Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
avast hat Rootkit gefunden

avast hat Rootkit gefunden


Log-Analyse und Auswertung: avast hat Rootkit gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.11.2013, 12:54   #1
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Hallo,
und schon mal Danke für eure Hilfe.

Mein Avast meldet seit vorgestern, dass ein verdächtiges Objekt gefunden wurde.
SVC:adatadrv>C:\Windows\system32\Drivers\adatadrv.sys

Löschen mit Avast klappt nicht !!

HAbe dann mal nach der Datei gegoogelt und auch etwas dazu gefunden.
hxxp://de.systemexplorer.net/file-database/file/adatadrv-sys/1310538

und hier

http://www.trojaner-board.de/86927-m...-entdeckt.html

habe darauf dieses OSAM geladen und ausgeführt aber wie könnte ich das löschen ??

hier das Logfile:



Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:29:14 on 18.11.2013
OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 10.00.9200.16521

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs" c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File not found
|||||| "AppInit_DLLs" C:\Windows\system32\zipfldra.dll File found, but it contains no detailed information
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
"Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists
"FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\Windows\system32\FlashPlayerCPLApp.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\Windows\system32\nvcpl.cpl File exists
|||||| "ODBCCP32.CPL" "Microsoft Corporation" C:\Windows\system32\ODBCCP32.CPL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "lgLcdCpl" "Logitech Inc." C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl File exists
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "SamsungConnectionManager" C:\PROGRA~1\Samsung\SAMSUN~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) C:\Windows\System32\drivers\tsusbhub.sys File not found
"AnyDVD" (AnyDVD) "SlySoft, Inc." C:\Windows\System32\Drivers\AnyDVD.sys File exists
"aqimwooj" (aqimwooj) C:\Windows\system32\drivers\aqimwooj.sys File not found
|||||| "ar41ex6b" (ar41ex6b) "Microsoft Corporation" C:\Windows\system32\drivers\ar41ex6b.sys Hidden registry entry, rootkit activity | File signed by Microsoft
"aswFsBlk" (aswFsBlk) "AVAST Software" C:\Windows\system32\drivers\aswFsBlk.sys File exists
"aswMonFlt" (aswMonFlt) "AVAST Software" C:\Windows\system32\drivers\aswMonFlt.sys File exists
"aswRdr" (aswRdr) "AVAST Software" C:\Windows\System32\Drivers\aswrdr2.sys File exists
"aswRvrt" (aswRvrt) C:\Windows\system32\drivers\aswRvrt.sys File exists
"aswSnx" (aswSnx) "AVAST Software" C:\Windows\system32\drivers\aswSnx.sys File exists
"aswSP" (aswSP) "AVAST Software" C:\Windows\system32\drivers\aswSP.sys File exists
"aswVmm" (aswVmm) C:\Windows\system32\drivers\aswVmm.sys File exists
"avast! Network Shield Support" (aswTdi) "AVAST Software" C:\Windows\system32\drivers\aswTdi.sys File exists
|||||| "AVM Eject" (avmeject) "AVM Berlin" C:\Windows\System32\drivers\avmeject.sys File exists
"dlnmjshl" (dlnmjshl) C:\Windows\system32\drivers\dlnmjshl.sys File not found
"ejmbuoso" (ejmbuoso) C:\Windows\system32\drivers\ejmbuoso.sys File not found
|||||| "ElbyCDIO Driver" (ElbyCDIO) "Elaborate Bytes AG" C:\Windows\System32\Drivers\ElbyCDIO.sys File exists
|||||| "epmntdrv" (epmntdrv) C:\Windows\system32\epmntdrv.sys File found, but it contains no detailed information
|||||| "EuGdiDrv" (EuGdiDrv) C:\Windows\system32\EuGdiDrv.sys File found, but it contains no detailed information
|||||| "EUTRON SmartKey Parallel Driver" (eusk2par) "EUTRON" C:\Windows\system32\Drivers\eusk2par.sys File exists
"fgwsrrmp" (fgwsrrmp) C:\Windows\system32\drivers\fgwsrrmp.sys File not found
|||||| "Generic Mount Driver" (GenericMount) "Symantec Corporation" C:\Windows\System32\DRIVERS\GenericMount.sys File exists
|||||| "giveio" (giveio) C:\Windows\System32\giveio.sys File found, but it contains no detailed information
"kfqgxkul" (kfqgxkul) C:\Windows\system32\drivers\kfqgxkul.sys File not found
"lqcoeatk" (lqcoeatk) C:\Windows\system32\drivers\lqcoeatk.sys File not found
"nwjeiqer" (nwjeiqer) C:\Windows\system32\drivers\nwjeiqer.sys File not found
"ohvjxovc" (ohvjxovc) C:\Windows\system32\drivers\ohvjxovc.sys File not found
"omkvtskd" (omkvtskd) C:\Windows\system32\drivers\omkvtskd.sys File not found
|||||| "OPCOMUSB.SYS OP-COM USB device driver" (FTD2XX) "FTDI Ltd." C:\Windows\System32\Drivers\OPCOMUSB.sys File exists
"pmlvfwjt" (pmlvfwjt) C:\Windows\system32\drivers\pmlvfwjt.sys File not found
"rlbwgdkg" (rlbwgdkg) C:\Windows\system32\drivers\rlbwgdkg.sys File not found
"saafrakq" (saafrakq) C:\Windows\system32\drivers\saafrakq.sys File not found
|||||| "SafeNet USB SuperPro/UltraPro/HardwareKey" (SNTNLUSB) "SafeNet, Inc." C:\Windows\System32\DRIVERS\SNTNLUSB.SYS File exists
|||||| "speedfan" (speedfan) "Windows (R) 2000 DDK provider" C:\Windows\System32\speedfan.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
"Synth3dVsc" (Synth3dVsc) C:\Windows\System32\drivers\synth3dvsc.sys File not found
"ubrqlrxj" (ubrqlrxj) C:\Windows\system32\drivers\ubrqlrxj.sys File not found
"udmugqcn" (udmugqcn) C:\Windows\system32\drivers\udmugqcn.sys File not found
"ui11rdr" (ui11rdr) "1&1 Internet AG" C:\Windows\System32\DRIVERS\ui11rdr.sys File exists
"VGPU" (VGPU) C:\Windows\System32\drivers\rdvgkmd.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" "Hewlett-Packard Company" "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL File exists
|||||| {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} "WOT Protocol" "WOT Services Oy" C:\Program Files\WOT\WOT.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" "Adobe Systems Inc." C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll File exists
{472083B0-C522-11CF-8763-00608CC02F24} "avast" "AVAST Software" C:\Program Files\Alwil Software\Avast5\ashShell.dll File exists
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Program Files\NVIDIA Corporation\Display\nvui.dll File exists
|| {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" "DivX, Inc." C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll File exists
|| {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" "DivX, Inc." C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll File exists
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {B062CBE9-07D9-4EA1-A103-3041708C2392} "Samsung Phone Browser" C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll File exists
{62DF97A2-3635-4412-AE30-80B164BC88AD} "ShellContextMenuHandler Class" "1&1 Internet AG" C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL File exists
{93BDEB62-FB0F-48B2-A5A8-9C0655AC80E5} "ShellIconOverlayHandler Class" "1&1 Internet AG" C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL File exists
|||||| {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" C:\Program Files\Unlocker\UnlockerCOM.dll File found, but it contains no detailed information
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Adobe PDF" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
|||||| "WOT" "WOT Services Oy" C:\Program Files\WOT\WOT.dll File exists
"{9C65D12D-CF9D-454D-8049-61965D8C6FFF}" File not found | COM-object registry key not found
"{EEE6C35B-6118-11DC-9C72-001320C79847}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
{ecdee021-0d17-467f-a1ff-c7a115230949} "{ecdee021-0d17-467f-a1ff-c7a115230949}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_22.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file:///C:/Windows/Java/classes/xmldso.cab File not found | COM-object registry key not found
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {182EC0BE-5110-49C8-A062-BEB1D02A220B} "Adobe PDF" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists
|| {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" "AVM Berlin" C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll File exists
|||| {CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" "IE7Pro.com" C:\Program Files\IEPro\iepro.dll File exists
|||| {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" "IE7Pro.com" C:\Program Files\IEPro\iepro.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Adobe PDF" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File exists
"avast! Online Security" "AVAST Software" C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll File exists
|||||| {71576546-354D-41c9-AAE8-31F2EC22BF0D} "WOT" "WOT Services Oy" C:\Program Files\WOT\WOT.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||| {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File exists
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! Online Security" "AVAST Software" C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll File exists
|||| {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" "IE7Pro.com" C:\Program Files\IEPro\iepro.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|| {C0C86BBE-9509-4296-8459-FDBFDAF4B673} "SplitButtonBHO Class" "AVM Berlin" C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll File exists
|||||| {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} "WOT Helper" "WOT Services Oy" C:\Program Files\WOT\WOT.dll File exists
Known DLLs
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
"advapi32" "Microsoft Corporation" C:\Windows\system32\advapi32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "clbcatq" "Microsoft Corporation" C:\Windows\system32\clbcatq.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "COMDLG32" "Microsoft Corporation" C:\Windows\system32\COMDLG32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "DifxApi" "Microsoft Corporation" C:\Windows\system32\difxapi.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"gdi32" "Microsoft Corporation" C:\Windows\system32\gdi32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"IERTUTIL" "Microsoft Corporation" C:\Windows\system32\IERTUTIL.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"IMAGEHLP" "Microsoft Corporation" C:\Windows\system32\IMAGEHLP.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "IMM32" "Microsoft Corporation" C:\Windows\system32\IMM32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"kernel32" "Microsoft Corporation" C:\Windows\system32\kernel32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"LPK" "Microsoft Corporation" C:\Windows\system32\LPK.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "MSCTF" "Microsoft Corporation" C:\Windows\system32\MSCTF.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"MSVCRT" "Microsoft Corporation" C:\Windows\system32\MSVCRT.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "NORMALIZ" "Microsoft Corporation" C:\Windows\system32\NORMALIZ.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "NSI" "Microsoft Corporation" C:\Windows\system32\NSI.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "ole32" "Microsoft Corporation" C:\Windows\system32\ole32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"OLEAUT32" "Microsoft Corporation" C:\Windows\system32\OLEAUT32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "PSAPI" "Microsoft Corporation" C:\Windows\system32\PSAPI.DLL Hidden registry entry, rootkit activity | File signed by Microsoft
"rpcrt4" "Microsoft Corporation" C:\Windows\system32\rpcrt4.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "sechost" "Microsoft Corporation" C:\Windows\system32\sechost.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "Setupapi" "Microsoft Corporation" C:\Windows\system32\Setupapi.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"SHELL32" "Microsoft Corporation" C:\Windows\system32\SHELL32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "SHLWAPI" "Microsoft Corporation" C:\Windows\system32\SHLWAPI.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"URLMON" "Microsoft Corporation" C:\Windows\system32\URLMON.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "user32" "Microsoft Corporation" C:\Windows\system32\user32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"USP10" "Microsoft Corporation" C:\Windows\system32\USP10.dll Hidden registry entry, rootkit activity | File signed by Microsoft
"WININET" "Microsoft Corporation" C:\Windows\system32\WININET.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "WLDAP32" "Microsoft Corporation" C:\Windows\system32\WLDAP32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "WS2_32" "Microsoft Corporation" C:\Windows\system32\WS2_32.dll Hidden registry entry, rootkit activity | File signed by Microsoft
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|| "Logitech Touch Mouse Server.lnk" "Logitech, Inc." C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe Shortcut exists | File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||| "Adobe Acrobat - Schnellstart.lnk" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe Shortcut exists | File exists
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"1&1_1&1 Upload-Manager" "1&1 Internet AG" "C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE" /hide File exists
"iDevice Manager Launcher" "Marx Softwareentwicklung - www.software4u.de" "C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run File exists
|||| "S60 PC Suite Tray" "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Acrobat Assistant 7.0" "Adobe Systems Inc." "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" File exists
"Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
"APSDaemon" "Apple Inc." "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File exists
"avast5" "AVAST Software" "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File exists
|||||| "AVMWlanClient" "AVM Berlin" C:\Program Files\avmwlanstick\wlangui.exe File exists
"iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists
|||| "Launch LCDMon" "Logitech Inc." "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" File exists
|||| "Launch LGDCore" "Logitech Inc." "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE File exists
|||| "Launch LgDeviceAgent" "Logitech Inc." "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" File exists
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
"1&1 SmartDrive" "1&1 Internet AG" C:\Windows\System32\ui11np.dll File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Adobe PDF Port" "Adobe Systems Incorporated." C:\Windows\system32\AdobePDF.dll File exists
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\Windows\system32\mdimon.dll File exists
|| "Redmon" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
"Adobe Acrobat Update Service" (AdobeARMservice) "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe File exists
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
|||||| "Adobe LM Service" (Adobe LM Service) "Adobe Systems" C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
"Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe File exists
"avast! Antivirus" (avast! Antivirus) "AVAST Software" C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File exists
"avast! iAVS4 Control Service" (aswUpdSv) "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" File not found
|||||| "AVM WLAN Connection Service" (AVM WLAN Connection Service) "AVM Berlin" C:\Program Files\avmwlanstick\WlanNetService.exe File exists
"COSIDS_TB" (COSIDS_TB) C:\PROGRA~1\COSIDS\BIN\TbMux32.exe File not found
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Update-Dienst (gupdatem)" (gupdatem) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
"iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
|||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists
|||| "Machine Debug Manager" (MDM) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft Antimalware Service" (MsMpSvc) "Microsoft Corporation" C:\Program Files\Microsoft Security Essentials\MsMpEng.exe File exists
"Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists
"NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) "NVIDIA Corporation" C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe File exists
"NVIDIA Update Service Daemon" (nvUpdatusService) "NVIDIA Corporation" C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Performance Service" (nTuneService) "NVIDIA" C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
"SPAMfighter Update Service" (SPAMfighter Update Service) "SPAMfighter ApS" C:\Program Files\Fighters\SPAMfighter\sfus.exe File exists
"Suite Service" (Suite Service) "SPAMfighter ApS" C:\Program Files\Fighters\FighterSuiteService.exe File exists
"TeamViewer 8" (TeamViewer8) "TeamViewer GmbH" C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe File exists
"TIS 2000 Apache Web Server" (TIS 2000 Apache Web Server) C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe File not found
|||||| "Update Center Service" (UpdateCenterService) "NVIDIA" C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Hoffentlich habe ich für die Erstellung eines Post´s alles beachtet.

Danke für hilfreiche antworten

onitp

 

Themen zu avast hat Rootkit gefunden
.dll, acrobat update, adobe, antivirus, autorun, avast, bho, bonjour, browser, device driver, flash player, flashplayercplapp.cpl, generic, helper, internet, internet explorer, logfile, mozilla, nvidia, performance, plug-in, preferences, registry, registry key, rootkit, security, software, stick, symantec, system, usp10.dll, windows


« Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online | Win7 - TR/Crypt.XPACK.Gen7 »


Ähnliche Themen: avast hat Rootkit gefunden


  1. Windows7, Fehlermeldung von Avast: Rootkit gefunden
    Log-Analyse und Auswertung - 08.02.2015 (25)
  2. Win32:rootkit-gen [RtK] durch Avast gefunden.
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  3. Avast findet Win32:Rootkit-gen
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  4. Avast Rootkit
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (11)
  5. Win32:Rootkit-gen [Rtk] von Avast! gemeldet - Was tun?
    Log-Analyse und Auswertung - 31.12.2014 (3)
  6. Avast: Rootkit: hidden file (Schweregrad: Hoch), Malewarebytes: Keine Bedrohung gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (5)
  7. Avast meldet Rootkit bei neuem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (9)
  8. Avast-Fund: Rootkit IconMan_R ?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2014 (14)
  9. Win32-rootkit-gen von Avast erkannt
    Log-Analyse und Auswertung - 25.04.2014 (11)
  10. Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden
    Log-Analyse und Auswertung - 17.01.2014 (5)
  11. Win32:rootkit-gen [Rtk] von avast! gefunden - Wie werde ich den wieder los?
    Log-Analyse und Auswertung - 19.11.2013 (9)
  12. Rootkit "FlashUpdateService" von Avast! gefunden, zweiter Fund mit ähnlichem Namen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (9)
  13. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  14. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  15. Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (36)
  16. avast! findet Rootkit - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (1)
  17. avast! meldet Bedrohung: Win32:rootkit-gen [Rtk]
    Log-Analyse und Auswertung - 03.12.2010 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema avast hat Rootkit gefunden - Hallo, und schon mal Danke für eure Hilfe. Mein Avast meldet seit vorgestern, dass ein verdächtiges Objekt gefunden wurde. SVC:adatadrv>C:\Windows\system32\Drivers\adatadrv.sys Löschen mit Avast klappt nicht !! HAbe dann mal nach - avast hat Rootkit gefunden...
Archiv
Du betrachtest: avast hat Rootkit gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131