| |
| |||||||
Log-Analyse und Auswertung: Hatte 2 Trojaner und wollte Hijack prüfen lassenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.02.2010, 20:49
| #1 |
| |  Hatte 2 Trojaner und wollte Hijack prüfen lassen Hallo Antivir hat heute die beiden Trojander Fraudpack.alpr und Dldr.agent.dcvw entdeckt und gelöscht hier ist mein hijack und wollte wissen ob noch was zu retten ist Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 20:46:04, on 19.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\System32\dllhost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\...\windows-kb890830-v3.4.exe c:\dc47ac45db56b0428740d3bac0\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232365938390 O17 - HKLM\System\CCS\Services\Tcpip\..\{2E90628A-2A46-43BC-BD1C-9B2C516D3780}: NameServer = 217.0.43.161 217.0.43.177 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 6555 bytes Copyed |
|
19.02.2010, 21:51
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hatte 2 Trojaner und wollte Hijack prüfen lassen Hallo und
__________________ Zitat:
Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________ |
|
19.02.2010, 22:07
| #3 |
| | Hatte 2 Trojaner und wollte Hijack prüfen lassenCode:
ATTFilter
Avira AntiVir Personal
Report file date: Freitag, 19. Februar 2010 19:24
Scanning for 1775102 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COPY
Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 22.01.2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 14:35:13
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 06:04:39
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 20:06:17
VBASE004.VDF : 7.10.3.76 2048 Bytes 26.01.2010 20:06:17
VBASE005.VDF : 7.10.3.77 2048 Bytes 26.01.2010 20:06:17
VBASE006.VDF : 7.10.3.78 2048 Bytes 26.01.2010 20:06:17
VBASE007.VDF : 7.10.3.79 2048 Bytes 26.01.2010 20:06:17
VBASE008.VDF : 7.10.3.80 2048 Bytes 26.01.2010 20:06:17
VBASE009.VDF : 7.10.3.81 2048 Bytes 26.01.2010 20:06:17
VBASE010.VDF : 7.10.3.82 2048 Bytes 26.01.2010 20:06:17
VBASE011.VDF : 7.10.3.83 2048 Bytes 26.01.2010 20:06:18
VBASE012.VDF : 7.10.3.84 2048 Bytes 26.01.2010 20:06:18
VBASE013.VDF : 7.10.3.85 2048 Bytes 26.01.2010 20:06:18
VBASE014.VDF : 7.10.3.122 172544 Bytes 29.01.2010 19:34:05
VBASE015.VDF : 7.10.3.149 79872 Bytes 01.02.2010 09:21:56
VBASE016.VDF : 7.10.3.174 68608 Bytes 03.02.2010 09:21:56
VBASE017.VDF : 7.10.3.199 76800 Bytes 04.02.2010 09:21:57
VBASE018.VDF : 7.10.3.222 64512 Bytes 05.02.2010 09:21:57
VBASE019.VDF : 7.10.3.243 75776 Bytes 08.02.2010 09:21:58
VBASE020.VDF : 7.10.4.6 81920 Bytes 09.02.2010 09:21:58
VBASE021.VDF : 7.10.4.30 78848 Bytes 11.02.2010 09:21:58
VBASE022.VDF : 7.10.4.50 107520 Bytes 15.02.2010 07:43:29
VBASE023.VDF : 7.10.4.62 105472 Bytes 15.02.2010 07:43:29
VBASE024.VDF : 7.10.4.85 111616 Bytes 17.02.2010 18:21:39
VBASE025.VDF : 7.10.4.86 2048 Bytes 17.02.2010 18:21:39
VBASE026.VDF : 7.10.4.87 2048 Bytes 17.02.2010 18:21:39
VBASE027.VDF : 7.10.4.88 2048 Bytes 17.02.2010 18:21:39
VBASE028.VDF : 7.10.4.89 2048 Bytes 17.02.2010 18:21:40
VBASE029.VDF : 7.10.4.90 2048 Bytes 17.02.2010 18:21:40
VBASE030.VDF : 7.10.4.91 2048 Bytes 17.02.2010 18:21:40
VBASE031.VDF : 7.10.4.104 92160 Bytes 19.02.2010 18:21:40
Engineversion : 8.2.1.170
AEVDF.DLL : 8.1.1.3 106868 Bytes 23.01.2010 06:04:29
AESCRIPT.DLL : 8.1.3.15 827771 Bytes 14.02.2010 09:21:59
AESCN.DLL : 8.1.4.0 127348 Bytes 27.01.2010 20:07:00
AESBX.DLL : 8.1.1.1 246132 Bytes 08.11.2009 06:38:44
AERDL.DLL : 8.1.4.2 479602 Bytes 14.02.2010 09:21:58
AEPACK.DLL : 8.2.0.8 426357 Bytes 14.02.2010 09:21:57
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08.11.2009 06:38:38
AEHEUR.DLL : 8.1.1.5 2326901 Bytes 12.02.2010 09:22:05
AEHELP.DLL : 8.1.10.0 237942 Bytes 16.01.2010 22:36:24
AEGEN.DLL : 8.1.1.86 369012 Bytes 12.02.2010 09:22:01
AEEMU.DLL : 8.1.1.0 393587 Bytes 08.11.2009 06:38:26
AECORE.DLL : 8.1.11.1 184694 Bytes 12.02.2010 09:22:00
AEBB.DLL : 8.1.0.3 53618 Bytes 08.11.2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26.08.2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 19.02.2010 18:21:41
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13.10.2009 11:25:47
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Freitag, 19. Februar 2010 19:24
Starting search for hidden objects.
'48693' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'browser.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'Notifier.exe' - '1' Module(s) have been scanned
Scan process 'PROFIL~1.EXE' - '1' Module(s) have been scanned
Scan process 'sc_watch.exe' - '1' Module(s) have been scanned
Scan process 'kernel.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'MZCCntrl.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'FireWall.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'ToADiMon.exe' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{D8DAB6B3-DF4C-466A-BC5E-8430FD5181AB}\RP9\A0000797.exe
[DETECTION] Is the TR/Dldr.Agent.dcvw Trojan
Beginning disinfection:
C:\System Volume Information\_restore{D8DAB6B3-DF4C-466A-BC5E-8430FD5181AB}\RP9\A0000797.exe
[DETECTION] Is the TR/Dldr.Agent.dcvw Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
End of the scan: Freitag, 19. Februar 2010 20:44
Used time: 1:15:59 Hour(s)
The scan has been done completely.
6522 Scanned directories
275973 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
275971 Files not concerned
1738 Archives were scanned
2 Warnings
2 Notes
48693 Objects were scanned with rootkit scan
0 Hidden objects were found
Code:
ATTFilter Virus or unwanted program 'TR/FraudPack.alpr [trojan]'
detected in file 'C:\uninstall.exe.
Action performed: Deny access
Virus or unwanted program 'TR/FraudPack.alpr [trojan]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IQBRF9LY\asd777[1].exe.
Action performed: Deny access
Virus or unwanted program 'TR/FraudPack.alpr [trojan]'
detected in file 'C:\uninstall.exe.
Action performed: Delete file
|
|
19.02.2010, 22:10
| #4 |
| | Hatte 2 Trojaner und wollte Hijack prüfen lassen hier der Malware Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3763
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.02.2010 21:01:47
mbam-log-2010-02-19 (21-01-47).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 206036
Laufzeit: 1 hour(s), 23 minute(s), 46 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
19.02.2010, 22:19
| #5 |
| | Hatte 2 Trojaner und wollte Hijack prüfen lassen und der RSIt Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Copy at 2010-02-19 22:16:01 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 450 GB (94%) free of 477 GB Total RAM: 2046 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:16:07, on 19.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Copy\Eigene Dateien\Downloads\RSIT(2).exe C:\Programme\trend micro\Copy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**tp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h++p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**tp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht**p://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232365938390 O17 - HKLM\System\CCS\Services\Tcpip\..\{2E90628A-2A46-43BC-BD1C-9B2C516D3780}: NameServer = 217.0.43.161 217.0.43.177 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 5700 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "ToADiMon.exe"=C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [2007-02-15 282624] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Ashampoo FireWall"=C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe [2007-04-05 3251800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792] C:\Dokumente und Einstellungen\Copy\Startmenü\Programme\Autostart OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ Library" "C:\Programme\Valve\Steam\SteamApps\**@web.de\half-life 2 deathmatch\hl2.exe"="C:\Programme\Valve\Steam\SteamApps\jd-michi@web.de\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2" "C:\Programme\Valve\Steam\SteamApps\j**@web.de\counter-strike\hl.exe"="C:\Programme\Valve\Steam\SteamApps\jd-michi@web.de\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\Valve\Steam\SteamApps\**@web.de\counter-strike source\hl2.exe"="C:\Programme\Valve\Steam\SteamApps\jd-michi@web.de\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\AeriaGames\12Sky\TwelveSky.exe"="C:\AeriaGames\12Sky\TwelveSky.exe:*:Enabled:TwelveSky" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-02-19 22:12:29 ----D---- C:\Programme\trend micro 2010-02-19 22:12:26 ----D---- C:\rsit 2010-02-19 22:11:45 ----D---- C:\Programme\CCleaner 2010-02-19 22:05:20 ----D---- C:\WINDOWS\LastGood 2010-02-19 21:13:07 ----D---- C:\WINDOWS\Prefetch 2010-02-19 20:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-02-19 20:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-02-19 20:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2010-02-19 20:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2010-02-19 20:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-02-19 20:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-02-19 20:41:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-02-19 20:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2010-02-19 20:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2010-02-19 20:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-02-19 20:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-02-19 20:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-02-19 20:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2010-02-19 20:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-02-19 20:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-02-19 20:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-02-19 20:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-02-19 20:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-02-19 20:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2010-02-19 20:39:52 ----D---- C:\WINDOWS\LastGood.Tmp 2010-02-19 20:36:39 ----N---- C:\WINDOWS\system32\ieencode.dll 2010-02-19 20:35:11 ----A---- C:\WINDOWS\000001_.tmp 2010-02-19 20:29:19 ----D---- C:\Programme\TrendMicro 2010-02-19 19:58:02 ----SHD---- C:\Config.Msi 2010-02-19 19:22:38 ----D---- C:\Dokumente und Einstellungen\**\Anwendungsdaten\Mozilla 2010-02-19 19:21:47 ----D---- C:\Dokumente und Einstellungen\**Anwendungsdaten\Malwarebytes 2010-02-19 19:21:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-19 19:21:15 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-02-17 09:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-02-17 09:10:44 ----HDC---- C:\WINDOWS\ie8 2010-02-17 08:49:04 ----D---- C:\Programme\Opera 2010-02-12 15:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-02-12 15:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-02-12 15:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-02-12 15:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-02-12 15:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-02-12 15:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-02-12 15:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-02-12 15:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-01-25 21:42:40 ----D---- C:\Dokumente und Einstellungen\Copy\Anwendungsdaten\OpenOffice.org 2010-01-25 21:35:01 ----D---- C:\Programme\JRE 2010-01-25 21:34:56 ----D---- C:\Programme\OpenOffice.org 3 ======List of files/folders modified in the last 1 months====== 2010-02-19 22:15:05 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-19 22:15:05 ----HD---- C:\WINDOWS\inf 2010-02-19 22:15:05 ----D---- C:\WINDOWS\system32\CatRoot 2010-02-19 22:15:05 ----D---- C:\WINDOWS\system32 2010-02-19 22:15:05 ----D---- C:\WINDOWS 2010-02-19 22:14:16 ----D---- C:\WINDOWS\Temp 2010-02-19 22:14:16 ----D---- C:\WINDOWS\Minidump 2010-02-19 22:14:16 ----D---- C:\WINDOWS\Debug 2010-02-19 22:12:29 ----RD---- C:\Programme 2010-02-19 22:04:41 ----A---- C:\WINDOWS\win.ini 2010-02-19 21:17:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-02-19 21:13:39 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-19 21:12:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2010-02-19 21:12:42 ----D---- C:\WINDOWS\system32\drivers 2010-02-19 21:12:16 ----D---- C:\WINDOWS\security 2010-02-19 21:12:12 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-02-19 20:40:10 ----D---- C:\Programme\Messenger 2010-02-19 20:36:40 ----D---- C:\WINDOWS\Help 2010-02-19 20:36:33 ----D---- C:\WINDOWS\system32\oobe 2010-02-19 20:35:08 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-02-19 20:34:44 ----D---- C:\WINDOWS\system32\Restore 2010-02-19 20:34:32 ----D---- C:\WINDOWS\EHome 2010-02-19 20:29:26 ----SHD---- C:\WINDOWS\Installer 2010-02-19 20:10:52 ----RSD---- C:\WINDOWS\assembly 2010-02-19 19:58:48 ----D---- C:\WINDOWS\Registration 2010-02-19 19:51:57 ----D---- C:\WINDOWS\WinSxS 2010-02-19 19:51:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-02-19 19:51:15 ----D---- C:\Programme\Microsoft Visual Studio 9.0 2010-02-19 19:51:15 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-02-19 19:43:42 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2010-02-19 19:32:00 ----HD---- C:\Programme\InstallShield Installation Information 2010-02-19 19:22:31 ----D---- C:\Programme\Mozilla Firefox 2010-02-17 15:10:12 ----D---- C:\Dokumente und Einstellungen\Copy\Anwendungsdaten\ICQ 2010-02-17 09:47:13 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-17 09:47:07 ----D---- C:\WINDOWS\ie8updates 2010-02-17 09:36:51 ----D---- C:\WINDOWS\system32\de-de 2010-02-17 09:36:50 ----D---- C:\WINDOWS\Media 2010-02-17 09:36:50 ----D---- C:\Programme\Internet Explorer 2010-02-17 08:49:59 ----SHD---- C:\System Volume Information 2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-29 06:49:00 ----D---- C:\WINDOWS\system32\config 2010-01-25 21:35:11 ----RSD---- C:\WINDOWS\Fonts 2010-01-23 11:11:01 ----D---- C:\Programme\Streamripper ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-02 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-30 56816] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASFWHide;ASFWHide; \??\C:\DOKUME~1\Copy\LOKALE~1\Temp\ASFWHide [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-12-01 3452928] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-01-04 105856] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 Bridge;MAC-Brücke; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [] S3 MIINPazX;MIINPazX NDIS Protocol Driver; \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 npkcrypt;npkcrypt; \??\C:\Programme\RebirthRO\npkcrypt.sys [] S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-06-18 3692288] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 XDva289;XDva289; \??\C:\WINDOWS\system32\XDva289.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-12-01 598016] R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2007-01-09 61440] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-17 2800669] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
21.02.2010, 21:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hatte 2 Trojaner und wollte Hijack prüfen lassen Ein Log von CF brauch ich noch  ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Hatte 2 Trojaner und wollte Hijack prüfen lassen |
Linear-Darstellung
