Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ControlSet002 ?

ControlSet002 ?


Plagegeister aller Art und deren Bekämpfung: ControlSet002 ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2010, 13:15   #1
oraculum
 
ControlSet002 ? - Standard

ControlSet002 ?


So, hier is das CF Log:
Code:
ATTFilter
ComboFix 10-11-21.02 - *** 22.11.2010  12:54:01.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2940.1801 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-10-22 bis 2010-11-22  ))))))))))))))))))))))))))))))
.

2010-11-22 12:00 . 2010-11-22 12:00	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-11-20 09:18 . 2010-11-20 09:18	--------	d-----w-	C:\_OTL
2010-11-19 12:18 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B889C068-1F30-4E05-83D9-CDD87F5F9E37}\mpengine.dll
2010-11-16 12:49 . 2010-11-16 12:49	--------	d-----w-	c:\program files\iPod
2010-11-16 12:49 . 2010-11-16 12:50	--------	d-----w-	c:\program files\iTunes
2010-11-15 17:17 . 2010-11-15 17:17	--------	d-----w-	c:\program files\Gameforge4D
2010-11-08 14:57 . 2010-11-08 14:57	--------	dc----w-	c:\users\***\AppData\Local\MigWiz
2010-11-05 12:23 . 2010-11-05 12:23	--------	d-----w-	c:\program files\JRE
2010-11-04 19:52 . 2010-11-04 19:52	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-10-27 15:52 . 2010-10-27 15:52	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-10-27 15:51 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 15:51 . 2010-10-27 15:51	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-27 15:51 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-27 15:51 . 2010-10-27 15:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-27 13:37 . 2010-11-17 15:26	--------	d-----w-	C:\rsit
2010-10-27 13:35 . 2010-08-04 06:18	641536	----a-w-	c:\windows\system32\CPFilters.dll
2010-10-27 13:35 . 2010-08-04 06:17	417792	----a-w-	c:\windows\system32\msdri.dll
2010-10-27 13:35 . 2010-08-04 06:15	204288	----a-w-	c:\windows\system32\MSNP.ax
2010-10-27 13:35 . 2010-08-04 06:15	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2010-10-27 13:35 . 2010-07-13 05:22	26504	----a-w-	c:\windows\system32\drivers\Diskdump.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 11:40 . 2009-11-02 12:33	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-02 13:38 . 2009-11-02 12:33	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-10-28 11:38 . 2010-05-08 18:16	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2009-12-30 11:45	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-12 16:22 . 2010-10-12 16:21	563008	----a-w-	c:\programdata\Microsoft\VWDExpress\10.0\1031\ResourceCache.dll
2010-10-12 16:01 . 2010-10-12 16:01	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2010-10-12 15:52 . 2010-10-12 15:52	207008	----a-w-	c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2010-10-12 15:47 . 2010-10-12 15:38	188896	----a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2010-09-28 14:44 . 2010-09-28 14:44	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-09-20 19:02 . 2010-09-20 19:02	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2010-09-20 19:02 . 2010-09-20 19:02	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-10-13 06:14	978432	----a-w-	c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 06:14	44544	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 06:14	386048	----a-w-	c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 06:14	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 06:13	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 06:13	2327552	----a-w-	c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 06:13	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 06:13	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-13 06:13	168448	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-13 06:13	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-13 06:13	308736	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-13 06:13	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-08-26 19:06 . 2010-01-13 19:05	1113408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-26 04:39 . 2010-10-13 06:14	109056	----a-w-	c:\windows\system32\t2embed.dll
2010-08-25 17:46 . 2010-08-25 17:46	8198680	----a-w-	c:\windows\system32\TVWSetup.exe
2010-08-25 17:45 . 2010-08-25 17:45	136216	----a-w-	c:\windows\system32\igfxtray.exe
2010-08-25 17:45 . 2010-08-25 17:45	266776	----a-w-	c:\windows\system32\igfxsrvc.exe
2010-08-25 17:45 . 2010-08-25 17:45	170520	----a-w-	c:\windows\system32\igfxpers.exe
2010-08-25 17:45 . 2010-08-25 17:45	179224	----a-w-	c:\windows\system32\igfxext.exe
2010-08-25 17:45 . 2010-08-25 17:45	171032	----a-w-	c:\windows\system32\hkcmd.exe
2010-08-25 17:45 . 2010-08-25 17:45	3156504	----a-w-	c:\windows\system32\GfxUI.exe
2010-08-25 17:39 . 2010-08-25 17:39	81920	----a-w-	c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 17:31 . 2010-08-25 17:31	9024512	----a-w-	c:\windows\system32\drivers\igdkmd32.sys
2010-08-25 17:31 . 2010-02-10 22:50	4967424	----a-w-	c:\windows\system32\igdumd32.dll
2010-08-25 17:28 . 2010-02-10 22:45	571904	----a-w-	c:\windows\system32\igdumdx32.dll
2010-08-25 17:23 . 2009-07-13 22:09	4411904	----a-w-	c:\windows\system32\igd10umd32.dll
2010-08-25 17:09 . 2010-08-25 17:09	11040256	----a-w-	c:\windows\system32\ig4icd32.dll
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrsky.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrslv.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86528	----a-w-	c:\windows\system32\igfxresn.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrtrk.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrsve.lrc
2010-08-25 17:02 . 2010-08-25 17:02	84992	----a-w-	c:\windows\system32\igfxrtha.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrrus.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrptg.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrplk.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrptb.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrnor.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrita.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrhun.lrc
2010-08-25 17:02 . 2010-08-25 17:02	84480	----a-w-	c:\windows\system32\igfxrheb.lrc
2010-08-25 17:02 . 2010-08-25 17:02	82944	----a-w-	c:\windows\system32\igfxrkor.lrc
2010-08-25 17:02 . 2010-08-25 17:02	82944	----a-w-	c:\windows\system32\igfxrjpn.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86528	----a-w-	c:\windows\system32\igfxrfra.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86528	----a-w-	c:\windows\system32\igfxrell.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrnld.lrc
2010-08-25 17:02 . 2010-08-25 17:02	86016	----a-w-	c:\windows\system32\igfxrdeu.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrfin.lrc
2010-08-25 17:02 . 2010-08-25 17:02	85504	----a-w-	c:\windows\system32\igfxrcsy.lrc
2010-08-25 17:02 . 2010-08-25 17:02	84992	----a-w-	c:\windows\system32\igfxrdan.lrc
2010-08-25 17:02 . 2010-08-25 17:02	84480	----a-w-	c:\windows\system32\igfxrara.lrc
2010-08-25 17:02 . 2010-08-25 17:02	81920	----a-w-	c:\windows\system32\igfxrcht.lrc
2010-08-25 17:02 . 2010-08-25 17:02	81920	----a-w-	c:\windows\system32\igfxrchs.lrc
2010-08-25 17:00 . 2010-08-25 17:00	23552	----a-w-	c:\windows\system32\igfxexps.dll
2010-08-25 17:00 . 2010-08-25 17:00	194560	----a-w-	c:\windows\system32\igfxpph.dll
2010-08-25 16:59 . 2010-08-25 16:59	261632	----a-w-	c:\windows\system32\igfxTMM.dll
2010-08-25 16:59 . 2010-08-25 16:59	115200	----a-w-	c:\windows\system32\igfxcpl.cpl
2010-08-25 16:59 . 2010-02-10 22:15	57344	----a-w-	c:\windows\system32\igfxsrvc.dll
2010-08-25 16:59 . 2010-08-25 16:59	130048	----a-w-	c:\windows\system32\igfxdo.dll
2010-08-25 16:59 . 2010-02-10 22:15	94720	----a-w-	c:\windows\system32\hccutils.dll
2010-08-25 16:59 . 2010-08-25 16:59	120320	----a-w-	c:\windows\system32\gfxSrvc.dll
2010-08-25 16:59 . 2010-08-25 16:59	4096	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2010-08-25 16:59 . 2010-08-25 16:59	85504	----a-w-	c:\windows\system32\igfxrenu.lrc
2010-08-25 16:59 . 2010-08-25 16:59	828928	----a-w-	c:\windows\system32\igfxress.dll
2010-08-25 16:59 . 2010-02-10 22:14	228864	----a-w-	c:\windows\system32\igfxdev.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-11-15 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

c:\users\***\Desktop\SAchn\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 22:28	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 12:22	417792	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10	409600	----a-w-	c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15	13351304	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-11 14:26	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07	574864	----a-w-	c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22	103824	----a-w-	c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 XDva289;XDva289;c:\windows\system32\XDva289.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 20:49]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 20:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a0as2qj6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.schuelervz.net/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-22  13:03:23
ComboFix-quarantined-files.txt  2010-11-22 12:03

Vor Suchlauf: 13 Verzeichnis(se), 112.199.860.224 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 112.100.528.128 Bytes frei

- - End Of File - - A5E4075326E86191F40DC6704CB21F52
Aber jetzt geht mein Avira Antivir nicht mehr
Also im Control Center von Avira steht, dass der Guard aktiviert ist, aber in der Startleiste nicht.
Ich starte denn jetzt erstmal PC neu, um zu gucken, ob das denn wieder geht.

Edit :
Ok, jetzt gehts wieder alles

Antwort

Themen zu ControlSet002 ?
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, administratorrechte, antivir, avg, avgntflt.sys, avira, conhost.exe, controlset002, csrss.exe, desktop, dwm.exe, explorer.exe, firefox.exe, forum, home premium, iastor.sys, install.exe, jusched.exe, log, lsass.exe, microsoft, modul, msiexec.exe, notepad.exe, nt.dll, programdata, programm, prozesse, registry, services.exe, skype.exe, software, start menu, starten, studio, svchost.exe, taskhost.exe, trojaner, usb 2.0, versteckte objekte, verweise, video converter, virus gefunden, vista, visual studio, windows, windows 7 home, windows 7 home premium, winlogon.exe, wmp, wscript.exe


« Trojan.Banker - 100 tan Trojaner Commerzbank | Dropper DR/Dldr.CodecPack.sjt.15 (C:\...\Temp\Em3.exe) und daraus Resultierendes »


Zum Thema ControlSet002 ? - So, hier is das CF Log: Code: Alles auswählen Aufklappen ATTFilter ComboFix 10-11-21.02 - *** 22.11.2010 12:54:01.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2940.1801 [GMT 1:00] ausgeführt von:: c:\users\***\Desktop\cofi.exe - ControlSet002 ?...
Archiv
Du betrachtest: ControlSet002 ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131