Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile

sir_neromani · 17.09.2010, 18:19

Es wurde nicht nach einem Neustart gefragt. Nachdem cofi fertig war war lediglich alles geschlossen und eine log.txt war offen: (weil ich vergas das Netzkabel abzustecken? Guard war aus!)

Code:

ATTFilter

ComboFix 10-09-14.04 - hkreich 17.09.2010  18:53:48.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.952.389 [GMT 2:00]
ausgeführt von:: c:\users\hkreich\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\hkreich\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Partner
c:\programdata\Partner\partner.dll
c:\programdata\Partner\partner.exe
c:\users\hkreich\.assistant
c:\users\hkreich\.assistant\contentdb40.ElsterFormular-Bedienung

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-17 bis 2010-09-17  ))))))))))))))))))))))))))))))
.

2010-09-17 17:07 . 2010-09-17 17:07	--------	d-----w-	c:\users\hkreich\AppData\Local\temp
2010-09-17 17:07 . 2010-09-17 17:07	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-17 17:07 . 2010-09-17 17:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-16 10:05 . 2010-09-16 10:05	--------	d-----w-	c:\users\hkreich\NTI-Shadow
2010-09-15 23:36 . 2010-09-07 14:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-09-15 23:36 . 2010-09-07 14:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-15 23:36 . 2010-09-07 14:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-15 23:36 . 2010-09-07 14:52	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-15 23:36 . 2010-09-07 14:47	50768	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-09-15 23:35 . 2010-09-07 15:12	38848	----a-w-	c:\windows\avastSS.scr
2010-09-15 23:35 . 2010-09-07 15:11	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-15 16:10 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 16:10 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 16:09 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 16:09 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-15 15:37 . 2010-09-15 16:04	--------	d-----w-	C:\cofi
2010-09-15 15:14 . 2010-09-15 15:14	--------	d-----w-	c:\program files\CCleaner
2010-09-14 13:54 . 2010-09-14 13:54	--------	d-----w-	c:\users\hkreich\AppData\Roaming\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 13:53 . 2010-09-14 13:53	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-14 13:53 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-14 13:53 . 2010-09-14 13:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-14 12:49 . 2010-09-14 12:49	--------	d-----w-	c:\programdata\Alwil Software
2010-09-14 12:49 . 2010-09-14 12:49	--------	d-----w-	c:\program files\Alwil Software

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 21:47 . 2008-05-25 22:50	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-16 09:03 . 2008-05-26 08:41	690550	----a-w-	c:\windows\system32\perfh007.dat
2010-09-16 09:03 . 2008-05-26 08:41	152516	----a-w-	c:\windows\system32\perfc007.dat
2010-09-16 05:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-14 12:39 . 2009-07-14 16:15	--------	d-----w-	c:\program files\Google
2010-08-29 17:36 . 2010-06-11 18:04	--------	d-----w-	c:\users\hkreich\AppData\Roaming\TeamViewer
2010-06-26 06:05 . 2010-08-13 10:11	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 10:11	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 10:11	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 10:11	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 10:11	2037760	----a-w-	c:\windows\system32\win32k.sys
2008-12-26 18:55 . 2008-12-26 18:55	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\hkreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0b70d1255c3a;Google Update Service (gupdate1ca0b70d1255c3a);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-01 388096]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 08:36]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 08:37]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{C967D5E2-CDAE-4CA2-84DD-ADBC5CF5A5DC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1208&m=extensa_5230
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-17 19:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-17  19:12:21
ComboFix-quarantined-files.txt  2010-09-17 17:12
ComboFix2.txt  2010-09-15 16:04

Vor Suchlauf: 16 Verzeichnis(se), 46.101.094.400 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 46.069.538.816 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 82AABB152B2210E534B1E72114B1C5AC

Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile

Log-Analyse und Auswertung: Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile

Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile

Ähnliche Themen: Trojan.BHO C:\ProgramData\Partner\partner.dll hijackthis & mbam logfile