|
Avira meldet TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe Guten Tag, Sie haben unter folgendem Thema bereits einen fast identischen Fall gelöst: http://www.trojaner-board.de/85207-t...chost-exe.html Ich habe diese Schritte auch durchgeführt aber leider nicht mit dem erhofften Ergebnis. (Mein System ist Windows 7) - Malwarebytes findet kein Problem - Antivir systemscan erkenn auch keinen Virus - CCleaner durchgeführt - Combofix hat zweimal neugestartet weil ein Rootkit gefunden wurde Danach ist es dann bei Stufe 8 erst einmal abgestürzt. (ich werde versuchen noch einen vernünftigen report zu bekommen. Schon einmal vielen Dank im Voraus Hijackthis hat diesen report erstellt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:06:10, on 24.04.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Ablage\Proggies\Portable FSCapture65EN\App\FSCapture.exe C:\Users\Roland\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Firefox\firefox.exe C:\Program Files\Firefox\mozilla-runtime.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [combofix] "C:\cofid\CF28866.cfxxe" /c "C:\cofid\C.bat" O4 - HKCU\..\Run: [Google Update] "C:\Users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: FastStone Capture.lnk = D:\Ablage\Proggies\Portable FSCapture65EN\App\FSCapture.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A268AA48-0CEB-4847-B9F5-33FE56BD0E95}: NameServer = 62.42.230.24,62.42.63.52 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: PEVSystemStart - Unknown owner - C:\cofid\PEV.cfxxe O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6612 bytes |
Ich habe mitterweile im abgesicherten Modus Combofix ausführen können (logdatei hier eingefügt. Tortzdem bekomme ich immer noch die Avira Warnmeldungen : ComboFix 10-04-21.01 - Roland 24.04.2010 8:33.2.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1033.18.2015.1406 [GMT 2:00] ausgeführt von:: c:\users\Roland\Desktop\cofid.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\symavc32.sys . ((((((((((((((((((((((( Dateien erstellt von 2010-03-24 bis 2010-04-24 )))))))))))))))))))))))))))))) . 2010-04-24 06:38 . 2010-04-24 06:41 -------- d-----w- c:\users\Roland\AppData\Local\temp 2010-04-24 06:38 . 2010-04-24 06:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-24 06:38 . 2010-04-24 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-24 06:32 . 2010-04-24 06:33 -------- d-----w- C:\32788R22FWJFW 2010-04-24 05:39 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-04-24 05:39 . 2010-04-24 05:39 -------- d-----w- c:\program files\Panda Security 2010-04-24 04:55 . 2010-04-24 04:55 388096 ----a-r- c:\users\Roland\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-23 21:48 . 2010-04-23 21:48 52224 ----a-w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-23 21:48 . 2010-04-24 05:19 117760 ----a-w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\users\Roland\AppData\Roaming\SUPERAntiSpyware.com 2010-04-23 21:47 . 2010-04-23 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-23 21:36 . 2010-04-24 06:32 -------- d-----w- c:\program files\trend micro 2010-04-23 21:36 . 2010-04-23 21:36 -------- d-----w- C:\rsit 2010-04-23 21:10 . 2010-04-23 21:10 -------- d-----w- c:\program files\Sophos 2010-04-23 18:35 . 2010-04-23 05:43 79872 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll 2010-04-23 18:35 . 2010-04-23 05:43 33280 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll 2010-04-23 18:25 . 2010-04-23 18:25 -------- d-----w- c:\program files\CCleaner 2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\users\Roland\AppData\Roaming\Malwarebytes 2010-04-23 17:13 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-23 17:13 . 2010-04-23 17:13 -------- d-----w- c:\programdata\Malwarebytes 2010-04-23 17:13 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-23 16:34 . 2010-04-23 16:34 -------- d-----w- c:\users\Roland\AppData\Roaming\Avira 2010-04-23 03:22 . 2010-03-11 16:25 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-04-23 03:22 . 2010-03-11 16:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-04-23 03:22 . 2010-03-11 16:25 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-04-23 03:22 . 2010-04-23 03:22 -------- d-----w- c:\windows\system32\ZoneLabs 2010-04-23 03:22 . 2010-03-01 13:07 464072 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2010-04-23 03:22 . 2010-04-23 03:22 -------- d-----w- c:\program files\Zone Labs 2010-04-23 03:20 . 2010-04-24 06:41 -------- d-----w- c:\windows\Internet Logs 2010-04-23 03:20 . 2010-04-23 03:20 -------- d-----w- c:\programdata\CheckPoint 2010-04-23 03:19 . 2010-04-23 03:19 -------- d-----w- c:\program files\Avira 2010-04-23 03:19 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-23 03:19 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-23 03:19 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-23 03:19 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-15 05:57 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 05:57 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 05:57 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 05:57 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 05:57 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 05:57 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 06:06 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 06:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-12 21:39 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-04-08 20:57 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-23 20:47 . 2010-04-23 03:22 420801 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2010-04-23 20:46 . 2010-04-23 20:47 1687040 ----a-w- c:\windows\Internet Logs\xDBAE4B.tmp 2010-04-23 20:46 . 2010-04-23 20:47 260096 ----a-w- c:\windows\Internet Logs\xDBAD41.tmp 2010-04-23 20:46 . 2010-04-23 20:47 1686016 ----a-w- c:\windows\Internet Logs\xDBAEA9.tmp 2010-04-23 20:36 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys 2010-04-23 17:15 . 2010-02-02 23:22 -------- d-----w- c:\users\Roland\AppData\Roaming\Skype 2010-04-23 16:05 . 2010-02-02 23:25 -------- d-----w- c:\users\Roland\AppData\Roaming\skypePM 2010-04-23 03:19 . 2010-02-02 20:45 -------- d-----w- c:\programdata\Avira 2010-04-22 19:43 . 2010-02-02 22:36 -------- d-----w- c:\users\Roland\AppData\Roaming\foobar2000 2010-04-22 19:30 . 2010-02-14 23:40 -------- d-----w- c:\program files\Common Files\Nero 2010-04-22 19:30 . 2010-02-04 23:21 -------- d-----w- c:\users\Roland\AppData\Roaming\uTorrent 2010-04-22 19:29 . 2010-02-14 23:40 -------- d-----w- c:\programdata\Nero 2010-04-14 22:21 . 2010-03-20 20:02 -------- d-----w- c:\users\Roland\AppData\Roaming\Spotify 2010-04-14 05:54 . 2010-02-03 00:30 -------- d-----w- c:\program files\Google 2010-04-12 22:43 . 2010-02-16 23:09 -------- d-----w- c:\program files\Firefox 2010-04-12 21:33 . 2010-02-02 20:48 181096 ----a-w- c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\FlashGot.exe 2010-03-20 20:02 . 2010-03-20 20:02 -------- d-----w- c:\program files\Spotify 2010-03-11 19:42 . 2010-02-02 23:22 -------- d-----r- c:\program files\Skype 2010-03-07 11:00 . 2010-03-07 11:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-03-07 07:41 . 2010-02-02 22:36 -------- d-----w- c:\program files\foobar2000 2010-03-06 13:23 . 2010-03-06 13:23 -------- d-----w- c:\users\Roland\AppData\Roaming\Sibelius Software 2010-03-06 12:39 . 2010-03-06 12:39 -------- d-----w- c:\users\Roland\AppData\Roaming\FastStone 2010-02-26 20:20 . 2010-02-26 20:20 -------- d-----w- c:\program files\Common Files\Skype 2010-02-26 18:34 . 2010-02-26 18:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst.dll 2010-02-26 18:34 . 2009-07-08 12:48 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2010-02-26 18:34 . 2010-02-26 18:34 26168 ----a-w- c:\windows\system32\hpservice.exe 2010-02-26 18:34 . 2010-02-26 18:34 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL 2010-02-26 18:33 . 2010-02-26 18:33 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2010-02-04 01:21 . 2010-02-02 20:43 98616 ----a-w- c:\users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-02 23:36 . 2010-02-02 23:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-02 22:57 . 2010-02-02 22:57 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2010-02-02 19:46 . 2010-02-02 19:46 0 ----a-w- c:\windows\ativpsrm.bin 2010-02-02 07:45 . 2010-02-24 00:10 2048 ----a-w- c:\windows\system32\tzres.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-04-23_20.22.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-02 23:08 . 2010-04-23 20:42 21594 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2010-04-24 06:41 41810 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-02-02 19:22 . 2010-04-23 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-02 19:22 . 2010-04-24 06:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:41 . 2010-04-23 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2010-04-24 06:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-02 19:34 . 2010-04-23 20:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-02 19:34 . 2010-04-24 06:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:34 . 2010-04-23 21:17 85704 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-02-02 19:34 . 2010-04-24 06:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-02 19:34 . 2010-04-23 20:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-02 19:34 . 2010-04-24 06:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-02 19:34 . 2010-04-23 20:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-02 19:34 . 2010-04-24 06:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-02 19:34 . 2010-04-23 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-02 22:08 . 2010-04-23 19:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2010-02-02 22:08 . 2010-04-24 06:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2010-02-02 22:08 . 2010-04-24 06:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat - 2010-02-02 22:08 . 2010-04-23 19:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat + 2010-02-02 22:08 . 2010-04-24 06:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat - 2010-02-02 22:08 . 2010-04-23 19:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat + 2010-02-02 19:34 . 2010-04-24 06:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-02 19:34 . 2010-04-23 20:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-02 19:34 . 2010-04-24 06:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-02 19:34 . 2010-04-23 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-23 21:47 . 2010-04-23 21:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2010-04-23 21:47 . 2010-04-23 21:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2010-02-02 19:35 . 2010-04-24 06:41 4730 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1354496913-132004231-679243759-1001_UserData.bin - 2010-02-02 19:20 . 2010-04-23 20:07 3856 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-02-02 19:20 . 2010-04-24 05:14 3856 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2010-04-23 20:08 . 2010-04-23 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-04-24 05:15 . 2010-04-24 06:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-04-23 20:08 . 2010-04-23 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-04-24 05:15 . 2010-04-24 06:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-04-23 21:47 . 2010-04-23 21:47 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe + 2010-02-02 21:43 . 2010-04-24 04:37 304562 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:05 . 2010-04-24 05:20 609896 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2010-04-23 20:22 609896 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-04-24 05:20 104214 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2010-04-23 20:22 104214 c:\windows\System32\perfc009.dat + 2010-02-02 19:31 . 2010-04-24 04:52 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-02-02 19:31 . 2010-04-23 06:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-02-02 19:22 . 2010-04-23 20:08 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-02 19:22 . 2010-04-24 06:39 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-04 12:06 . 2009-08-04 12:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll - 2009-07-14 02:03 . 2010-04-23 19:28 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:03 . 2010-04-23 21:00 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2010-04-23 21:46 . 2010-04-23 21:46 7834112 c:\windows\Installer\1f6bf.msi + 2010-04-24 04:54 . 2010-04-24 04:54 1402880 c:\windows\Installer\189ebb0.msi . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-03 135664] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-05-25 408088] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-11 1038728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7889.tmp [x] R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168] S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-05-25 1464856] S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872] S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - PAVBOOT . Inhalt des "geplante Tasks" Ordners 2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:30] 2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 00:30] 2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354496913-132004231-679243759-1001Core.job - c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 00:26] 2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354496913-132004231-679243759-1001UA.job - c:\users\Roland\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 00:26] . . ------- Zusätzlicher Suchlauf ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {A268AA48-0CEB-4847-B9F5-33FE56BD0E95} = 62.42.230.24,62.42.63.52 FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\4ufrnymx.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\Roland\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll . ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x865DFAC8]<< kernel: MBR read successfully detected MBR rootkit hooks: IoDeviceObjectType -> DumpProcedure -> 0x42554855 SecurityProcedure -> 0x1 user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\7889.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5488) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\AEADISRV.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\AMT\atchksrv.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Intel\AMT\LMS.exe c:\windows\system32\conhost.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\users\Roland\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Zeit der Fertigstellung: 2010-04-24 08:45:56 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-24 06:45 ComboFix2.txt 2010-04-23 20:23 Vor Suchlauf: 48.457.756.672 bytes free Nach Suchlauf: 48.099.627.008 bytes free - - End Of File - - 5FE868268D7836D259CD1601DB1B479E |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:59 Uhr. |
Copyright ©2000-2025, Trojaner-Board