Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Win Vista (https://www.trojaner-board.de/94278-trojaner-win-vista.html)

Pete_ 31.12.2010 11:26
here it is

push

markusg 31.12.2010 12:34
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Pete_ 31.12.2010 13:29
Combofix Logfile:
Code:
ComboFix 10-12-30.03 - Administrator 31.12.2010  13:13:18.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1554 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cxlacuxatx.exe
c:\cxlacuxatx.exe\config.bin
C:\jdsfjsdijf.exe
c:\jdsfjsdijf.exe\config.bin
C:\RestorData.exe
c:\restordata.exe\config.bin
c:\users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}
c:\users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}\chrome.manifest
c:\users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}\chrome\content\_cfg.js
c:\users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}\chrome\content\overlay.xul
c:\users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}\install.rdf
c:\windows\System32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}
c:\windows\System32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}\install.rdf
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((  Dateien erstellt von 2010-11-28 bis 2010-12-31  ))))))))))))))))))))))))))))))
.

2010-12-31 12:20 . 2010-12-31 12:21        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2010-12-31 12:20 . 2010-12-31 12:20        --------        d-----w-        c:\users\Patrick\AppData\Local\temp
2010-12-29 14:45 . 2010-12-29 15:16        --------        d-----w-        C:\_OTL
2010-12-29 14:08 . 2010-12-29 14:09        601600        ----a-w-        c:\program files\OTL.exe
2010-12-29 12:22 . 2010-12-29 12:22        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-12-29 12:21 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:21 . 2010-12-29 12:21        --------        d-----w-        c:\programdata\Malwarebytes
2010-12-29 12:21 . 2010-12-29 15:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-12-29 12:21 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-29 12:20 . 2010-12-29 12:21        7622112        ----a-w-        c:\program files\mbam-setup.exe
2010-12-24 11:19 . 2010-12-24 11:19        --------        d-----w-        c:\users\Administrator\AppData\Roaming\cock
2010-12-22 20:50 . 2010-12-22 20:50        --------        d-----w-        c:\users\Administrator\AppData\Roaming\5008
2010-12-22 20:50 . 2010-12-22 20:50        112        ----a-w-        c:\users\Administrator\AppData\Roaming\srvblck2.tmp
2010-12-22 20:50 . 2010-12-22 20:50        --------        d-----w-        c:\users\Administrator\AppData\Roaming\xmldm
2010-12-22 20:49 . 2010-12-22 20:49        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Roaming\cock
2010-12-22 18:19 . 2010-12-29 10:41        0        ----a-w-        c:\users\Administrator\AppData\Local\Akimikere.bin
2010-12-21 18:05 . 2010-12-21 18:05        0        ----a-w-        c:\windows\system32\config\systemprofile\AppData\Local\Akimikere.bin
2010-12-20 16:09 . 2010-12-29 14:26        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Anyzy
2010-12-07 23:13 . 2010-12-07 23:18        --------        d-----w-        c:\users\Administrator\P5JavaClientSettings

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 18:20 . 2010-08-04 12:16        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-11-25 20:37 . 2010-08-04 12:16        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-10 04:33 . 2010-11-23 18:17        6273872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7AF5FC5-80E1-4437-940D-775EDF7B3192}\mpengine.dll
2010-10-25 09:07 . 2010-05-25 06:44        95568        ----a-w-        c:\windows\system32\dgdersvc.exe
2010-10-25 09:07 . 2010-05-25 06:44        763216        ----a-w-        c:\windows\system32\dgderapi.dll
2010-10-25 09:07 . 2010-05-25 06:44        18120        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys
2010-10-25 09:03 . 2010-11-29 22:23        36640        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys
2010-10-19 09:41 . 2010-08-03 10:49        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-10-17 16:34 . 2010-10-17 16:34        20810120        ----a-w-        c:\program files\SkypeSetupFull50.exe
2010-10-13 17:13 . 2010-10-13 17:13        737339        ----a-w-        c:\program files\nschach3.exe
2010-10-07 20:25 . 2010-10-07 20:25        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-10-07 20:23 . 2010-10-07 20:23        28253422        ----a-w-        c:\program files\JDownloader095Setup.exe
2010-10-04 17:30 . 2010-10-04 17:29        75019048        ----a-w-        c:\program files\iTunesSetup.exe
2010-09-27 23:09 . 2010-09-27 23:09        1444057        ----a-w-        c:\program files\wrar393d.exe
2010-09-27 23:01 . 2010-09-27 23:00        4101552        ----a-w-        c:\program files\tugzip35.exe
2010-09-27 14:42 . 2010-09-27 14:08        1910152        ----a-w-        c:\program files\lotrostandard.exe
2010-09-19 13:57 . 2010-09-19 13:57        5642000        ----a-w-        c:\program files\TVUPlayer2.5.3.1.exe
2010-09-17 16:27 . 2010-09-17 16:27        8368928        ----a-w-        c:\program files\Firefox_Setup_3.6.10.exe
2010-09-10 16:18 . 2010-09-10 16:18        11802480        ----a-w-        c:\program files\winamp5581_full_emusic-7plus_de-de.exe
2010-09-08 20:49 . 2010-09-08 20:48        10928504        ----a-w-        c:\program files\Firefox_Setup_4.0_Beta_5.exe
2010-08-22 11:08 . 2010-08-22 11:08        955840        ----a-w-        c:\program files\catalyst_mobility_32-bit_util.exe
2010-08-21 16:02 . 2010-08-21 16:02        19563096        ----a-w-        c:\program files\vlc-1.1.3-win32.exe
2010-08-16 21:27 . 2010-08-16 21:27        1146587        ----a-w-        c:\program files\FOGDownloader-RoM_3_0_1_2153.exe
2010-08-04 10:58 . 2010-08-04 10:58        44151368        ----a-w-        c:\program files\avira_antivir_personal_de.exe
2010-08-03 16:17 . 2010-08-03 16:17        6287656        ----a-w-        c:\program files\gusetup_slim226.exe
2010-08-03 15:09 . 2010-08-03 15:08        9332568        ----a-w-        c:\program files\Firefox Setup 4.0 Beta 2.exe
2010-08-03 15:02 . 2010-08-03 15:02        10896808        ----a-w-        c:\program files\radio-fx.exe
2010-08-03 14:03 . 2010-08-03 14:03        12800040        ----a-w-        c:\program files\install_icq72b3129.exe
2010-08-03 11:22 . 2010-08-03 11:21        455611504        ----a-w-        c:\program files\Windows6.0-KB936330-X86-wave0.exe
2010-03-23 09:45 . 2010-08-21 15:54        5387807        ----a-w-        c:\program files\Setup-SopCast-3.2.9-2010-3-23.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50        2517088        ----a-w-        c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RfxSrvTray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"PLFSet"=rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe"
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SynTPStart"=c:\program files\Synaptics\SynTP\SynTPStart.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-21 194240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
R2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2010-06-24 2450696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-18 21504]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-12-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-03 09:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15003&l=dis
mStart Page = hxxp://de.intl.acer.yahoo.com
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0rq7w62t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
HKU-Default-Run-RestorData.exe - c:\restordata.exe\RestorData.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-31 13:21
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aiff"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ASF"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.au"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M2V"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MID"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIDI"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mod"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP2"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MPG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RMI"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wav"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMA"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMV"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-12-31  13:22:08
ComboFix-quarantined-files.txt  2010-12-31 12:22

Vor Suchlauf: 10 Verzeichnis(se), 108.505.456.640 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 108.393.279.488 Bytes frei

- - End Of File - - E53DB1C462C8D1B8840B24599715338E
--- --- ---

Bekomme kurz nach dem einloggen blue screen, kann nur noch im abgesicherten modus rein.

markusg 31.12.2010 13:59
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
und "nachhohlen falls zeit überschritten" auswählen


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:13 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129