Trojan.Gen von Norton 360 beim Scan gefunden

monaqo

Sorry, Eintrag #2 wurde irrtümlich nochmals aufgelistet (ist aber identisch mit Eintrag #1 - ich kann's aber nicht mehr löschen)

Ich habe hier noch das Ergebnis vom ComboFix, vielleicht kann mir jetzt ja jemand helfen, ob ich noch gefährdet bin bzw. was der Trojaner vorher angerichtet haben könnte:




ComboFix 10-05-08.02 - *** 09.05.2010 10:43:55.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3327.2195 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-09 bis 2010-05-09 ))))))))))))))))))))))))))))))
.

2010-05-09 08:51 . 2010-05-09 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-07 16:37 . 2010-05-07 16:37 -------- d-----w- c:\program files\CCleaner
2010-05-07 10:18 . 2010-05-07 10:18 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-05-07 10:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 10:17 . 2010-05-07 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 10:17 . 2010-05-07 10:17 -------- d-----w- c:\programdata\Malwarebytes
2010-05-07 10:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 10:09 . 2010-05-07 10:09 388096 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-07 10:09 . 2010-05-07 10:09 -------- d-----w- c:\program files\Trend Micro
2010-04-28 05:56 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 05:56 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 05:56 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 09:46 . 2010-04-26 09:46 -------- d-----r- c:\program files\Norton Support
2010-04-21 06:17 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-20 19:09 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 06:38 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:38 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:38 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:38 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:38 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:38 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:35 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 06:35 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 08:40 . 2009-11-03 12:16 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-05-09 08:20 . 2009-11-03 12:19 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-05-08 11:34 . 2009-10-30 15:03 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 11:35 . 2009-11-03 09:29 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2010-05-07 06:58 . 2009-07-14 08:47 649012 ----a-w- c:\windows\system32\perfh007.dat
2010-05-07 06:58 . 2009-07-14 08:47 127832 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 10:31 . 2009-11-03 15:46 -------- d-----w- c:\users\***\AppData\Roaming\ZoomBrowser EX
2010-05-06 10:30 . 2009-11-03 15:42 -------- d-----w- c:\programdata\ZoomBrowser
2010-04-26 10:04 . 2009-12-06 15:23 -------- d-----w- c:\program files\Biet-O-Matic
2010-04-26 10:02 . 2009-12-06 15:23 -------- d-----w- c:\users\***\AppData\Roaming\BOM
2010-04-20 19:09 . 2009-11-10 12:05 -------- d-----w- c:\program files\Java
2010-04-16 06:38 . 2009-11-03 16:22 -------- d-----w- c:\program files\Google
2010-04-07 19:46 . 2009-11-05 13:57 -------- d-----w- c:\program files\WinTV
2010-04-04 08:24 . 2010-04-04 08:24 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 07:41 . 2009-11-03 12:16 -------- d-----r- c:\program files\Skype
2010-04-01 05:58 . 2010-04-01 05:58 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 12:30 . 2009-11-03 09:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-20 07:07 . 2009-11-03 15:47 179576 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-19 12:57 . 2010-03-19 12:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-23 07:56 . 2010-03-31 06:58 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 15:42 . 2009-11-12 15:46 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpot light\SpotlightResources.dll
2010-02-15 17:12 . 2010-02-15 17:12 9326 ----a-w- c:\windows\unins000.dat
2010-02-15 17:10 . 2010-02-15 17:12 981059 ----a-w- c:\windows\unins000.exe
2010-02-12 16:41 . 2010-04-27 06:58 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\Wi nMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"BCSSync"="c:\program files\Microsoft Office Beta\Office14\BCSSync.exe" [2009-09-26 83312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-3 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-02 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-11-09 79360]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office Beta\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-08-07 509760]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcux d.sys [2009-09-23 12800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYME FA.SYS [2009-11-10 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86 .sys [2009-11-10 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx8 6.sys [2009-11-10 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100505.001\IDSvix 86.sys [2009-10-28 343088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [2009-11-10 117640]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-07-13 64000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-11-09 102448]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-07-13 559104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV .SYS [2009-11-10 48688]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-21 1964528]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 413208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 16:22]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 16:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An OneNote s&enden - /105
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(6032)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\System32\npmproxy.dll
.
Zeit der Fertigstellung: 2010-05-09 10:53:33
ComboFix-quarantined-files.txt 2010-05-09 08:53

Vor Suchlauf: 12 Verzeichnis(se), 1.077.493.534.720 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 1.077.427.245.056 Bytes frei

- - End Of File - - 4789107C96782E9DFA4F75664909C771