Hallo,alle miteinander
Ich bitte Euch um Hilfe.
Möglicherweise habe ich meine PC mit einer externen Festplatte oder einem USB-Stick infiziert. Beide waren vorher an einem PC, der einen Trojaner hatte (Trojan Agent ClbGen). Das war mir natürlich (noch) nicht bekannt.
Beim Scan zeigte Avira wie gesagt, 1 verstecktes Objekt, 4 Warnungen und einen Hinweis, aber keinen Fund.
Avira: (gesamter text im Anhang)
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Winlogon\Notifications\Components\TrustedInstaller\Events
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Beginne mit der Suche in 'C:\' <COMPAQ>
C:\Users\abc\AppData\Local\Temp\wlsetup-cvr.exe
[0] Archivtyp: Portable Executable Resource
--> object
[1] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archivtyp: 7-Zip
--> LanguageSelector64.cab
[3] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\abc\AppData\Local\Temp\HPSUTGOM.$6E\sp43112.exe.tmp
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Users\abc\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Der Scan davor war noch absolut sauber.
Ich habe mir defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:44 on 14/05/2012 (abc)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by abc at 17:17:05 on 2012-05-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3316.1933 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.spiegel.de/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=92&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=92&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=92&bd=Presario&pf=cndt
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
StartupFolder: c:\users\abc\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~3.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E6623A36-2F5C-4276-8816-586CF60135E3} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\abc\appdata\roaming\mozilla\firefox\profiles\vujxmuog.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-21 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-21 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-21 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-4-21 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-21 83392]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-4-22 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-4-22 116104]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-11-5 22896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-14 13:57:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6d38d4f8-d623-4e5c-b328-c928c0d45a38}\offreg.dll
2012-05-14 13:40:22 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6d38d4f8-d623-4e5c-b328-c928c0d45a38}\mpengine.dll
2012-04-22 11:39:45 -------- d-----w- c:\users\abc\appdata\local\AskToolbar
2012-04-22 11:22:16 -------- d-----w- c:\programdata\TreeCardGames
2012-04-22 11:21:58 -------- d-----w- c:\users\abc\appdata\roaming\TreeCardGames
2012-04-22 11:21:51 -------- d-----w- c:\program files\Free Spider Solitaire
2012-04-22 05:38:51 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-21 11:16:47 85465960 ----a-w- c:\program files\common files\windows live\.cache\wlcD4CD.tmp
2012-04-21 09:36:02 -------- d-----w- c:\users\abc\appdata\roaming\Avira
2012-04-21 09:33:59 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-04-21 09:33:59 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-04-21 09:33:59 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-04-21 09:33:59 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2012-04-21 09:33:59 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2012-04-21 09:33:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2012-04-21 09:08:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-21 09:08:29 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-21 09:08:29 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-21 09:08:29 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 09:07:58 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-21 09:07:58 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-21 09:07:14 -------- d-----w- c:\windows\PixArt
2012-04-21 08:59:45 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-04-21 08:57:36 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-04-21 08:57:36 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-04-21 08:57:36 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-21 08:57:34 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-04-21 08:57:34 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-04-21 08:57:28 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-04-21 08:57:26 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-04-21 08:57:25 128000 ----a-w- c:\windows\system32\spoolsv.exe
2012-04-21 08:56:40 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-21 08:56:38 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-04-21 08:55:00 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-21 08:55:00 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-21 08:55:00 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-21 08:55:00 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-21 08:55:00 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-21 08:54:29 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-04-21 08:54:27 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-04-21 08:54:27 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-04-21 08:54:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-04-21 08:54:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-04-21 08:54:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-04-21 08:43:37 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-04-21 08:43:36 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2012-04-21 08:43:28 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-04-21 08:43:27 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-21 08:43:00 66560 ----a-w- c:\windows\system32\packager.dll
2012-04-21 08:42:58 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-04-21 08:42:58 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-04-21 08:42:53 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-04-21 08:42:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-04-21 08:42:24 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-04-21 08:36:25 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-21 08:36:25 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-21 08:36:20 -------- d-----w- c:\programdata\Avira
2012-04-21 08:36:20 -------- d-----w- c:\program files\Avira
2012-04-21 08:33:29 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-21 08:33:25 322560 ----a-w- c:\windows\system32\sbe.dll
2012-04-21 08:33:25 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-04-21 08:33:25 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-04-21 08:33:23 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-21 08:32:50 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-04-21 08:32:49 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-04-21 08:32:49 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-04-21 08:32:49 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-04-21 08:32:49 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-04-21 08:32:40 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-21 08:32:00 81920 ----a-w- c:\windows\system32\consent.exe
2012-04-21 08:31:55 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-04-21 08:31:17 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-21 08:31:15 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-04-21 08:31:15 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-04-21 08:31:14 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-21 08:31:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-04-21 08:31:13 9728 ----a-w- c:\windows\system32\lsass.exe
2012-04-21 08:31:13 72704 ----a-w- c:\windows\system32\secur32.dll
2012-04-21 08:31:13 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-04-21 08:31:13 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-21 08:31:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-21 08:30:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-21 08:30:53 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-21 08:30:53 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-04-21 08:30:53 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-04-21 08:30:53 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-04-21 08:30:39 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-21 08:30:39 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-21 08:30:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-21 08:30:39 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-21 08:30:38 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-21 08:09:22 -------- d-----w- c:\program files\HP
2012-04-21 08:09:14 -------- d-----w- c:\users\abc\appdata\roaming\HpUpdate
2012-04-21 08:09:12 -------- d-----w- c:\windows\Hewlett-Packard
2012-04-21 08:06:50 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-04-21 08:06:50 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-04-21 08:06:48 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-04-21 07:59:27 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-04-21 07:59:24 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-04-21 07:58:29 -------- d-----w- c:\program files\Ask.com
2012-04-21 07:32:35 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-21 07:32:35 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-21 08:59:22 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:17:31,55 ===============
--- --- ---
--- --- ---
--- --- ---
und gmer
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-14 19:31:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-65A7B2 rev.01.03B01
Running: ohmj38rx.exe; Driver: C:\Users\abc\AppData\Local\Temp\ugldrpog.sys
---- System - GMER 1.0.15 ----
SSDT 8C9A210E ZwCreateSection
SSDT 8C9A2118 ZwRequestWaitReplyPort
SSDT 8C9A2113 ZwSetContextThread
SSDT 8C9A211D ZwSetSecurityObject
SSDT 8C9A2122 ZwSystemDebugControl
SSDT 8C9A20AF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81CAE8D8 4 Bytes [0E, 21, 9A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 81CAEBFC 4 Bytes [18, 21, 9A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CAEC30 4 Bytes [13, 21, 9A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CAEC94 4 Bytes [1D, 21, 9A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 81CAECDC 4 Bytes [22, 21, 9A, 8C]
.text ...
---- EOF - GMER 1.0.15 ----
--- --- ---
heruntergeladen und angewendet.
Die Ergebnisse (auch von Avira) habe ich angehängt.
Ich hoffe, ich habe alles richtig gemacht. Ich poste heute zum ersten mal hier und bitte, etwaige Fehler zu entschuldigen.
Silvia
