Verdächtiger Fund bei AntiVir

Kelderon · 13.12.2010, 21:52

So, Combofix ist erstellt, hier das Dokument:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-12-13.02 - Stephan 13.12.2010  21:41:50.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1927 [GMT 1:00]
ausgeführt von:: c:\users\Stephan\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Stephan\AppData\Roaming\.#
c:\users\Stephan\AppData\Roaming\Fyno\vaohr.exe
c:\windows\DOWNLO~1\ax_Mjpeg.ocx

.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-13 bis 2010-12-13  ))))))))))))))))))))))))))))))
.

2010-12-13 20:11 . 2010-12-13 20:18	--------	d-----w-	C:\_OTL
2010-12-10 12:25 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EAB54D-0C94-4C39-A79B-63D667EE9A55}\mpengine.dll
2010-11-24 15:26 . 2010-10-19 04:27	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 16:05 . 2009-05-27 15:59	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-23 14:21 . 2009-05-27 15:59	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2009-10-02 17:01	222080	------w-	c:\windows\system32\MpSigStub.exe
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-13 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-02 2937528]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0330Ext.ax"="c:\windows\system32\V0330Ext.ax" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-06 13:22	220160	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 16:57	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2007-06-27 08:14	439512	----a-w-	c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-10-11 10:04	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-13 16:24	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-10-19 16:42	155648	----a-w-	c:\program files\HomeCinema\TV Enhance\TVEService.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0d7b5302ee80;Google Update Service (gupdate1ca0d7b5302ee80);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 133104]
R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2007-04-13 1307136]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 V0330VID;WebCam Vista;c:\windows\system32\DRIVERS\V0330Vid.sys [2006-11-03 178913]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-10-19 290909]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2007-10-19 114779]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-15 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2008-10-08 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 22:57]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 22:57]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{C78C17D2-E0CA-49B5-8C5E-0AE6576F9C5D}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\uaak95g0.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{2B50D93A-2FCC-82F4-29D8-2127F57D506B} - c:\users\Stephan\AppData\Roaming\Fyno\vaohr.exe
HKLM-Run-CM108Sound - CM108.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-13 21:47
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-12-13  21:49:24
ComboFix-quarantined-files.txt  2010-12-13 20:49

Vor Suchlauf: 10 Verzeichnis(se), 147.351.502.848 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 147.333.689.344 Bytes frei

- - End Of File - - 09539B9028DF0BE25ADADE90C56E1FFB

--- --- ---

Verdächtiger Fund bei AntiVir

Plagegeister aller Art und deren Bekämpfung: Verdächtiger Fund bei AntiVir

Verdächtiger Fund bei AntiVir

Ähnliche Themen: Verdächtiger Fund bei AntiVir