avira meldet mehrere trojaner

Mr.Icetea · 13.08.2010, 11:44

oops, kleiner fauxpas..

hier also der combofix log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-12.03 - amueller 13.08.2010  12:22:50.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.49.1031.18.2037.1317 [GMT 2:00]
ausgeführt von:: c:\users\amueller\Desktop\vir\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
FW: Avira FireWall *disabled* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
SP: AntiVir Desktop *disabled* (Updated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll

Infizierte Kopie von c:\windows\system32\drivers\smb.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-13 bis 2010-08-13  ))))))))))))))))))))))))))))))
.

2010-08-13 10:34 . 2010-08-13 10:35	--------	d-----w-	c:\users\amueller\AppData\Local\temp
2010-08-13 10:34 . 2010-08-13 10:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-12 13:42 . 2010-08-12 13:42	--------	d-----w-	c:\program files\CCleaner
2010-08-12 11:47 . 2010-08-12 11:47	--------	d-----w-	C:\_OTL
2010-08-04 08:28 . 2010-08-04 08:31	32594	----a-w-	c:\windows\scunin.dat
2010-08-04 08:28 . 2010-08-04 08:31	967	----a-w-	c:\windows\ScUnin.pif
2010-08-04 08:28 . 2010-08-04 08:31	69632	----a-w-	c:\windows\ScUnin.exe
2010-07-21 18:57 . 2010-08-11 00:11	--------	d-----w-	c:\users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240
2010-07-18 16:30 . 2010-07-18 16:30	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-18 16:29 . 2010-07-18 16:23	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-18 16:29 . 2010-07-18 16:23	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-18 16:29 . 2010-07-18 16:29	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-18 16:29 . 2010-07-18 16:29	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 16:28	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 16:28	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 20:06	--------	d-----w-	c:\users\amueller\AppData\Roaming\DivX
2010-07-18 16:27 . 2010-07-18 16:27	84054	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-07-18 16:27 . 2010-07-18 16:27	57054	----a-w-	c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	54166	----a-w-	c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	57532	----a-w-	c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	56458	----a-w-	c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	54174	----a-w-	c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27	54644	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-07-18 16:26 . 2010-07-18 16:26	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-18 16:24 . 2010-07-18 16:29	--------	d-----w-	c:\program files\DivX
2010-07-18 16:23 . 2010-07-18 16:23	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-18 16:23 . 2010-07-18 16:30	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 10:26 . 2006-11-02 15:38	710156	----a-w-	c:\windows\system32\perfh007.dat
2010-08-13 10:26 . 2006-11-02 15:38	142126	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 13:02 . 2008-12-04 12:32	--------	d-----w-	c:\program files\Capture-A-ScreenShot
2010-08-12 12:00 . 2009-02-27 17:06	--------	d-----w-	c:\users\amueller\AppData\Roaming\Skype
2010-08-12 11:59 . 2009-02-27 17:08	--------	d-----w-	c:\users\amueller\AppData\Roaming\skypePM
2010-08-11 00:11 . 2009-03-30 13:42	--------	d-----w-	c:\program files\Last.fm
2010-08-10 11:42 . 2009-06-22 17:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-04 12:20 . 2010-01-14 10:22	--------	d-----w-	c:\program files\Starcraft
2010-07-14 10:32 . 2009-02-27 17:06	--------	d-----r-	c:\program files\Skype
2010-07-14 10:32 . 2010-07-14 10:32	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-14 10:32 . 2009-02-27 17:06	--------	d-----w-	c:\programdata\Skype
2010-06-29 10:07 . 2010-06-29 09:54	--------	d-----w-	c:\users\amueller\AppData\Roaming\Apple Computer
2010-06-29 09:54 . 2010-06-29 09:51	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 09:54 . 2010-06-29 09:51	--------	d-----w-	c:\program files\iTunes
2010-06-29 09:52 . 2010-06-29 09:52	--------	d-----w-	c:\program files\iPod
2010-06-29 09:52 . 2010-06-29 09:43	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-29 09:51 . 2010-06-29 09:49	--------	d-----w-	c:\programdata\Apple Computer
2010-06-29 09:50 . 2010-06-29 09:49	--------	d-----w-	c:\program files\QuickTime
2010-06-29 09:48 . 2010-06-29 09:48	--------	d-----w-	c:\program files\Apple Software Update
2010-06-29 09:44 . 2010-06-29 09:44	--------	d-----w-	c:\program files\Bonjour
2010-06-29 09:43 . 2010-06-29 09:43	--------	d-----w-	c:\programdata\Apple
2010-06-15 18:01 . 2010-06-15 18:01	72504	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-05-24 13:16 . 2010-03-31 14:26	1	----a-w-	c:\users\amueller\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-21 12:14 . 2009-10-08 09:04	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lion"="c:\program files\Lion\Lion.exe" [2009-02-09 227429]
"Google Update"="c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-26 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^amueller^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\amueller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 12:29	133104	----atw-	c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE]
2007-11-19 16:18	2711552	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:34	201728	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2005-02-16 352256]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-03-26 102856]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-19 536232]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-26 135336]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-03-26 79432]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job
- c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 12:29]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job
- c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 12:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: registration.sonystyle-europe.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 12:35
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-13  12:41:08
ComboFix-quarantined-files.txt  2010-08-13 10:41

Vor Suchlauf: 15 Verzeichnis(se), 23.155.945.472 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23.132.065.792 Bytes frei

- - End Of File - - 2AD371E3033F9B546747B5EC7729954B

--- --- ---

avira meldet mehrere trojaner

Log-Analyse und Auswertung: avira meldet mehrere trojaner

avira meldet mehrere trojaner

Ähnliche Themen: avira meldet mehrere trojaner