AVAST findet Bootkit?

matthias2619 · 11.03.2011, 17:19

na gut, da muss ich wohl durch

matthias2619 · 11.03.2011, 17:30

und schon wieder rootkitaktivitäten

der scan wird noch dauern.

matthias2619 · 11.03.2011, 17:41

das ging ja mal richtig schnell dieses mal

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-03-10.04 - Matthias 11.03.2011  17:31:00.6.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1072 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Matthias\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Matthias\Lokale Einstellungen\Temporary Internet Files\9O01H4pe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-11 bis 2011-03-11  ))))))))))))))))))))))))))))))
.
.
2011-03-11 12:57 . 2011-03-11 12:57	--------	d-----r-	C:\MSOCache
2011-03-07 19:32 . 2011-03-07 19:32	--------	d-----w-	C:\_OTL
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-03-11 16:17	--------	d-----w-	C:\Downloads
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 17:56 . 2008-12-08 20:07	219136	----a-w-	c:\windows\system32\uxtheme.dll
2011-02-09 13:53 . 2003-04-02 11:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-04-02 11:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	569344	----a-w-	c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00	491520	----a-w-	c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	245760	----a-w-	c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	200704	----a-w-	c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00	155648	----a-w-	c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	143360	----a-w-	c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00	135168	----a-w-	c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	122880	----a-w-	c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00	118784	----a-w-	c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2011-01-21 14:44 . 2003-04-02 11:00	8503296	----a-w-	c:\windows\system32\shell32_original.dll
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-03-06_23.30.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-11 16:28 . 2011-03-11 16:28	16384              c:\windows\Temp\Perflib_Perfdata_2b8.dat
+ 1999-11-24 17:40 . 1999-11-24 17:40	40960              c:\windows\system32\VBAME.DLL
+ 2011-03-11 13:01 . 2003-06-18 16:31	18944              c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2011-03-11 13:01 . 2003-06-18 16:31	35328              c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2011-03-11 13:01 . 2003-06-18 16:31	35328              c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 1998-03-24 20:54 . 1998-03-24 20:54	15872              c:\windows\system32\SCP32.DLL
- 2003-04-02 11:00 . 2011-03-06 13:36	75660              c:\windows\system32\perfc009.dat
+ 2003-04-02 11:00 . 2011-03-07 19:32	75660              c:\windows\system32\perfc009.dat
+ 1998-08-09 10:07 . 1998-08-09 10:07	94208              c:\windows\system32\MSSTKPRP.DLL
+ 1999-01-26 15:26 . 1999-01-26 15:26	57344              c:\windows\system32\MFC42DEU.DLL
+ 2011-03-11 13:01 . 2003-06-18 16:31	17920              c:\windows\system32\mdimon.dll
+ 2003-07-23 21:39 . 2003-07-23 21:39	36680              c:\windows\system32\FM20DEU.DLL
+ 2011-03-11 14:49 . 2010-06-17 13:27	28520              c:\windows\system32\drivers\ssmdrv.sys
+ 2011-03-11 11:23 . 2009-10-07 14:28	17544              c:\windows\system32\drivers\RkPavproc1.sys
+ 2011-03-11 14:49 . 2010-06-17 13:27	22360              c:\windows\system32\drivers\avgntmgr.sys
+ 2011-03-11 14:49 . 2011-01-10 13:23	61960              c:\windows\system32\drivers\avgntflt.sys
+ 2011-03-11 14:49 . 2010-06-17 13:27	45416              c:\windows\system32\drivers\avgntdd.sys
+ 2011-03-11 13:01 . 2011-03-11 13:01	23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-03-11 13:00 . 2011-03-11 13:00	16384              c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2011-03-11 13:00 . 2011-03-11 13:00	64088              c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 1998-08-18 01:01 . 1998-08-18 01:01	8192              c:\windows\system32\MSPRPDE.DLL
+ 2011-03-11 13:01 . 2011-03-11 13:01	4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-03-11 13:00 . 2011-03-11 13:00	4096              c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2002-08-21 04:13 . 2002-08-21 04:13	189952              c:\windows\system32\WISPTIS.EXE
+ 2011-03-11 13:01 . 2003-06-18 16:31	758784              c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2011-03-11 13:01 . 2003-06-18 16:31	758784              c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2000-04-03 16:52 . 2000-04-03 16:52	151552              c:\windows\system32\RDOCURS.DLL
+ 2003-04-02 11:00 . 2011-03-07 19:32	472566              c:\windows\system32\perfh009.dat
- 2003-04-02 11:00 . 2011-03-06 13:36	472566              c:\windows\system32\perfh009.dat
- 2003-04-02 11:00 . 2011-03-06 13:36	517066              c:\windows\system32\perfh007.dat
+ 2003-04-02 11:00 . 2011-03-07 19:32	517066              c:\windows\system32\perfh007.dat
+ 2003-04-02 11:00 . 2011-03-07 19:32	100516              c:\windows\system32\perfc007.dat
- 2003-04-02 11:00 . 2011-03-06 13:36	100516              c:\windows\system32\perfc007.dat
+ 2011-02-15 19:36 . 2011-01-27 11:57	677888              c:\windows\system32\mstsc.exe
- 2011-02-15 19:36 . 2008-04-14 06:52	677888              c:\windows\system32\mstsc.exe
+ 2000-05-23 21:45 . 2000-05-23 21:45	118784              c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-11 12:06 . 2000-05-11 12:06	397312              c:\windows\system32\MSRDO20.DLL
+ 2002-08-21 04:10 . 2002-08-21 04:10	204800              c:\windows\system32\INKED.DLL
+ 2011-02-15 19:31 . 2011-03-11 13:23	123728              c:\windows\system32\FNTCACHE.DAT
+ 2011-03-11 11:03 . 2011-03-11 11:03	218688              c:\windows\system32\DRVSTORE\dtsoftbus0_AD332A68C56C9C184A01C895333186ADC9235B60\dtsoftbus01.sys
+ 2011-03-10 15:05 . 2011-03-11 11:03	218688              c:\windows\system32\drivers\dtsoftbus01.sys
+ 2011-03-11 14:49 . 2011-01-10 13:23	135096              c:\windows\system32\drivers\avipbb.sys
+ 2003-04-02 11:00 . 2008-06-20 11:51	361600              c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51	361600              c:\windows\system32\dllcache\tcpip.sys
+ 2011-02-09 13:53 . 2011-02-09 13:53	270848              c:\windows\system32\dllcache\sbe.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57	677888              c:\windows\system32\dllcache\lhmstsc.exe
+ 2011-02-09 13:53 . 2011-02-09 13:53	186880              c:\windows\system32\dllcache\encdec.dll
+ 2011-03-11 14:37 . 2011-03-11 14:37	262144              c:\windows\system32\config\systemprofile\NtUser.dat
+ 2011-03-11 13:01 . 2011-03-11 13:01	409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-03-11 13:01 . 2011-03-11 13:01	593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-03-11 13:00 . 2011-03-11 13:00	223800              c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2011-03-11 13:00 . 2011-03-11 13:00	229376              c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2011-03-11 13:00 . 2011-03-11 13:00	110592              c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2011-02-15 19:36 . 2011-02-02 07:58	2067456              c:\windows\system32\mstscax.dll
+ 2003-08-03 09:56 . 2003-08-03 09:56	1146184              c:\windows\system32\FM20.DLL
+ 2011-02-02 07:58 . 2011-02-02 07:58	2067456              c:\windows\system32\dllcache\lhmstscx.dll
+ 2011-03-11 13:01 . 2011-03-11 13:01	5801472              c:\windows\Installer\4569cd.msi
+ 2011-02-15 20:28 . 2011-03-09 15:14	37943240              c:\windows\system32\MRT.exe
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 06:53	110592	------w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\programme\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-01 20:45	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40	180224	----a-w-	c:\programme\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-18 19:05	2423752	----a-w-	c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.03.2011 16:05 218688]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.03.2011 15:49 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.02.2011 13:08 1517376]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [16.02.2011 19:32 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [16.02.2011 19:32 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [16.02.2011 19:32 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [16.02.2011 19:32 100352]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SSMDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Mignet Assistant Service: {83b63cbd-cea5-49e9-5583-baf19ba6c61c} - c:\programme\Mozilla Firefox\extensions\{83b63cbd-cea5-49e9-5583-baf19ba6c61c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-11 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2011-03-11  17:38:55
ComboFix-quarantined-files.txt  2011-03-11 16:38
ComboFix2.txt  2011-03-11 14:20
ComboFix3.txt  2011-03-10 19:31
ComboFix4.txt  2011-03-06 23:44
ComboFix5.txt  2011-03-11 16:21
.
Vor Suchlauf: 10 Verzeichnis(se), 48.867.418.112 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 48.861.384.704 Bytes frei
.
- - End Of File - - EC25B43BC3D162FA8A5162A4735DB004

--- --- ---

AVAST findet Bootkit?

Plagegeister aller Art und deren Bekämpfung: AVAST findet Bootkit?

AVAST findet Bootkit?

AVAST findet Bootkit?

AVAST findet Bootkit?

Ähnliche Themen: AVAST findet Bootkit?

11.03.2011, 17:19	#1
matthias2619	AVAST findet Bootkit? na gut, da muss ich wohl durch

11.03.2011, 17:30	#2
matthias2619	AVAST findet Bootkit? und schon wieder rootkitaktivitäten der scan wird noch dauern. __________________