Dringend: Win32:Ardamax-EL [Trj]

#0
19.11.2007, 22:33
...neu hier

Beiträge: 7
#1 Hallo,

habe mir irgendwo den o.g. Trojaner eingefangen. Absolut keine Ahnung wo und wie. Wäre super wenn mir schnell jemand helfen könnte!

Betriebssystem: Windows Vista Business 32bit
Virenprogramm: GDATA Internetsecurity 2007

ComboFix: geht nicht! Kriege Meldung: "Out of Memory" und Windows Defender schalter sich ab!

LogFile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:00, on 19.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Programme\Opera\Opera.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070221
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8654 bytes


datfind.bat:







Datenträger in Laufwerk C: ist OS
Volumeseriennummer: D2E1-5980

Verzeichnis von C:\Windows\system32

19.11.2007 22:08 613.046 perfh009.dat
19.11.2007 22:08 104.768 perfc009.dat
19.11.2007 22:08 644.854 perfh007.dat
19.11.2007 22:08 117.716 perfc007.dat
19.11.2007 22:08 1.470.336 PerfStringBackup.INI
19.11.2007 22:02 422.968 FNTCACHE.DAT
19.11.2007 22:02 3.456 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
19.11.2007 22:02 3.456 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
14.11.2007 20:41 704.000 PhotoScreensaver.scr
14.11.2007 20:41 3.504.824 ntkrnlpa.exe
14.11.2007 20:41 3.471.032 ntoskrnl.exe
14.11.2007 20:41 24.064 wtsapi32.dll
14.11.2007 20:41 2.027.008 win32k.sys
14.11.2007 20:41 542.720 sysmain.dll
14.11.2007 20:41 714.240 timedate.cpl
14.11.2007 20:41 1.655.289 wlan.tmf
14.11.2007 20:41 47.104 wlanapi.dll
14.11.2007 20:41 67.584 wlanhlp.dll
14.11.2007 20:41 290.816 wlanmsm.dll
14.11.2007 20:41 502.784 wlansvc.dll
14.11.2007 20:41 297.984 wlansec.dll
10.11.2007 12:39 326 zhp1600.log
02.11.2007 08:12 18.238.072 mrt.exe
10.10.2007 15:23 8.147.968 wmploc.DLL
10.10.2007 15:23 10.617.344 wmp.dll
10.10.2007 15:23 7.680 spwmp.dll
10.10.2007 15:23 4.096 dxmasf.dll
10.10.2007 15:23 4.096 msdxm.ocx
10.10.2007 15:23 356.864 MediaMetadataHandler.dll
10.10.2007 15:22 3.584.512 mshtml.dll
10.10.2007 15:22 1.383.424 mshtml.tlb
10.10.2007 15:22 477.696 mshtmled.dll
10.10.2007 15:21 180.736 ieui.dll
10.10.2007 15:21 6.058.496 ieframe.dll
10.10.2007 15:21 1.152.000 urlmon.dll
10.10.2007 15:21 824.832 wininet.dll
10.10.2007 15:21 27.648 jsproxy.dll
10.10.2007 15:21 124.928 advpack.dll
10.10.2007 15:21 63.488 ie4uinit.exe
10.10.2007 15:21 44.544 iernonce.dll
10.10.2007 15:21 56.320 iesetup.dll
10.10.2007 15:21 26.624 ieUnatt.exe
10.10.2007 15:21 1.824.768 inetcpl.cpl
10.10.2007 15:21 63.488 icardie.dll
10.10.2007 15:21 671.232 mstime.dll
10.10.2007 15:21 214.528 dxtrans.dll
10.10.2007 15:21 347.136 dxtmsft.dll
10.10.2007 15:21 383.488 ieapfltr.dll
10.10.2007 15:21 84.480 INETRES.dll
10.10.2007 15:21 737.792 inetcomm.dll
10.10.2007 15:20 788.992 rpcrt4.dll
29.08.2007 18:30 147.456 sw2_ttls_res.dll
29.08.2007 15:55 81.920 sw2_ttls_manager.exe
29.08.2007 15:55 249.856 sw2_ttls.dll
29.08.2007 07:49 467.456 riched20.dll
29.08.2007 07:49 8.192 riched32.dll
29.08.2007 07:49 38.400 kmddsp.tsp
29.08.2007 07:49 22.016 rasser.dll
29.08.2007 07:49 77.824 rascfg.dll
29.08.2007 07:49 52.736 rasdiag.dll
29.08.2007 07:49 49.664 ndptsp.tsp
29.08.2007 07:49 1.820 rasctrnm.h
29.08.2007 07:49 32.768 rasmxs.dll
29.08.2007 07:49 384.000 netcfgx.dll
29.08.2007 07:49 564.736 msftedit.dll
29.08.2007 07:49 13.824 icsunattend.exe
29.08.2007 07:49 286.208 ipnathlp.dll
29.08.2007 07:49 13.824 wshqos.dll
29.08.2007 07:49 33.280 traffic.dll
29.08.2007 07:49 15.360 pacerprf.dll
29.08.2007 07:49 694.784 localspl.dll
29.08.2007 07:49 36.864 cdd.dll
29.08.2007 07:49 134.656 dps.dll
29.08.2007 07:48 2.048 tzres.dll
29.08.2007 07:47 105.984 CscMig.dll
29.08.2007 07:47 11.315.200 shell32.dll
29.08.2007 07:47 269.824 schannel.dll
29.08.2007 07:47 61.440 ntprint.exe
29.08.2007 07:47 220.160 ntprint.dll
29.08.2007 07:47 10.240 dhcpcmonitor.dll
29.08.2007 07:47 204.800 dhcpcsvc.dll
29.08.2007 07:47 120.320 dhcpcsvc6.dll
29.08.2007 07:47 1.984.512 authui.dll
29.08.2007 07:47 712.192 WindowsCodecs.dll
29.08.2007 07:47 65.024 avicap32.dll
29.08.2007 07:47 123.904 msvfw32.dll
29.08.2007 07:47 82.944 mciavi32.dll
29.08.2007 07:47 88.576 avifil32.dll
29.08.2007 07:47 31.232 msvidc32.dll
29.08.2007 07:47 12.800 msrle32.dll
29.08.2007 07:47 69.632 sendmail.dll
29.08.2007 07:47 8.138.240 ssBranded.scr
29.08.2007 07:46 750.080 qmgr.dll
24.08.2007 17:08 1.275.392 msxml4.dll
24.08.2007 07:42 1.524.224 wucltux.dll
24.08.2007 07:42 43.352 wups2.dll
24.08.2007 07:42 53.080 wuauclt.exe
24.08.2007 07:42 1.712.984 wuaueng.dll
24.08.2007 07:41 80.896 wudriver.dll
24.08.2007 07:41 33.624 wups.dll
24.08.2007 07:41 549.720 wuapi.dll
24.08.2007 07:40 163.000 wuwebv.dll
24.08.2007 07:40 31.232 wuapp.exe
16.08.2007 18:39 1.191.936 msxml3.dll
16.08.2007 18:39 2.048 msxml3r.dll
16.08.2007 18:38 1.335.296 msxml6.dll
16.08.2007 18:38 2.048 msxml6r.dll
11.07.2007 16:49 392.192 FirewallAPI.dll


Datenträger in Laufwerk C: ist OS
Volumeseriennummer: D2E1-5980

Verzeichnis von C:\Users\Admin\AppData\Local\Temp

19.11.2007 22:29 124.440 datfind.txt
19.11.2007 22:07 3.114 jusched.log
19.11.2007 22:06 1.470 wmsetup.log
19.11.2007 22:03 188 AUInst.log
19.11.2007 22:03 1.020 ~ROMFN_00000894
19.11.2007 22:02 31.832 Admin.bmp
19.11.2007 21:57 39.057 SetupExe(200711192139451638).log
19.11.2007 21:39 1.272 wmplog14.sqm
19.11.2007 20:12 134 4680887.od
19.11.2007 20:12 0 CVR6CB7.tmp.cvr
19.11.2007 20:05 134 4242072.od
19.11.2007 20:05 0 CVRBA98.tmp.cvr
19.11.2007 19:43 3.254 2918560.manifest
19.11.2007 19:43 2.736 2918295.cvr
19.11.2007 19:35 2.976 2445409.manifest
19.11.2007 19:35 2.304 2445144.cvr
19.11.2007 19:32 1.396 wmplog13.sqm
19.11.2007 18:58 1.272 wmplog12.sqm
19.11.2007 18:56 1.592 wmplog11.sqm
19.11.2007 18:50 1.272 wmplog10.sqm
19.11.2007 18:49 1.272 wmplog09.sqm
19.11.2007 18:42 1.272 wmplog08.sqm
19.11.2007 18:31 134 183488.od
19.11.2007 18:31 0 CVRCC43.tmp.cvr
19.11.2007 18:25 1.272 wmplog07.sqm
19.11.2007 18:25 1.020 ~ROMFN_00000858
19.11.2007 17:12 1.328 wmplog06.sqm
19.11.2007 16:31 1.536 wmplog05.sqm
18.11.2007 21:59 1.272 wmplog04.sqm
18.11.2007 21:42 0 FXSTIFFDebugLogFile.txt
18.11.2007 16:35 1.472 wmplog03.sqm
18.11.2007 16:28 1.440 wmplog02.sqm
18.11.2007 16:27 1.440 wmplog01.sqm
29.08.2007 18:30 147.456 sw2_ttls_res.old
29.08.2007 15:55 249.856 sw2_ttls.old
26.02.2007 21:03 0 FXSAPIDebugLogFile.txt
36 Datei(en), 630.233 Bytes
0 Verzeichnis(se), 98.639.941.632 Bytes frei
.
.
.
Datenträger in Laufwerk C: ist OS
Volumeseriennummer: D2E1-5980

Verzeichnis von C:\Windows

19.11.2007 22:26 1.271.630 WindowsUpdate.log
19.11.2007 22:02 67.584 bootstat.dat
19.11.2007 22:02 82.408 PFRO.log
19.11.2007 21:57 12 bthservsdp.dat
19.11.2007 21:44 240 win.ini
19.11.2007 16:28 2.720.928 ntbtlog.txt
14.11.2007 20:41 2.923.520 explorer.exe
10.11.2007 11:57 24.330 DPINST.LOG
10.11.2007 11:31 33.558 setupact.log
17.10.2007 20:32 190.589.902 MEMORY.DMP
10.10.2007 15:23 266.698 msxml4-KB941833-enu.LOG
23.09.2007 20:36 1.080 KB893803v2.log
29.08.2007 07:54 749 WindowsShell.Manifest
26.08.2007 10:19 400 ODBC.INI
16.08.2007 18:35 266.354 msxml4-KB936181-enu.LOG
05.08.2007 12:33 0 MinGW.INI
04.08.2007 19:16 86.997 DirectX.log





Datenträger in Laufwerk C: ist OS
Volumeseriennummer: D2E1-5980

Verzeichnis von C:\Windows\temp

19.11.2007 22:03 0 JET9DB7.tmp
19.11.2007 22:03 0 JET87D4.tmp
19.11.2007 22:03 0 JET8786.tmp
19.11.2007 22:03 0 JET8738.tmp
19.11.2007 22:03 0 JET841E.tmp
5 Datei(en), 0 Bytes
0 Verzeichnis(se), 98.639.937.536 Bytes frei
.
.
.
Datenträger in Laufwerk C: ist OS
Volumeseriennummer: D2E1-5980

Verzeichnis von C:\Windows\Downloaded Program Files

23.03.2007 12:17 1.292 erma.inf
03.10.2006 12:34 327.680 isusweb.dll
18.09.2006 22:26 65 desktop.ini
07.03.2006 14:54 114.256 IDropDEU.dll
05.03.2006 13:19 114.280 IDropENU.dll
05.03.2006 12:58 346.216 IDrop.ocx
25.07.2002 19:13 24.576 dwusplay.dll
25.07.2002 19:13 196.608 dwusplay.exe
8 Datei(en), 1.124.973 Bytes
0 Verzeichnis(se), 98.639.937.536 Bytes frei
.
.
.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
hat doch noch geklappt:


ComboFix 07-11-08.3 - Admin 2007-11-19 23:17:32.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1031.18.1156 [GMT 1:00]
ausgeführt von:: C:\Users\Admin\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2007-10-19 bis 2007-11-19 ))))))))))))))))))))))))))))))
.

2007-11-19 23:15 51,200 --a------ C:\Windows\NirCmd.exe
2007-11-19 22:15 1,000 --a------ C:\Users\Admin\datFind.bat
2007-11-19 22:14 318,369 --a------ C:\Users\Admin\HiJackThis.zip
2007-11-19 22:13 50,688 --a------ C:\Users\Admin\ATF-Cleaner.exe
2007-11-19 18:43 <DIR> d-------- C:\Program Files\SecureW2
2007-11-19 18:40 438,568 --a------ C:\Users\Admin\SecureW2_TU-BS-XPVista-WPA2-AES-Setup-3.3.2-(1-pub-beta).exe
2007-11-14 23:15 <DIR> d-------- C:\Program Files\OO Software
2007-11-13 13:33 <DIR> d-------- C:\Users\Admin\Arcor
2007-11-10 12:39 <DIR> d--h----- C:\Program Files\Zenographics
2007-11-10 12:39 1,789,952 --a------ C:\Windows\System32\zhp1600r.dll
2007-11-10 12:39 749,568 --a------ C:\Windows\System32\agi1600.dll
2007-11-10 12:39 299,008 --a------ C:\Windows\System32\zhhp1600.exe
2007-11-10 12:39 106,496 --a------ C:\Windows\System32\ZSPOOL.dll
2007-11-10 12:39 102,400 --a------ C:\Windows\System32\zlhp1600.dll
2007-11-10 12:39 61,440 --a------ C:\Windows\System32\zIMF.dll
2007-11-10 12:39 53,248 --a------ C:\Windows\System32\ztag.dll
2007-11-10 12:35 <DIR> d-------- C:\hp_CLJ1600_Full_Solution

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 20:56 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-19 20:54 --------- d-----w C:\Program Files\MSBuild
2007-11-19 20:54 --------- d-----w C:\Program Files\Microsoft Works
2007-11-18 20:45 930 ----a-w C:\Users\Admin\AppData\Roaming\wklnhst.dat
2007-11-14 19:41 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 19:41 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 19:41 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 19:41 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 19:41 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 19:41 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-14 19:41 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-14 19:41 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 19:41 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 19:41 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 19:41 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 19:41 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 19:41 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 19:41 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 19:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 19:41 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 19:41 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 19:38 --------- d-----w C:\Program Files\Windows Mail
2007-11-10 11:39 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-18 16:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-18 16:51 --------- d-----w C:\Program Files\Rockstar Games
2007-10-10 14:23 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 14:23 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 14:23 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 14:23 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 14:21 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 14:21 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-10 14:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-10 14:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-10 14:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-10 14:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-09-30 19:10 --------- d-----w C:\ProgramData\G DATA
2007-09-23 19:44 38,608 ----a-w C:\Windows\system32\drivers\PktIcpt.sys
2007-09-23 19:38 47,184 ----a-w C:\Windows\system32\drivers\MiniIcpt.sys
2007-09-23 19:38 32,200 ----a-w C:\Windows\system32\drivers\HookCentre.sys
2007-09-23 19:38 --------- d-----w C:\Program Files\G DATA InternetSecurity
2007-09-23 19:37 41,928 ----a-w C:\Windows\system32\drivers\GDTdiIcpt.sys
2007-09-23 19:37 --------- d-----w C:\Program Files\Common Files\G DATA
2007-09-23 19:35 --------- d-----w C:\Users\Admin\AppData\Roaming\InstallShield
2007-09-23 19:23 --------- d-----w C:\Program Files\Trillian
2007-09-23 19:08 --------- d-----w C:\Users\Admin\AppData\Roaming\Dev-Cpp
2007-09-22 16:58 --------- d-----w C:\Users\Admin\AppData\Roaming\Corel
2007-08-29 17:30 147,456 ----a-w C:\Windows\System32\sw2_ttls_res.dll
2007-08-29 14:55 81,920 ----a-w C:\Windows\System32\sw2_ttls_manager.exe
2007-08-29 14:55 249,856 ----a-w C:\Windows\System32\sw2_ttls.dll
2007-08-29 06:54 174 --sha-w C:\Program Files\desktop.ini
2007-08-29 06:49 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-29 06:49 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-29 06:49 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-29 06:49 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-29 06:49 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-29 06:49 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-29 06:49 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-29 06:49 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-29 06:49 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-29 06:49 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-29 06:49 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-29 06:49 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-29 06:49 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-29 06:49 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-29 06:47 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-08-29 06:47 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-08-29 06:47 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-08-29 06:47 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-08-29 06:47 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-08-29 06:47 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-08-29 06:47 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-08-29 06:47 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-08-29 06:47 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-08-29 06:47 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-08-29 06:47 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-08-29 06:47 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-08-29 06:47 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-08-29 06:47 105,984 ----a-w C:\Windows\System32\CscMig.dll
2007-08-29 06:47 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-08-29 06:47 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-29 06:46 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-24 06:42 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-24 06:42 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-24 06:42 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-24 06:42 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-24 06:41 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-24 06:41 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-24 06:41 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-24 06:40 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-24 06:40 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 21:05]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 00:52]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-21 11:33]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 22:13]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-10-13 12:31]
"SigmatelSysTrayApp"="sttray.exe" [2006-12-01 22:40 C:\Windows\sttray.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"GDFirewallTray"="C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe" [2007-08-14 11:12]
"AVKTray"="C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-08-14 11:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 03:19]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-02-21 11:38:49]
G DATA Firewall Tray.lnk - C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-09-23 20:37:39]
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-02-21 11:35:07]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\DRIVERS\gdwfpcd32.sys
R2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe"
R2 AVKService;AVK Service;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
R2 AVKWCtl;AVK Wächter;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
R2 GDTdiInterceptor;GDTdiInterceptor;\??\C:\Windows\system32\drivers\GDTdiIcpt.sys
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 GDFwSvc;G DATA Personal Firewall;C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
R3 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys
R3 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebad38ee-c194-11db-999c-806e6f6e6963}]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-11-19 22:20:23 C:\Windows\Tasks\User_Feed_Synchronization-{5FBD1623-1ACB-4B8A-878A-396F80BFE4B6}.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 23:20:06
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-11-19 23:21:01
.
--- E O F ---
Dieser Beitrag wurde am 19.11.2007 um 23:24 Uhr von hankjerdin editiert.
Seitenanfang Seitenende