Winrar crc fehler + und pc absturz virus??

john.doe · 16.05.2009, 21:28

Zitat:

ich glaub die ist im HKEY CLASSES ROOT zu finden

Das ist keine Datei sondern ein Registryeintrag, der wurde von Avira angelegt, geschützt und lässt sich deshalb nicht löschen. Das ist schon in Ordnung so.

Poste bitte nochmal ein aktuelles HJT-Log.

Gleich im Anschluß: http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3 der Anleitung)

ciao, andreas

Niralei · 16.05.2009, 23:40

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 2 months======

2009-05-17 01:32:34 ----D---- C:\rsit
2009-05-17 01:29:54 ----D---- C:\WINDOWS\temp
2009-05-17 01:29:53 ----A---- C:\ComboFix.txt
2009-05-17 01:26:20 ----A---- C:\WINDOWS\zip.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\vFind.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWSC.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWREG.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\sed.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\grep.exe
2009-05-17 01:26:14 ----D---- C:\ComboFix
2009-05-17 01:22:59 ----D---- C:\WINDOWS\ERDNT
2009-05-17 01:22:52 ----D---- C:\Qoobox
2009-05-17 01:03:46 ----SHD---- C:\Config.Msi
2009-05-16 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 23:34:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-16 23:34:11 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 23:28:36 ----D---- C:\Program Files\Microsoft
2009-05-16 23:28:21 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 23:27:59 ----D---- C:\Program Files\Windows Live
2009-05-16 23:25:58 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-16 15:20:53 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-05-16 15:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 15:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-16 15:08:03 ----D---- C:\Program Files\CCleaner
2009-05-15 03:25:37 ----D---- C:\Program Files\Trend Micro
2009-05-14 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-14 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-14 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-14 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-14 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 19:15:45 ----D---- C:\Program Files\LucasArts
2009-04-23 23:56:28 ----D---- C:\Documents and Settings\USER\Application Data\Software Informer
2009-04-15 20:24:27 ----D---- C:\Documents and Settings\USER\Application Data\DisplayTune
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcp70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvbvm60.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc70.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcp80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcm80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\ijl15.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\atl80.dll
2009-04-15 20:23:42 ----D---- C:\Program Files\Portrait Displays
2009-04-15 20:23:42 ----D---- C:\Program Files\Common Files\Portrait Displays
2009-04-05 03:22:08 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-05 03:22:06 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 2 months======

2009-05-17 01:32:48 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 01:31:45 ----D---- C:\Documents and Settings\USER\Application Data\Free Download Manager
2009-05-17 01:29:55 ----D---- C:\WINDOWS\system32
2009-05-17 01:29:54 ----D---- C:\WINDOWS
2009-05-17 01:28:39 ----A---- C:\WINDOWS\system.ini
2009-05-17 01:27:55 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 01:27:55 ----D---- C:\WINDOWS\AppPatch
2009-05-17 01:27:51 ----D---- C:\Program Files\Common Files
2009-05-17 01:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 01:26:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 01:26:25 ----D---- C:\WINDOWS\Prefetch
2009-05-17 01:26:19 ----SHD---- C:\System Volume Information
2009-05-17 01:26:19 ----D---- C:\WINDOWS\system32\Restore
2009-05-17 01:17:11 ----D---- C:\Downloads
2009-05-17 01:03:47 ----SHD---- C:\WINDOWS\Installer
2009-05-17 00:53:59 ----RD---- C:\Program Files
2009-05-16 23:28:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-16 23:28:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 23:27:47 ----HD---- C:\WINDOWS\inf
2009-05-16 23:25:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 23:15:48 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:58:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-05-16 20:58:18 ----SD---- C:\WINDOWS\Tasks
2009-05-16 20:57:42 ----D---- C:\Program Files\VideoLAN
2009-05-16 20:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-16 20:54:26 ----D---- C:\Program Files\Java
2009-05-16 16:14:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-16 15:10:16 ----D---- C:\WINDOWS\Debug
2009-05-16 03:58:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-15 22:45:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-15 21:11:51 ----D---- C:\Program Files\WinRAR
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-14 23:37:55 ----D---- C:\Documents and Settings\USER\Application Data\Real
2009-05-14 23:26:30 ----D---- C:\Program Files\Steam
2009-05-14 14:17:51 ----D---- C:\Program Files\KalOnlineEng
2009-05-14 04:58:55 ----D---- C:\Program Files\ICQToolbar
2009-05-14 04:51:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-14 04:50:10 ----D---- C:\WINDOWS\WinSxS
2009-05-14 04:47:07 ----D---- C:\WINDOWS\system32\wbem
2009-05-14 04:47:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 03:07:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-14 03:06:55 ----D---- C:\WINDOWS\system32\el-gr
2009-05-14 03:06:55 ----D---- C:\Program Files\Internet Explorer
2009-05-14 03:05:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-13 21:01:41 ----A---- C:\WINDOWS\win.ini
2009-05-13 15:04:34 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2009-05-13 13:34:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-10 02:48:43 ----D---- C:\WINDOWS\Help
2009-05-07 15:09:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-07 02:50:28 ----D---- C:\DaViDeo3.PRO
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 19:50:03 ----D---- C:\download
2009-05-01 01:36:36 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-05-01 01:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 17:08:08 ----D---- C:\Program Files\Electronic Arts
2009-04-23 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-23 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-04-07 13:38:32 ----RD---- C:\eigene dateien
2009-03-25 18:01:02 ----D---- C:\Program Files\DC++
2009-03-21 17:18:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 20:55:12 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Πρόγραμμα οδήγησης πληκτρολογίου HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-04 14976]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-04 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-04 25416]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-05-13 9632]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Πρόγραμμα οδήγησης τυπικού διανομέα USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys []
S3 aci25k6t;aci25k6t; C:\WINDOWS\system32\drivers\aci25k6t.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Αποκωδικοποιητής κωδικοποιημένων υπότιτλων; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Σύνδεση τηλεόρασης/βίντεο της Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-15 189472]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-01-30 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-11-06 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 WMPNetworkSvc;Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 922112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Winrar crc fehler + und pc absturz virus??

Log-Analyse und Auswertung: Winrar crc fehler + und pc absturz virus??

Winrar crc fehler + und pc absturz virus??

Winrar crc fehler + und pc absturz virus??

Ähnliche Themen: Winrar crc fehler + und pc absturz virus??