Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.04.2010, 07:11   #1
Rollstein
 
Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe - Standard

Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe



Guten Tag,

Sie haben unter folgendem Thema bereits einen fast identischen Fall gelöst:

http://www.trojaner-board.de/85207-t...chost-exe.html

Ich habe diese Schritte auch durchgeführt aber leider nicht mit dem erhofften Ergebnis. (Mein System ist Windows 7)
- Malwarebytes findet kein Problem
- Antivir systemscan erkenn auch keinen Virus
- CCleaner durchgeführt
- Combofix hat zweimal neugestartet weil ein Rootkit gefunden wurde
Danach ist es dann bei Stufe 8 erst einmal abgestürzt. (ich werde versuchen noch einen vernünftigen report zu bekommen.

Schon einmal vielen Dank im Voraus

Hijackthis hat diesen report erstellt:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:06:10, on 24.04.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Ablage\Proggies\Portable FSCapture65EN\App\FSCapture.exe
C:\Users\Roland\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Firefox\mozilla-runtime.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [combofix] "C:\cofid\CF28866.cfxxe" /c "C:\cofid\C.bat"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: FastStone Capture.lnk = D:\Ablage\Proggies\Portable FSCapture65EN\App\FSCapture.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A268AA48-0CEB-4847-B9F5-33FE56BD0E95}: NameServer = 62.42.230.24,62.42.63.52
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\cofid\PEV.cfxxe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6612 bytes

Alt 24.04.2010, 08:51   #2
Rollstein
 
Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe - Standard

Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe



Ich habe mitterweile im abgesicherten Modus Combofix ausführen können (logdatei hier eingefügt. Tortzdem bekomme ich immer noch die Avira Warnmeldungen

:

ComboFix 10-04-21.01 - Roland 24.04.2010 8:33.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1033.18.2015.1406 [GMT 2:00]
ausgeführt von:: c:\users\Roland\Desktop\cofid.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\symavc32.sys

.
((((((((((((((((((((((( Dateien erstellt von 2010-03-24 bis 2010-04-24 ))))))))))))))))))))))))))))))
.

2010-04-24 06:38 . 2010-04-24 06:41 -------- d-----w- c:\users\Roland\AppData\Local\temp
2010-04-24 06:38 . 2010-04-24 06:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-24 06:38 . 2010-04-24 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 06:32 . 2010-04-24 06:33 -------- d-----w- C:\32788R22FWJFW
2010-04-24 05:39 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-24 05:39 . 2010-04-24 05:39 -------- d-----w- c:\program files\Panda Security
2010-04-24 04:55 . 2010-04-24 04:55 388096 ----a-r- c:\users\Roland\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-23 21:48 . 2010-04-23 21:48 52224 ----a-w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-23 21:48 . 2010-04-24 05:19 117760 ----a-w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com
2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-23 21:36 . 2010-04-24 06:32 -------- d-----w- c:\program files\trend micro
2010-04-23 21:36 . 2010-04-23 21:36 -------- d-----w- C:\rsit
2010-04-23 21:10 . 2010-04-23 21:10 -------- d-----w- c:\program files\Sophos
2010-04-23 18:35 . 2010-04-23 05:43 79872 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-04-23 18:35 . 2010-04-23 05:43 33280 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-04-23 18:25 . 2010-04-23 18:25 -------- d-----w- c:\program files\CCleaner
2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\users\Roland\AppData\Roaming\Malwarebytes
2010-04-23 17:13 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\programdata\Malwarebytes
2010-04-23 17:13 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 16:34 . 2010-04-23 16:34 -------- d-----w- c:\users\Roland\AppData\Roaming\Avira
2010-04-23 03:22 . 2010-03-11 16:25 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-04-23 03:22 . 2010-03-11 16:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-04-23 03:22 . 2010-03-11 16:25 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-04-23 03:22 . 2010-04-23 03:22 -------- d-----w- c:\windows\system32\ZoneLabs
2010-04-23 03:22 . 2010-03-01 13:07 464072 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-04-23 03:22 . 2010-04-23 03:22 -------- d-----w- c:\program files\Zone Labs
2010-04-23 03:20 . 2010-04-24 06:41 -------- d-----w- c:\windows\Internet Logs
2010-04-23 03:20 . 2010-04-23 03:20 -------- d-----w- c:\programdata\CheckPoint
2010-04-23 03:19 . 2010-04-23 03:19 -------- d-----w- c:\program files\Avira
2010-04-23 03:19 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-23 03:19 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-23 03:19 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-23 03:19 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-15 05:57 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 05:57 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 05:57 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 05:57 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 05:57 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 05:57 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:06 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 21:39 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-08 20:57 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 20:47 . 2010-04-23 03:22 420801 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-04-23 20:46 . 2010-04-23 20:47 1687040 ----a-w- c:\windows\Internet Logs\xDBAE4B.tmp
2010-04-23 20:46 . 2010-04-23 20:47 260096 ----a-w- c:\windows\Internet Logs\xDBAD41.tmp
2010-04-23 20:46 . 2010-04-23 20:47 1686016 ----a-w- c:\windows\Internet Logs\xDBAEA9.tmp
2010-04-23 20:36 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
2010-04-23 17:15 . 2010-02-02 23:22 -------- d-----w- c:\users\Roland\AppData\Roaming\Skype
2010-04-23 16:05 . 2010-02-02 23:25 -------- d-----w- c:\users\Roland\AppData\Roaming\skypePM
2010-04-23 03:19 . 2010-02-02 20:45 -------- d-----w- c:\programdata\Avira
2010-04-22 19:43 . 2010-02-02 22:36 -------- d-----w- c:\users\Roland\AppData\Roaming\foobar2000
2010-04-22 19:30 . 2010-02-14 23:40 -------- d-----w- c:\program files\Common Files\Nero
2010-04-22 19:30 . 2010-02-04 23:21 -------- d-----w- c:\users\Roland\AppData\Roaming\uTorrent
2010-04-22 19:29 . 2010-02-14 23:40 -------- d-----w- c:\programdata\Nero
2010-04-14 22:21 . 2010-03-20 20:02 -------- d-----w- c:\users\Roland\AppData\Roaming\Spotify
2010-04-14 05:54 . 2010-02-03 00:30 -------- d-----w- c:\program files\Google
2010-04-12 22:43 . 2010-02-16 23:09 -------- d-----w- c:\program files\Firefox
2010-04-12 21:33 . 2010-02-02 20:48 181096 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\FlashGot.exe
2010-03-20 20:02 . 2010-03-20 20:02 -------- d-----w- c:\program files\Spotify
2010-03-11 19:42 . 2010-02-02 23:22 -------- d-----r- c:\program files\Skype
2010-03-07 11:00 . 2010-03-07 11:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-07 07:41 . 2010-02-02 22:36 -------- d-----w- c:\program files\foobar2000
2010-03-06 13:23 . 2010-03-06 13:23 -------- d-----w- c:\users\Roland\AppData\Roaming\Sibelius Software
2010-03-06 12:39 . 2010-03-06 12:39 -------- d-----w- c:\users\Roland\AppData\Roaming\FastStone
2010-02-26 20:20 . 2010-02-26 20:20 -------- d-----w- c:\program files\Common Files\Skype
2010-02-26 18:34 . 2010-02-26 18:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll
2010-02-26 18:34 . 2009-07-08 12:48 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-02-26 18:34 . 2010-02-26 18:34 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-02-26 18:34 . 2010-02-26 18:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-02-26 18:33 . 2010-02-26 18:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-02-04 01:21 . 2010-02-02 20:43 98616 ----a-w- c:\users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 23:36 . 2010-02-02 23:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 22:57 . 2010-02-02 22:57 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-02-02 19:46 . 2010-02-02 19:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-02 07:45 . 2010-02-24 00:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_20.22.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 23:08 . 2010-04-23 20:42 21594 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-24 06:41 41810 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-02 19:22 . 2010-04-23 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-02 19:22 . 2010-04-24 06:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-04-23 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-24 06:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-02 19:34 . 2010-04-24 06:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-04-23 21:17 85704 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-02-02 19:34 . 2010-04-24 06:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-02 19:34 . 2010-04-24 06:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-02 19:34 . 2010-04-24 06:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-02 22:08 . 2010-04-23 19:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-02 22:08 . 2010-04-24 06:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-02 22:08 . 2010-04-24 06:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-02 22:08 . 2010-04-23 19:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-02 22:08 . 2010-04-24 06:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-02 22:08 . 2010-04-23 19:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-02 19:34 . 2010-04-24 06:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-02 19:34 . 2010-04-24 06:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-02 19:34 . 2010-04-23 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-23 21:47 . 2010-04-23 21:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-23 21:47 . 2010-04-23 21:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-02 19:35 . 2010-04-24 06:41 4730 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1354496913-132004231-679243759-1001_UserData.bin
- 2010-02-02 19:20 . 2010-04-23 20:07 3856 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-02-02 19:20 . 2010-04-24 05:14 3856 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-04-23 20:08 . 2010-04-23 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-24 05:15 . 2010-04-24 06:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-23 20:08 . 2010-04-23 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-24 05:15 . 2010-04-24 06:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-23 21:47 . 2010-04-23 21:47 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-02 21:43 . 2010-04-24 04:37 304562 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2010-04-24 05:20 609896 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-23 20:22 609896 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-24 05:20 104214 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-04-23 20:22 104214 c:\windows\System32\perfc009.dat
+ 2010-02-02 19:31 . 2010-04-24 04:52 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-02 19:31 . 2010-04-23 06:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-02 19:22 . 2010-04-23 20:08 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-02 19:22 . 2010-04-24 06:39 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-04 12:06 . 2009-08-04 12:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
- 2009-07-14 02:03 . 2010-04-23 19:28 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-04-23 21:00 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-04-23 21:46 . 2010-04-23 21:46 7834112 c:\windows\Installer\1f6bf.msi
+ 2010-04-24 04:54 . 2010-04-24 04:54 1402880 c:\windows\Installer\189ebb0.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-03 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-05-25 408088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-11 1038728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7889.tmp [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-05-25 1464856]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - PAVBOOT
.
Inhalt des "geplante Tasks" Ordners

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:30]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:30]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354496913-132004231-679243759-1001Core.job
- c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 00:26]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354496913-132004231-679243759-1001UA.job
- c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 00:26]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {A268AA48-0CEB-4847-B9F5-33FE56BD0E95} = 62.42.230.24,62.42.63.52
FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Roland\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x865DFAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x42554855
SecurityProcedure -> 0x1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7889.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5488)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\Roland\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-24 08:45:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-24 06:45
ComboFix2.txt 2010-04-23 20:23

Vor Suchlauf: 48.457.756.672 bytes free
Nach Suchlauf: 48.099.627.008 bytes free

- - End Of File - - 5FE868268D7836D259CD1601DB1B479E
__________________


Antwort

Themen zu Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe
adobe, antivir, antivir guard, avg, avira, bho, combofix, desktop, excel, explorer, firefox, google, gupdate, internet, internet explorer, malwarebytes, microsoft, monitor, notification, object, rootkit, software, superantispyware, svchost.exe, system, temp, windows



Ähnliche Themen: Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe


  1. Avira meldet TR/Kryptik.58880145 unter C:\Users\test\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (32)
  2. Avira meldet APPL/DomaIQ.Gen in C:\Users\Alex\AppData\Local\Temp\5sumi_bh.exe.part
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (23)
  3. 2x Avira meldet APPL/DomaIQ.Gen in C:\Users\Alex\AppData\Local\Temp\5sumi_bh.exe.part
    Mülltonne - 09.05.2013 (1)
  4. Windows Live Trojaner und SVchost.exe im Temp-ordner
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (1)
  5. Avira AntiVir meldet Trojaner TR/Hijacker.Gen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (7)
  6. tr downloader.gen C:\WINDOWS\Temp\cmqk.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 05.07.2010 (13)
  7. C:\Windows\Temp\pgsi.tmp\svchost.exe TR/Hijacker.Gen funde (mehere)
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (3)
  8. Avira meldet mehrfach TR/Dldr.Piker.XX in temp.Datei
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (23)
  9. TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (46)
  10. Hilfe Avira meldet TR/Dropper.Gen in svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (5)
  11. TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  12. Trojaner TR/Crypt.ZPACK.gen in C:/WINDOWS/TEMP/xxxx.temp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (33)
  13. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (2)
  14. Avira meldet TR/Crypt.ZPACK.Gen in C:\Windows\Temp\xxxx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  15. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (4)
  16. antimalware doctor + C:\Windows\Temp\xxx.tmp\svchost.exe
    Log-Analyse und Auswertung - 21.04.2010 (1)
  17. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)

Zum Thema Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe - Guten Tag, Sie haben unter folgendem Thema bereits einen fast identischen Fall gelöst: http://www.trojaner-board.de/85207-t...chost-exe.html Ich habe diese Schritte auch durchgeführt aber leider nicht mit dem erhofften Ergebnis. (Mein System ist - Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe...
Archiv
Du betrachtest: Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.