7updates
2009-10-28 16:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-26 06:59:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 20:01:07 ----D---- C:\Programme\Windows Live
2009-10-25 20:01:04 ----D---- C:\Programme\Windows Live Toolbar
2009-10-25 19:41:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-10-25 19:41:01 ----D---- C:\WINDOWS\system32\DirectX
2009-10-25 19:37:40 ----RSD---- C:\WINDOWS\Fonts
2009-10-25 19:22:39 ----D---- C:\Programme\Gemeinsame Dateien
2009-10-21 05:06:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-15 19:03:45 ----D---- C:\WINDOWS\system32\de-de
2009-10-15 19:03:45 ----D---- C:\Programme\Internet Explorer
2009-10-11 09:27:46 ----HD---- C:\Programme\InstallShield Installation Information
2009-10-11 09:26:40 ----D---- C:\Program Files
2009-10-05 19:34:25 ----D---- C:\GTK
2009-10-05 19:31:25 ----D---- C:\Programme\CursorXP
2009-10-02 05:46:03 ----D---- C:\WINDOWS\Help
2009-09-14 17:59:45 ----D---- C:\Dokumente und Einstellungen\yaichi_san\Anwendungsdaten\Real
2009-09-11 15:06:50 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-09 20:22:36 ----D---- C:\Dokumente und Einstellungen\yaichi_san\Anwendungsdaten\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2005-11-08 533504]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-11 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-31 1428096]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC-Miniportgerätetreiber; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-18 35913]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20080415.002\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 V0230Vfx;V0230Vfx; C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
S3 V0230VID;Live! Cam Video IM Pro; C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-29 500480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 ccEvtMgr;Symantec Event Manager; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2007-02-22 192104]
R2 ccProxy;Symantec Network Proxy; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe [2007-09-13 202088]
R2 ccSetMgr;Symantec Settings Manager; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2007-02-22 169576]
R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2009-05-27 2230024]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-09-23 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 lxdi_device;lxdi_device; C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
R2 NSCService;Norton Protection Center-Dienst; C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
R2 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Symantec Core LC;Symantec Core LC; C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 SNDSrvc;Symantec Network Drivers Service; c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Programme\Norton Internet Security\ccPwdSvc.exe [2007-02-20 72328]
S3 comHost;COM Host; c:\Programme\Norton Internet Security\comHost.exe [2007-02-01 45696]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 SPBBCSvc;Symantec SPBBCSvc; c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-16 1160800]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]

-----------------EOF-----------------



PS: Den INFOTEXT hab ich noch nicht gepostet, weil ich nicht wusste, was mit "minimiert" gemeind war..gibt es nur einen wichtigen part davon, denn man dazu benötigt, wenn ja....welcher wer das????

 

Themen zu Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)
.com, abgesicherten modus, antivir guard, antivirus, auf einmal, avira, bho, browser, desktop, firefox, google, helper, hijack, hijackthis, hkus\s-1-5-18, home, internet security, launch, mozilla, plug-in, problem gelöst, programm, prozess, security, shortcut, software, symantec, system, temp ordner, temp-ordner, trojaner, tronjaner, virus, windows, windows xp, wrapper


« Rechner wird langsamer, immer hoher Ping | Generic Host Prozess für Win32 hat ein Problem festgestellt - und vieles mehr »


Ähnliche Themen: Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)


  1. Tool für Entschlüsselung benötigt Win32.Injector.faca
    Log-Analyse und Auswertung - 11.02.2013 (3)
  2. Ukash Luxemb. Polizei Trojaner , Isass.exe, ctfmon.lon, TR/Drop.Injector.fydy Trojan
    Log-Analyse und Auswertung - 15.11.2012 (16)
  3. "TR/Drop.Injector.fkta" bei Windows Vista
    Log-Analyse und Auswertung - 11.09.2012 (13)
  4. TR/Drop.Injector.fonv.1, TR/Drop.Injector.fnus.1, EXP/2012-1723.DG.1
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  5. TR/Agent.VB.1624 und TR/Drop.Injector.filw
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (23)
  6. TR/Drop.injector.fkqc gefunden
    Log-Analyse und Auswertung - 08.08.2012 (4)
  7. Antivir meldet mehrere Funde: TR/Spy.Farko.mj / RKIT/Agent.deob / ...
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (14)
  8. drop.injector.firp und TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  9. Tr/drop.injector.firp auf PC
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  10. mehrere Probleme u.a. hacken und trojaner oder rootkit im system
    Log-Analyse und Auswertung - 02.01.2012 (1)
  11. Nach klicken auf Facebooklink Viren TR/Injector.ACk und TR/Drop.Fignotok.A.11
    Log-Analyse und Auswertung - 16.10.2011 (3)
  12. TR/Spy.Bebloh.A.59 TR und */Drop.Bebloh.7344 */Injector.AOC.3 und Abstürze
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (33)
  13. habe einen trojaner oder sogar mehrere!
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (5)
  14. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  15. Seltsame Dateien im Tempordner - gefährlich oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (7)
  16. Brauche Hilfe bei mehrere Viren, Trojaner oder Spyware
    Plagegeister aller Art und deren Bekämpfung - 21.04.2008 (24)
  17. Habe hier 1 oder mehrere Trojaner
    Log-Analyse und Auswertung - 03.06.2006 (46)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242) - RSIT Logfile 1: Logfile of random's system information tool 1.06 (written by random/random) Run by yaichi_san at 2009-12-06 00:10:36 Microsoft Windows XP Home Edition Service Pack 2 System drive C: - Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)...
Archiv
Du betrachtest: Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132