Bundestrojaner wurde mit Avira Rescue CD entfernet vor ein paar Wochen. Jetzt kommt "AntiVirus Antispyware 2011"
Hier die Combofix log Datei
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-05-11.01 - Ludwig 13.05.2011 16:36:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2046.1515 [GMT 2:00]
ausgeführt von:: i:\tools\Anti Spyware\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\blyadstvoeb
C:\cleansweep.exe
c:\cleansweep.exe\config.bin
C:\fukkuukkkk.exe
c:\fukkuukkkk.exe\config.bin
C:\micenatxxx.exe
c:\micenatxxx.exe\config.bin
C:\msixxxxxxx.exe
c:\msixxxxxxx.exe\config.bin
C:\skdfhiosjhf
c:\skdfhiosjhf\config.bin
c:\users\Ludwig\AppData\Roaming\Abunmo
c:\users\Ludwig\AppData\Roaming\Abunmo\zaitb.wai
c:\users\Ludwig\AppData\Roaming\Adobe\Update\flacor.dat
c:\users\Ludwig\AppData\Roaming\Agpo
c:\users\Ludwig\AppData\Roaming\Agpo\edros.osc
c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011
c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\users\Ludwig\AppData\Roaming\Atla
c:\users\Ludwig\AppData\Roaming\Atla\ybup.izb
c:\users\Ludwig\AppData\Roaming\Bekaiq
c:\users\Ludwig\AppData\Roaming\Bekaiq\atma.efg
c:\users\Ludwig\AppData\Roaming\Dovu\uvvap.exe
c:\users\Ludwig\AppData\Roaming\Ecpoe
c:\users\Ludwig\AppData\Roaming\Ecpoe\elefv.vyp
c:\users\Ludwig\AppData\Roaming\Efex
c:\users\Ludwig\AppData\Roaming\Efex\kigy.ewe
c:\users\Ludwig\AppData\Roaming\Egka
c:\users\Ludwig\AppData\Roaming\Egka\ygoq.zuu
c:\users\Ludwig\AppData\Roaming\Endao\iknak.exe
c:\users\Ludwig\AppData\Roaming\Eqwo
c:\users\Ludwig\AppData\Roaming\Eqwo\umryy.ruk
c:\users\Ludwig\AppData\Roaming\Gegiop
c:\users\Ludwig\AppData\Roaming\Gegiop\hyirm.uda
c:\users\Ludwig\AppData\Roaming\Ikkuro
c:\users\Ludwig\AppData\Roaming\Ikkuro\uslia.oqr
c:\users\Ludwig\AppData\Roaming\Ivehha
c:\users\Ludwig\AppData\Roaming\Ivehha\ogti.oxf
c:\users\Ludwig\AppData\Roaming\Lelaa\hixaf.exe
c:\users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011\Activate AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011\Help AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus AntiSpyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk
c:\users\Ludwig\AppData\Roaming\Ogqi\ortu.exe
c:\users\Ludwig\AppData\Roaming\Ogva
c:\users\Ludwig\AppData\Roaming\Ogva\aculp.nuo
c:\users\Ludwig\AppData\Roaming\Qifoad
c:\users\Ludwig\AppData\Roaming\Qifoad\uswo.leu
c:\users\Ludwig\AppData\Roaming\Qoon
c:\users\Ludwig\AppData\Roaming\Qoon\ocfy.uqe
c:\users\Ludwig\AppData\Roaming\Qoxau
c:\users\Ludwig\AppData\Roaming\Qoxau\ikop.iqa
c:\users\Ludwig\AppData\Roaming\Siif
c:\users\Ludwig\AppData\Roaming\Siif\aksyr.qai
c:\users\Ludwig\AppData\Roaming\Soha
c:\users\Ludwig\AppData\Roaming\Soha\fiin.oke
c:\users\Ludwig\AppData\Roaming\Tafyy
c:\users\Ludwig\AppData\Roaming\Tafyy\hiava.bic
c:\users\Ludwig\AppData\Roaming\TrusteerHelp
c:\users\Ludwig\AppData\Roaming\TrusteerHelp\spuninst.inf
c:\users\Ludwig\AppData\Roaming\Ulmil\isga.exe
c:\users\Ludwig\AppData\Roaming\Upepv\akwy.exe
c:\users\Ludwig\AppData\Roaming\usernt.dat
c:\users\Ludwig\AppData\Roaming\Utnoyg
c:\users\Ludwig\AppData\Roaming\Utnoyg\hieko.oqp
c:\users\Ludwig\AppData\Roaming\Uwwigo
c:\users\Ludwig\AppData\Roaming\Uwwigo\iqil.pax
c:\users\Ludwig\AppData\Roaming\Vidi
c:\users\Ludwig\AppData\Roaming\Vidi\izar.eso
c:\users\Ludwig\AppData\Roaming\Wivo
c:\users\Ludwig\AppData\Roaming\Wivo\isdo.hom
c:\users\Ludwig\AppData\Roaming\Wyax
c:\users\Ludwig\AppData\Roaming\Wyax\okqo.waq
c:\users\Ludwig\AppData\Roaming\Ymor
c:\users\Ludwig\AppData\Roaming\Ymor\duucy.xeh
c:\users\Ludwig\AppData\Roaming\Zezy
c:\users\Ludwig\AppData\Roaming\Zezy\ipar.tac
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-13 bis 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 14:39 . 2011-05-13 14:39 -------- d-----w- c:\users\Ludwig\AppData\Local\temp
2011-05-13 14:39 . 2011-05-13 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 06:56 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAFB8690-E99A-4A8C-B945-763124259A6A}\mpengine.dll
2011-05-12 10:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 10:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 18:11 . 2011-05-13 15:31 -------- d-----w- c:\users\Ludwig\AppData\Roaming\6148514
2011-04-15 10:24 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 10:23 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 10:23 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 10:23 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 10:22 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 10:19 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 10:19 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 10:18 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 10:18 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 10:18 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 10:18 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 06:56 . 2010-05-19 16:40 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-13 06:56 . 2010-05-19 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-13 06:56 . 2010-06-07 16:17 1152832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-23 18:09 . 2010-05-10 11:13 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 05:33 . 2011-03-09 10:25 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:25 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:25 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Objmfc"="c:\users\Ludwig\AppData\Roaming\Adobe\Update\mmcset.exe" [2010-10-26 4]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\Ludwig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-26 273960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Ludwig\AppData\Roaming\Mozilla\Firefox\Profiles\q4k7m4uc.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Getdo - (no file)
HKCU-Run-{BF9A18E4-5843-5E4F-3ABF-C6EF18ADEFBF} - c:\users\Ludwig\AppData\Roaming\Endao\iknak.exe
HKCU-Run-{B817CF98-CB40-428B-465E-982776DD58AB} - c:\users\Ludwig\AppData\Roaming\Ulmil\isga.exe
HKCU-Run-{7F6C6926-B48D-01EF-DEAC-9EFEDEC60303} - c:\users\Ludwig\AppData\Roaming\Upepv\akwy.exe
HKCU-Run-{6F0FB030-3FF1-7317-F9A4-4B9D71C3402C} - c:\users\Ludwig\AppData\Roaming\Lelaa\hixaf.exe
HKCU-Run-{8F43634B-10DB-6FF4-EA69-4DEA6D0E16CC} - c:\users\Ludwig\AppData\Roaming\Ogqi\ortu.exe
HKCU-Run-{CF7670D9-9CF1-8C38-6D24-AEED12F68CBB} - c:\users\Ludwig\AppData\Roaming\Dovu\uvvap.exe
HKCU-Run-34D27A2BD4720CD8 - c:\skdfhiosjhf\skdfhiosjhf.exe
HKCU-Run-AntiVirus AntiSpyware 2011 - c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
HKCU-Run-AntiVirus AntiSpyware 2011 Security - c:\users\Ludwig\AppData\Roaming\AntiVirus AntiSpyware 2011\securitymanager.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-13 16:40:43
ComboFix-quarantined-files.txt 2011-05-13 14:40
.
Vor Suchlauf: 10 Verzeichnis(se), 471.364.673.536 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 471.174.496.256 Bytes frei
.
- - End Of File - - 1DA83EEE196154E5BCF53D13A70303A2
Was empehlt ihr?
Vielen Dank
13.05.2011, 15:45
Baum-Darstellung