Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Recycler Problem (https://www.trojaner-board.de/71168-recycler-problem.html)

Blascowitz 18.03.2009 17:48
Recycler Problem
 
Hallo,

ich habe mir wohl gestern einen Trojaner eingefangen. Beim Doppelclick auf C bzw D kam die Fehlermeldung "recycler\s-4-4................. kann nicht gefunden werden. Nachdem ich mich hier im Forum umgeschaut hatte, wusste ich das ich wohl einen Trojaner auf dem Rechner habe. Also habe ich mal Combofix durchlaufen lassen. Nachfolgend das Log-File:
Code:
ComboFix 09-03-15.01 - *** 2009-03-17 15:09:22.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1031.18.1014.603 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\dokume~1\***\LOKALE~1\Temp\tmp1.tmp
c:\dokume~1\***\LOKALE~1\Temp\tmp2.tmp
c:\recycler\S-5-3-75-100030457-100009915-100009377-2825.com
c:\windows\system32\drivers\gaopdxwewipfqjpyxgnoexmedwqvxodqqoirpy.sys
c:\windows\system32\drivers\gaopdxwtmoyxvkkltfujriuirqthoowprrwbvq.sys
c:\windows\system32\drivers\gaopdxxujvwwwupxetltgiutmpfmxudjoktnil.sys
c:\windows\system32\gaopdxcbltqgulkmoymfowputehmtakcplswrr.dll
c:\windows\system32\gaopdxcounter
c:\windows\Temp\log.txt
D:\Autorun.inf
d:\recycler\S-2-9-38-100005238-100010724-100026842-3118.com
d:\recycler\S-5-3-75-100030457-100009915-100009377-2825.com
d:\recycler\S-7-3-44-100007986-100028594-100022396-5651.com

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


(((((((((((((((((((((((  Dateien erstellt von 2009-02-17 bis 2009-03-17  ))))))))))))))))))))))))))))))
.

2009-03-17 15:00 . 2009-03-17 15:00        <DIR>        d--------        c:\programme\CleanUp!
2009-03-17 14:43 . 2009-03-17 14:43        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware
2009-03-17 14:43 . 2009-03-17 14:43        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-03-17 14:43 . 2009-02-11 10:19        38,496        --a------        c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 14:43 . 2009-02-11 10:19        15,504        --a------        c:\windows\system32\drivers\mbam.sys
2009-03-17 08:27 . 2009-03-17 08:27        <DIR>        d--------        C:\PSFONTS
2009-03-17 08:27 . 2009-03-17 08:29        <DIR>        d--------        c:\programme\Finale NotePad 2008
2009-03-16 18:12 . 2009-03-16 18:13        <DIR>        d--------        C:\Serien
2009-03-08 14:06 . 2009-03-15 13:41        <DIR>        d--------        c:\programme\Vampire Die Maskerade - Redemption
2009-03-08 13:19 . 2009-03-08 13:19        <DIR>        d--------        c:\programme\Microsoft Games
2009-03-05 18:00 . 2009-03-05 18:00        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallShield
2009-03-04 14:38 . 2009-03-04 14:38        <DIR>        d--------        C:\watcom-1.3
2009-03-04 14:38 . 2009-03-04 14:38        212,992        --a------        c:\windows\system32\WMIMPLEX.dll
2009-03-04 14:38 . 2009-03-04 14:38        40,960        --a------        c:\windows\system32\maplec.dll
2009-03-04 14:38 . 2009-03-04 14:38        20,480        --a------        c:\windows\system32\maplecompat.dll
2009-03-04 14:36 . 2009-03-04 14:36        <DIR>        d--h-----        c:\programme\Zero G Registry
2009-03-04 14:36 . 2009-03-04 14:36        <DIR>        d--h-----        c:\dokumente und einstellungen\***\InstallAnywhere
2009-03-04 09:34 . 2009-03-04 14:46        <DIR>        d--------        c:\windows\SxsCaPendDel
2009-03-02 17:52 . 2009-03-03 11:01        <DIR>        d--------        c:\programme\DivX
2009-03-02 17:49 . 2009-03-02 17:49        <DIR>        d--------        c:\programme\XviD
2009-03-02 17:48 . 2009-03-17 08:27        <DIR>        d--------        C:\Downloads
2009-02-25 08:18 . 2008-07-30 17:42        23,888        --a------        c:\windows\system32\drivers\COH_Mon.sys
2009-02-25 08:18 . 2008-07-30 17:28        10,537        --a------        c:\windows\system32\drivers\COH_Mon.cat
2009-02-25 08:18 . 2008-07-30 17:28        706        --a------        c:\windows\system32\drivers\COH_Mon.inf
2009-02-24 17:34 . 2009-03-05 09:20        <DIR>        d--------        C:\DeusEx
2009-02-23 23:39 . 2009-02-23 23:39        <DIR>        d--------        c:\programme\MSXML 4.0
2009-02-23 12:18 . 2009-02-23 12:18        <DIR>        d--------        c:\programme\TeXnicCenter
2009-02-23 12:18 . 2008-08-02 11:58        82,432        --a------        c:\windows\system32\msxml4r.dll
2009-02-23 12:18 . 2008-08-02 11:58        44,544        --a------        c:\windows\system32\msxml4a.dll
2009-02-23 12:15 . 2009-02-23 12:15        <DIR>        d--------        c:\dokumente und einstellungen\***\Anwendungsdaten\MiKTeX
2009-02-23 12:07 . 2009-02-23 12:13        <DIR>        d--------        c:\programme\MiKTeX 2.7
2009-02-23 11:45 . 2009-03-17 14:05        <DIR>        d--------        c:\dokumente und einstellungen\***\Anwendungsdaten\skypePM
2009-02-23 11:45 . 2009-02-23 11:45        56        --ah-----        c:\windows\system32\ezsidmv.dat
2009-02-23 11:42 . 2009-03-17 14:07        <DIR>        d--------        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2009-02-23 11:41 . 2009-02-23 11:41        <DIR>        dr-------        c:\programme\Skype
2009-02-23 11:41 . 2009-02-23 11:41        <DIR>        d--------        c:\programme\Gemeinsame Dateien\Skype
2009-02-23 11:40 . 2009-02-23 11:41        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-02-21 10:15 . 2009-02-21 10:33        <DIR>        d--------        c:\programme\Dark2
2009-02-21 10:15 . 2000-05-18 16:26        328,704        --a------        c:\windows\IsUn0407.exe
2009-02-20 00:39 . 2007-06-29 04:45        183,056        --a------        c:\windows\UNINST32.EXE
2009-02-20 00:39 . 2006-01-20 22:42        17,408        --a------        c:\windows\system32\drivers\DKbFltr.SYS
2009-02-20 00:39 . 2004-12-09 20:04        5,120        --a------        c:\windows\system32\FILTRCOI.DLL
2009-02-20 00:39 . 2008-01-16 19:17        5,088        --ahs----        C:\Patch.rev
2009-02-20 00:36 . 2009-02-19 15:41        <DIR>        d--------        c:\windows\modem
2009-02-20 00:36 . 2007-04-21 09:22        3,072,056        --a------        c:\windows\ACERTX.bmp
2009-02-20 00:36 . 2007-09-21 05:26        1,123,328        --a------        c:\windows\system32\drivers\BCMWL5.SYS
2009-02-20 00:36 . 2006-12-22 19:56        988,800        --a------        c:\windows\system32\drivers\HSF_DPV.sys
2009-02-20 00:36 . 2006-12-22 19:55        730,112        --a------        c:\windows\system32\drivers\HSF_CNXT.sys
2009-02-20 00:36 . 2006-12-22 19:56        209,664        --a------        c:\windows\system32\drivers\HSFHWAZL.sys
2009-02-20 00:36 . 2006-12-21 01:37        176,128        --a------        c:\windows\system32\UCI32M16.dll
2009-02-20 00:36 . 2006-12-22 23:04        144,201        --a------        c:\windows\system32\drivers\HSFProf.cty
2009-02-20 00:36 . 2006-06-19 22:26        94,208        --a------        c:\windows\system32\mdmxsdk.dll
2009-02-20 00:36 . 2006-06-19 22:26        12,672        --a------        c:\windows\system32\drivers\mdmxsdk.sys
2009-02-20 00:35 . 2009-02-19 15:41        <DIR>        d--------        c:\windows\VGA
2009-02-20 00:35 . 2009-02-19 15:41        <DIR>        d--------        c:\windows\Lan
2009-02-20 00:35 . 2007-04-20 17:31        131,072        --a------        c:\windows\PRELAUNCH.EXE
2009-02-20 00:35 . 2009-02-20 00:35        38        --a------        c:\windows\PreLaunch.ini
2009-02-19 19:53 . 2009-02-19 19:53        <DIR>        d--------        c:\dokumente und einstellungen\***\Anwendungsdaten\vlc
2009-02-19 19:50 . 2009-02-19 19:50        <DIR>        d--------        c:\programme\VideoLAN
2009-02-19 18:28 . 2009-02-19 18:28        4,096        --a------        c:\windows\d3dx.dat
2009-02-19 18:26 . 2008-06-14 18:32        273,024        ---------        c:\windows\system32\dllcache\bthport.sys
2009-02-19 18:23 . 2008-10-16 02:00        671,744        ---------        c:\windows\system32\dllcache\wininet.dll
2009-02-19 18:22 . 2008-10-16 02:00        1,499,136        ---------        c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 18:22 . 2008-10-16 02:00        620,544        ---------        c:\windows\system32\dllcache\urlmon.dll
2009-02-19 18:18 . 2008-08-14 14:19        2,191,488        ---------        c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-19 18:18 . 2008-08-14 14:19        2,147,840        ---------        c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-19 18:18 . 2008-08-14 14:19        2,068,352        ---------        c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-19 18:18 . 2008-08-14 14:19        2,026,496        ---------        c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-19 18:18 . 2009-02-09 15:04        1,846,912        ---------        c:\windows\system32\dllcache\win32k.sys
2009-02-19 18:17 . 2008-12-12 18:01        3,088,896        ---------        c:\windows\system32\dllcache\mshtml.dll
2009-02-19 18:14 . 2008-10-24 12:21        455,296        ---------        c:\windows\system32\dllcache\mrxsmb.sys
2009-02-19 18:14 . 2008-05-08 15:02        203,136        ---------        c:\windows\system32\dllcache\rmcast.sys
2009-02-19 18:13 . 2008-04-11 20:04        691,712        ---------        c:\windows\system32\dllcache\inetcomm.dll
2009-02-19 18:13 . 2008-12-11 11:57        333,952        ---------        c:\windows\system32\dllcache\srv.sys
2009-02-19 18:13 . 2008-05-01 15:34        331,776        ---------        c:\windows\system32\dllcache\msadce.dll
2009-02-19 18:10 . 2009-02-19 18:15        10,635        --a------        c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-19 18:10 . 2009-02-19 18:15        806        --a------        c:\windows\system32\drivers\SYMEVENT.INF
2009-02-19 18:05 . 2008-09-04 18:15        1,106,944        ---------        c:\windows\system32\dllcache\msxml3.dll
2009-02-19 18:05 . 2008-10-15 17:35        337,408        ---------        c:\windows\system32\dllcache\netapi32.dll
2009-02-19 16:44 . 2009-02-19 16:44        <DIR>        d--------        c:\windows\system32\de
2009-02-19 16:41 . 2009-02-19 16:45        <DIR>        d--------        c:\windows\ServicePackFiles
2009-02-19 16:40 . 2008-04-14 07:52        294,912        ---------        c:\windows\system32\dllcache\dlimport.exe
2009-02-19 16:36 . 2006-12-29 00:31        19,569        --a------        c:\windows\002815_.tmp
2009-02-19 16:26 . 2009-02-19 16:26        0        --a------        c:\windows\nsreg.dat
2009-02-19 16:06 . 2009-02-19 16:06        <DIR>        d--------        c:\programme\JoWooD
2009-02-19 16:02 . 2009-02-19 16:02        88        --a------        c:\windows\GridV.UNI
2009-02-19 16:01 . 2007-06-05 22:25        192,512        --a------        c:\windows\system32\igfxres.dll
2009-02-19 15:59 . 2009-03-17 14:46        <DIR>        d--------        c:\programme\Launch Manager
2009-02-19 15:59 . 2009-02-19 15:59        79        --a------        c:\windows\LManager.UNI
2009-02-19 15:58 . 2007-04-13 11:51        321,024        --a------        c:\windows\system32\ERUpdateHidden.EXE
2009-02-19 15:58 . 2006-03-23 12:02        258,048        --a------        c:\windows\system32\Uninstall_eRecovery.exe
2009-02-19 15:58 . 2006-03-30 13:06        258,048        --a------        c:\windows\system32\CheckD2DSystem.exe
2009-02-19 15:58 . 2004-11-03 09:06        159,744        --a------        c:\windows\system32\CloseProcessWindow.dll
2009-02-19 15:58 . 2005-12-09 09:12        16,384        --a------        c:\windows\system32\ClearEvent.exe
2009-02-19 15:58 . 2007-12-10 17:59        14,544        --a------        c:\windows\system32\drivers\TVicPort.sys
2009-02-19 15:58 . 2007-12-10 17:59        14,120        --a------        c:\windows\system32\drivers\int15.sys
2009-02-19 15:58 . 2007-12-10 17:59        8,704        --a------        c:\windows\system32\drivers\TVicPort64.sys
2009-02-19 15:58 . 2007-12-10 17:59        8,704        --a------        c:\windows\system32\drivers\int15_64.sys
2009-02-19 15:58 . 2007-12-10 17:59        6,144        --a------        c:\windows\system32\drivers\zntport64.sys
2009-02-19 15:58 . 2007-12-10 17:59        6,080        --a------        c:\windows\system32\drivers\zntport.sys
2009-02-19 15:58 . 2006-02-24 11:28        552        --a------        c:\windows\system32\setup.iss
2009-02-19 15:57 . 2009-02-19 15:57        <DIR>        d--------        c:\windows\Downloaded Installations
2009-02-19 15:57 . 2006-07-20 10:33        65,536        --a------        c:\windows\system32\NATTraversal.dll
2009-02-19 15:56 . 2005-04-07 18:08        78,208        --a------        c:\windows\system32\drivers\epm-shd.sys
2009-02-19 15:56 . 2007-03-06 14:58        57,344        --a------        c:\windows\system32\acpimof.dll
2009-02-19 15:56 . 2006-02-16 15:39        45,056        --a------        c:\windows\system32\Epm-Po.dll
2009-02-19 15:56 . 2004-07-19 13:10        4,096        --a------        c:\windows\system32\drivers\epm-psd.sys
2009-02-19 15:55 . 2007-04-26 07:45        631        ---------        C:\PDVD.iss
2009-02-19 15:54 . 2009-02-19 15:54        <DIR>        d--------        C:\Acer
2009-02-19 15:54 . 2007-07-12 09:30        618,496        --a------        c:\windows\system32\Acer.Empowering.Windows.Forms.dll
2009-02-19 15:54 . 2006-06-13 14:42        602,112        --a------        c:\windows\system32\Acer.Empowering.Windows.Forms_v820.dll
2009-02-19 15:54 . 2006-05-25 18:18        331,776        --a------        c:\windows\system32\ScrollBarLib.dll
2009-02-19 15:54 . 2006-02-22 11:19        69,632        --a------        c:\windows\system32\eRecUtil.dll
2009-02-19 15:54 . 2007-07-12 09:30        53,248        --a------        c:\windows\system32\Interop.Shell32.dll
2009-02-19 15:54 . 2006-04-18 19:54        49,152        --a------        c:\windows\system32\SysMonitor.exe
2009-02-19 15:53 . 2009-02-19 16:17        <DIR>        d--------        c:\programme\Yahoo!
2009-02-19 15:53 . 2007-09-07 19:56        110,592        --a------        c:\windows\system32\SynTPCo4.dll
2009-02-19 15:52 . 2009-02-19 15:52        <DIR>        d--------        c:\windows\ACER
2009-02-19 15:52 . 2007-04-18 22:02        36,909,056        --a------        c:\windows\system32\acer.scr
2009-02-19 15:52 . 2007-05-16 16:48        7,734,011        --a------        c:\windows\system32\acer.exe
2009-02-19 15:51 . 2007-06-13 20:55        400,152        --a------        c:\windows\system32\igxpun.exe
2009-02-19 15:51 . 2006-01-23 19:29        121,232        --a------        c:\windows\system32\IScrNBR.bmp
2009-02-19 15:51 . 2006-01-23 19:29        121,232        --a------        c:\windows\system32\IScrNB.bmp

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 14:01        ---------        d-----w        c:\programme\Gemeinsame Dateien\Symantec Shared
2009-03-17 13:55        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec
2009-03-08 12:16        ---------        d--h--w        c:\programme\InstallShield Installation Information
2009-03-04 08:34        ---------        d-----w        c:\programme\Gemeinsame Dateien\Adobe
2009-02-25 13:17        ---------        d-----w        c:\programme\Norton Internet Security
2009-02-19 23:15        ---------        d-----w        c:\programme\Synaptics
2009-02-19 23:15        ---------        d-----w        c:\programme\Realtek
2009-02-19 23:15        ---------        d-----w        c:\programme\Online-Dienste
2009-02-19 23:14        ---------        d-----w        c:\programme\Microsoft.NET
2009-02-19 23:13        ---------        d-----w        c:\programme\Microsoft SQL Server
2009-02-19 23:13        ---------        d-----w        c:\programme\Microsoft Small Business
2009-02-19 23:09        ---------        d-----w        c:\programme\microsoft frontpage
2009-02-19 23:09        ---------        d-----w        c:\programme\Intel
2009-02-19 23:05        ---------        d-----w        c:\programme\Gemeinsame Dateien\LightScribe
2009-02-19 23:05        ---------        d-----w        c:\programme\Gemeinsame Dateien\InstallShield
2009-02-19 23:05        ---------        d-----w        c:\programme\Gemeinsame Dateien\Dienste
2009-02-19 23:04        ---------        d-----w        c:\programme\Broadcom
2009-02-19 23:03        ---------        d-----w        c:\programme\Activation Assistant for the 2007 Microsoft Office suites
2009-02-19 22:51        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-02-19 22:51        ---------        d-----w        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\InstallShield
2009-02-19 17:15        60,808        ----a-w        c:\windows\system32\S32EVNT1.DLL
2009-02-19 17:15        124,464        ----a-w        c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-19 17:15        ---------        d-----w        c:\programme\Symantec
2009-02-19 15:28        ---------        d-----w        c:\programme\NewTech Infosystems
2009-02-19 15:22        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-02-19 15:01        ---------        d-----w        c:\programme\Acer Inc
2009-02-19 14:55        ---------        d-----w        c:\programme\CyberLink
2009-02-09 14:04        1,846,912        ----a-w        c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-20 20480]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1015808]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-05-02 84640]
"osCheck"="c:\programme\Norton Internet Security\osCheck.exe" [2007-05-02 26248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SynTPStart"="c:\programme\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2009-02-19 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-05-02 198336]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - COMHOST
.
Inhalt des "geplante Tasks" Ordners

2009-03-13 c:\windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - ***.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-02 18:03]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://de.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\noibywho.default\
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 15:11:36
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-03-17 15:12:41
ComboFix-quarantined-files.txt  2009-03-17 14:12:39

Vor Suchlauf: 23 Verzeichnis(se), 61,546,434,560 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 61,601,517,568 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

280        --- E O F ---        2009-03-15 17:01:32
Danach hab ich nochmal Antimalware und Norton durchlaufen lassen, haben beide nichts gefunden. Passwörter wurden geändert. Ich würde nur gerne um das Neuaufsetzen des Sytems rumkommen, weil ich das erst vor zwei Wochen gemacht hab. Geht das irgendwie? Mittlerweile läuft das System wieder ohne Probleme?

Blascowitz 18.03.2009 19:27
Ich muss meinem Post von vorhin ändern. Norton hat im Nachfolgenden Scan doch was gefunden(Entschuldigung für die Falschinformation):
Dies wurde gefunden:

Quelle: c:\qoobox\quarantine\c\windows\system32\gaopdxcbltqgulkmoymfowputehmtakcplswrr.dll.vir
Risikokategorie Virus
Gesamtrisikoauswirkung: Hoch
Klicken Sie hier, um weitere Informationen über dieses Risiko zu erhalten: Packed.Generic.200
Durchgeführte Aktion: Vollständig entfernt

Einen schönen Abend

Blascowitz 18.03.2009 20:03
Hier mein Hijack-File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:24, on 18.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOKUME~1\***\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccLgView.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/yco...//de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://de.intl.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service

Einen schönen Abend und danke für die Hilfe


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131