Meinen Rechner hat's erwischt, bitte um Hilfe

Tiro · 07.05.2008, 14:09

Silentrunner lässt sich nicht starten. Hier die Logfiles von ComboFix und Hijackthis
------------------------------------------------
ComboFix 08-05-01.3 - mk 2008-05-07 13:51:04.3 - FAT32x86
ausgeführt von:: F:\neu\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-07 bis 2008-05-07 ))))))))))))))))))))))))))))))
.

2008-05-07 13:50 . 2008-05-07 13:50 86,400 --a------ C:\WINDOWS\~GLC0000.TMP
2008-05-07 11:31 . 2008-05-07 11:31 <DIR> d-------- C:\Programme\AVG Anti-Rootkit Free
2008-05-07 11:31 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-07 01:50 . 2008-05-07 01:50 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-05-07 01:21 . 2008-05-07 01:21 <DIR> d-------- C:\kav
2008-05-06 23:40 . 2008-05-06 23:40 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2008-05-06 23:38 . 2008-05-06 23:38 <DIR> d-------- C:\Programme\Exterminate It!
2008-05-06 23:35 . 2008-05-06 23:35 <DIR> d-------- C:\Programme\Sophos
2008-05-06 01:51 . 2008-05-06 01:51 2,608 --a------ C:\WINDOWS\system32\settings.aaw
2008-05-06 01:51 . 2008-05-06 01:51 848 --a------ C:\WINDOWS\system32\history.aaw
2008-05-02 18:41 . 2008-05-02 18:41 <DIR> d-------- C:\Dokumente und Einstellungen\mk\Anwendungsdaten\FireShot
2008-05-02 02:02 . 2008-05-06 13:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-02 02:02 . 2008-05-02 02:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 23:48 . 2008-04-23 23:48 <DIR> d-------- C:\Programme\IETester
2008-04-19 22:48 . 2008-04-19 22:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-15 22:22 . 2008-04-15 22:22 <DIR> d-------- C:\Dokumente und Einstellungen\mk\Anwendungsdaten\Abuse
2008-04-15 14:32 . 2008-04-15 14:33 <DIR> d-------- C:\Programme\Lavasoft
2008-04-15 14:32 . 2008-04-15 14:32 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-15 14:32 . 2008-04-15 14:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-04-12 16:14 . 2008-04-12 16:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-04-12 15:53 . 2008-04-12 15:53 <DIR> d-------- C:\WINDOWS\system32\main dir
2008-04-12 15:53 . 2008-04-12 15:53 201,728 --a------ C:\WINDOWS\system32\main.scr
2008-04-11 18:00 . 2007-12-05 01:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-10 11:07 . 2008-05-05 15:35 405 --a------ C:\WINDOWS\Ui.INI
2008-04-09 14:50 . 1998-02-09 05:00 1,455,736 --a------ C:\WINDOWS\system32\VCL35.BPL
2008-04-08 16:39 . 2008-04-08 16:39 <DIR> d-------- C:\Dokumente und Einstellungen\mk\Anwendungsdaten\mojosoft
9 Datei(en) . 6,416,751 C:\ComboFix\Bytes
4 Datei(en) . 6,703 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 08:15 208,896 ----a-w C:\WINDOWS\system32\bih.dll
2008-04-02 20:26 --------- d-----w C:\Programme\Mozilla Firefox 3 Beta 5
2008-03-27 09:48 --------- d-----w C:\Programme\OpenOffice.org 2.4
2008-03-25 13:16 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-03-24 00:01 --------- d-----w C:\Programme\CCleaner
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 09:08 --------- d-----w C:\Programme\WebShot
2008-03-11 14:37 210,952 ----a-w C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2008-03-11 14:37 2,519,712 ----a-w C:\WINDOWS\system32\madiousb.dll
2008-03-11 14:37 143,624 ----a-w C:\WINDOWS\system32\drivers\mausb.sys
2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 12:54 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 12:54 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 12:54 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 12:54 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 12:54 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:54 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-08 19:37 691,545 ----a-w C:\WINDOWS\unins001.exe
.

------- Sigcheck -------

Cryptography Services Error !!
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02 786521]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"Wireless Console 2"="C:\Programme\Wireless Console 2\wcourier.exe" [2006-11-29 11:00 1011712]
"Power_Gear"="C:\Programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"SMSERIAL"="C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 13:11 573440]
"BIH"="bih.dll" [2008-04-14 10:15 208896 C:\WINDOWS\system32\bih.dll]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2008-03-11 16:37 210952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Joost\\xulrunner\\tvprunner.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9efafc38-eda6-11dc-b52f-0015af387595}]
\Shell\AutoRun\command - Autorun.exe /run
\Shell\Shell00\Command - Autorun.exe /run
\Shell\Shell01\Command - Autorun.exe /action
\Shell\Shell02\Command - Autorun.exe /uninstall

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AEC22D1-DF20-E361-6CE0-96D966416C1E}]
C:\WINDOWS\system32\system32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{75D9AC50-D61E-FED5-37D7-EC449AC8A46B}]
C:\WINDOWS\system32\svchost\svchost.exe s
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 13:52:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1B.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
Zeit der Fertigstellung: 2008-05-07 13:52:53
ComboFix-quarantined-files.txt 2008-05-07 11:52:52
ComboFix3.txt 2008-05-06 22:24:48
ComboFix2.txt 2008-05-06 23:11:46

17 Verzeichnis(se), 38,262,112,256 Bytes frei
20 Verzeichnis(se), 38,245,318,656 Bytes frei

190

-----------------------------------

Hier einmal das Logfile von Hijackthis

----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:48, on 07.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\Wireless Console 2\wcourier.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MemInfo\meminfo.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BIH] C:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-839522115-162531612-682003330-1003\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-839522115-162531612-682003330-1003 Startup: MemInfo.lnk = C:\Programme\MemInfo\meminfo.exe (User '?')
O4 - S-1-5-21-839522115-162531612-682003330-1003 Startup: AutorunsDisabled (User '?')
O4 - Startup: MemInfo.lnk = C:\Programme\MemInfo\meminfo.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Tutorial_SW.lnk = C:\WINDOWS\twain_32\S6U12BX\sw_tuto.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Fast Track Pro Installer (MAudioFastTrackProService) - Unknown owner - C:\Programme\M-Audio\Fast Track Pro\MAUSBFTPInst.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

--
End of file - 7178 bytes

Meinen Rechner hat's erwischt, bitte um Hilfe

Log-Analyse und Auswertung: Meinen Rechner hat's erwischt, bitte um Hilfe

Meinen Rechner hat's erwischt, bitte um Hilfe

Ähnliche Themen: Meinen Rechner hat's erwischt, bitte um Hilfe