Trojaner (evtl w32.agent) befall auf Vista

kaua · 20.02.2008, 20:07

So, die Scans waren wohl beide negativ:

Datei eDSshellExt.dll empfangen 2008.02.20 19:41:53 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 -
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5233 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 -
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 -
weitere Informationen
File size: 315392 bytes
MD5: 8a8cb6fa490de82b6c6456a421b56f83
SHA1: d756d78ed1043c834c81c543cb40d0655a6769f8
PEiD: -

//////////////////////////////////////////////////////////////////////////////////////

Datei eDStoolbar.dll empfangen 2008.02.20 19:54:29 (CET)
Status: (( Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt )) Hö, ist aber durchgelaufen, keine Fehler. Beim abkopieren war das auch nich sichtbar ?!?

Ergebnis: 0/32 (0%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 -
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5233 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2889 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 -
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 -
weitere Informationen
File size: 151552 bytes
MD5: c1a82a92aab6d66c90cf027c17153746
SHA1: cbc509840e2f413ab9c3e3d0f8e5e8c3bf9a7a66
PEiD: -

So, mein Kollege hat sich den SpyDoctor besorgt ... der hat ne ganze Menge gefunden ...und anscheinend auch bereinigt, wobei er sie glaube nur in "Quarantaine" geschoben. Aber der meint das System wäre sauber!

Werde jetzt mal alles im abgesicherten Modus probieren... aber irgendwie is das alles komisch. Wurde denn schon was bei den logs gefunden ? Werde auch noch den CCleaner laufen lassen.

///// EDIT /////

ComboFix lief nun, hier der log:

ComboFix 08-02-19.2 - zink 2008-02-20 20:13:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1031.18.265 [GMT 1:00]
ausgeführt von:: C:\Users\zink\Downloads\Trjoaner Bekämpfung\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-20 bis 2008-02-20 ))))))))))))))))))))))))))))))
.

2008-02-20 20:09 . 2008-02-20 20:09 <DIR> d-------- C:\Program Files\CCleaner
2008-02-19 12:32 . 2008-02-19 12:32 <DIR> d-------- C:\Users\zink\AppData\Roaming\PC Tools
2008-02-19 12:32 . 2008-02-20 20:09 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-19 12:32 . 2008-02-20 20:09 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-02-19 12:32 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-19 12:32 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-19 12:32 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-19 12:32 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-18 21:41 . 2008-02-18 21:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 21:00 . 2008-02-18 21:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-18 21:00 . 2008-02-18 21:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 21:00 . 2008-02-18 21:01 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-18 20:58 . 2008-02-18 20:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 23:02 . 2008-02-17 23:02 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 23:02 . 2008-02-17 23:02 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 22:58 . 2008-02-17 22:58 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 22:58 . 2008-02-17 22:58 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 22:58 . 2008-02-17 22:58 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-02-17 22:58 . 2008-02-17 22:58 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-17 22:58 . 2008-02-17 22:58 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 22:58 . 2008-02-17 22:58 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 22:58 . 2008-02-17 22:58 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 22:58 . 2008-02-17 22:58 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 22:58 . 2008-02-17 22:58 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-17 22:56 . 2008-02-17 22:56 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 22:56 . 2008-02-17 22:56 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 22:56 . 2008-02-17 22:56 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 22:56 . 2008-02-17 22:56 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 22:56 . 2008-02-17 22:56 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 22:56 . 2008-02-17 22:56 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 22:56 . 2008-02-17 22:56 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-17 22:56 . 2008-02-17 22:56 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Windows\Avira
2008-02-17 15:38 . 2008-02-17 15:38 <DIR> d-------- C:\Program Files\Avira
2008-02-17 14:26 . 2008-02-18 14:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-17 14:26 . 2008-02-17 21:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:26 . 2008-02-18 14:01 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-02-16 20:33 . 2008-02-16 20:33 <DIR> d-------- C:\Program Files\Files-Secure
2008-02-16 18:08 . 2008-02-16 18:08 50 --a------ C:\tmp.bat
2008-02-09 16:52 . 2008-02-09 16:52 <DIR> d-------- C:\Users\All Users\Google
2008-02-09 16:47 . 2008-02-09 16:52 <DIR> d-------- C:\Program Files\Google
2008-02-05 20:19 . 2008-02-16 18:12 <DIR> d-------- C:\Users\zink\AppData\Roaming\DivX
2008-02-05 20:08 . 2008-02-05 20:08 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-22 18:36 . 2008-02-05 20:11 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 12:51 --------- d-----w C:\Program Files\Windows Mail
2008-02-18 12:50 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-17 21:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 21:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 21:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 21:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 21:53 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 21:53 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 21:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 21:53 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-17 21:12 --------- d-----w C:\Users\zink\AppData\Roaming\ICQ
2008-02-16 21:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-27 20:16 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-27 10:26 --------- d-----w C:\Users\zink\AppData\Roaming\Printer Info Cache
2008-01-27 10:26 --------- d-----w C:\Users\zink\AppData\Roaming\Image Zone Express
2008-01-19 14:54 --------- d-----w C:\Program Files\LiveUpdate
2008-01-19 14:53 --------- d-----w C:\Program Files\mobile PhoneTools
2008-01-19 14:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 14:52 --------- d-----w C:\PROGRA~2\BVRP Software
2008-01-05 14:33 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 14:25 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-05 14:25 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-05 14:25 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-05 14:24 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 14:23 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 14:23 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 14:23 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 14:23 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 14:23 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 14:23 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 14:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-05 14:23 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-05 14:23 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-05 14:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-05 14:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-05 14:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-05 14:18 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-05 14:17 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-05 14:17 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-05 14:17 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-05 14:17 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-05 14:17 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-05 14:16 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-05 14:16 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-05 14:16 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-05 14:16 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-05 14:16 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-05 14:14 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-05 14:14 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-05 14:14 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-05 14:10 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-05 14:10 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-05 14:10 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-05 14:10 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-05 14:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-01-04 13:18 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-04 13:18 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-04 13:18 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-04 13:18 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-04 13:16 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-04 13:16 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-04 13:16 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-04 13:16 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-04 13:16 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-04 13:16 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-04 13:16 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-04 13:16 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-04 13:16 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-04 13:15 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-04 13:15 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-04 13:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-04 13:15 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-04 13:13 633,856 ----a-w C:\Windows\System32\user32.dll
2008-01-04 13:13 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-01-04 13:13 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-01-04 13:13 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-01-04 13:10 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-12-29 15:50 --------- d-----w C:\Program Files\ICQ6
2007-12-29 15:44 --------- d-----w C:\Program Files\ICQToolbar
2007-12-29 15:40 --------- d-----w C:\Users\zink\AppData\Roaming\InstallShield
2007-12-29 10:47 --------- d-----w C:\Users\zink\AppData\Roaming\Panasonic
2007-12-29 10:43 --------- d-----w C:\Program Files\Panasonic
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-17 22:56 1232896]
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-09 16:52 171448]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-05 15:20 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
"eRecoveryService"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"AVMWlanClient"="C:\Program Files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 17:26 283136]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 12:43 729088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"ISTray"="C:\Users\zink\Downloads\clrav\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-29 11:43:41 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-01-24 09:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-02-15 17:39 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-02-06 23:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2007-01-12 20:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 18:12]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 MRV6X32P;Vista 32 Bit ursprünglicher WiFi-Treiber;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 08:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys [2007-01-26 01:00]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 01:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea6566b-9e75-11dc-abfe-0019210024b4}]
\shell\AutoRun\command - J:\Player\Player.exe "Diashow\Neue Diashow.ads"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e98b984-a4c5-11dc-9d54-0019210024b4}]
\shell\AutoRun\command - J:\pushinst.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-02-01 19:01:54 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - zink.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-02-20 17:23:13 C:\Windows\Tasks\WebReg Deskjet F300 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 20:17:28
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-20 20:19:31
.
2008-02-18 13:06:52 --- E O F ---

undoreal · 20.02.2008, 23:10

Poste mal bitte den SpyDoctor Bericht. Denn im combofix log sind noch schädliche Dateien zu sehen..

20.02.2008, 23:10	#2
undoreal /// AVZ-Toolkit Guru	Trojaner (evtl w32.agent) befall auf Vista Poste mal bitte den SpyDoctor Bericht. Denn im combofix log sind noch schädliche Dateien zu sehen.. __________________ __________________

Trojaner (evtl w32.agent) befall auf Vista

Log-Analyse und Auswertung: Trojaner (evtl w32.agent) befall auf Vista

Trojaner (evtl w32.agent) befall auf Vista

Trojaner (evtl w32.agent) befall auf Vista

Ähnliche Themen: Trojaner (evtl w32.agent) befall auf Vista