TR/ATRAPS.Gen bzw. Agobot-Infekt?

cdeutsc · 03.11.2010, 17:19

Wurde nicht nach einem Neustart gefragt, habe es aber manuell getan.

Code:

ATTFilter

ComboFix 10-10-28.09 - Clemens 03.11.2010  17:00:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1886 [GMT 1:00]
ausgeführt von:: c:\users\Clemens\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Clemens\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((   Dateien erstellt von 2010-10-03 bis 2010-11-03  ))))))))))))))))))))))))))))))
.

2010-11-03 16:07 . 2010-11-03 16:07	--------	d-----w-	c:\users\Clemens\AppData\Local\temp
2010-11-03 16:07 . 2010-11-03 16:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-28 19:48 . 2010-11-03 12:53	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-10-28 18:54 . 2010-10-28 18:54	--------	d-----w-	C:\peanut
2010-10-27 11:16 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-27 11:16 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 11:16 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 16:13 . 2004-05-13 12:25	66720	----a-w-	c:\windows\system32\ac1st16.dll
2010-10-26 15:59 . 2004-11-02 18:16	5293176	----a-w-	c:\windows\system32\acdb16.dll
2010-10-26 15:25 . 2004-05-13 12:27	955040	----a-w-	c:\windows\system32\acge16.dll
2010-10-26 14:59 . 2010-10-26 14:59	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2010-10-26 14:59 . 2010-10-26 14:59	--------	d-----w-	c:\program files\backburner 2
2010-10-26 14:58 . 2010-10-26 14:59	--------	d-----w-	C:\3dsmax7
2010-10-26 14:58 . 2010-10-26 14:58	--------	d-----w-	c:\programdata\Autodesk
2010-10-18 22:34 . 2010-10-18 22:34	--------	d-----w-	c:\program files\MSXML 4.0
2010-10-18 20:48 . 2010-10-18 20:48	--------	d-----w-	c:\programdata\WEBREG
2010-10-18 20:45 . 2010-10-18 20:45	--------	d-----w-	c:\users\Clemens\AppData\Local\HP
2010-10-18 20:43 . 2009-10-21 13:29	320512	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll
2010-10-17 10:58 . 2010-10-18 20:48	--------	d-----w-	c:\users\Clemens\AppData\Roaming\HP
2010-10-17 10:33 . 2010-10-17 10:33	--------	d-----w-	c:\users\Clemens\AppData\Roaming\Yahoo!
2010-10-17 10:33 . 2010-10-28 19:39	--------	d-----w-	c:\program files\Yahoo!
2010-10-17 10:33 . 2010-10-31 14:32	--------	d-----w-	c:\users\Clemens\AppData\Roaming\HpUpdate
2010-10-17 10:30 . 2010-10-17 10:30	--------	d-----w-	c:\programdata\HP Product Assistant
2010-10-17 10:26 . 2010-10-17 10:26	--------	d-----w-	c:\program files\Common Files\HP
2010-10-17 10:25 . 2010-10-17 10:25	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2010-10-17 10:22 . 2009-10-30 03:15	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2010-10-17 10:22 . 2009-09-10 16:44	966656	----a-w-	c:\windows\system32\hpost_p04b.dll
2010-10-17 10:22 . 2009-09-10 16:44	887296	----a-w-	c:\windows\system32\hposwia_p04b.dll
2010-10-17 10:22 . 2009-09-10 16:44	315392	----a-w-	c:\windows\system32\hposc_p04a.dll
2010-10-17 10:22 . 2009-10-21 23:55	452736	----a-w-	c:\windows\system32\hpzids01.dll
2010-10-17 10:22 . 2009-10-21 13:29	125440	----a-w-	c:\windows\system32\hpf3l101.dll
2010-10-17 10:21 . 2010-10-28 19:39	--------	d-----w-	c:\program files\HP
2010-10-17 10:13 . 2010-10-18 20:45	--------	d-----w-	c:\programdata\HP
2010-10-14 13:59 . 2010-10-14 14:03	--------	d-----w-	c:\users\Clemens\AppData\Roaming\dvdcss
2010-10-13 13:26 . 2010-10-13 13:26	--------	d-----w-	c:\program files\Trend Micro
2010-10-13 13:04 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 13:04 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-10-13 13:01 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-10-13 13:01 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-10-13 13:00 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-10-13 13:00 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-10-13 13:00 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-10-13 12:55 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-10-12 22:29 . 2010-10-12 22:29	--------	d--h--w-	c:\windows\PIF
2010-10-08 19:23 . 2010-11-03 12:55	--------	d-----w-	c:\users\Clemens\Tracing
2010-10-08 19:19 . 2010-10-11 05:20	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-10-08 19:19 . 2010-04-28 05:44	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-10-08 19:15 . 2010-10-08 19:15	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-10-08 19:14 . 2010-10-08 19:14	--------	d-----w-	c:\windows\PCHEALTH
2010-10-08 19:14 . 2010-04-16 17:16	4927864	----a-w-	c:\program files\Common Files\Windows Live\.cache\f74543c01cb671c\Silverlight.2.0.exe
2010-10-08 14:58 . 2010-10-08 14:58	--------	d-----w-	c:\program files\Microsoft Sync Framework
2010-10-08 14:58 . 2010-10-08 14:58	--------	d-----w-	c:\program files\Microsoft
2010-10-08 14:58 . 2010-10-08 19:19	--------	d-----w-	c:\program files\Windows Live
2010-10-08 14:58 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-10-08 14:58 . 2010-10-08 14:58	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-10-08 14:45 . 2008-06-17 14:13	74520	----a-w-	c:\program files\Common Files\Windows Live\.cache\7ee671d01cb66f7\DSETUP.dll
2010-10-08 14:45 . 2008-06-17 14:13	484632	----a-w-	c:\program files\Common Files\Windows Live\.cache\7ee671d01cb66f7\DXSETUP.exe
2010-10-08 14:45 . 2008-06-17 14:13	1670936	----a-w-	c:\program files\Common Files\Windows Live\.cache\7ee671d01cb66f7\dsetup32.dll
2010-10-07 05:32 . 2010-10-07 05:32	--------	d-----w-	c:\program files\Windows Portable Devices
2010-10-07 05:21 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-10-07 05:21 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-10-07 05:21 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-10-07 05:19 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-10-07 05:19 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2010-10-07 05:19 . 2009-10-01 01:01	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2010-10-07 05:19 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2010-10-07 05:19 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2010-10-07 05:19 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2010-10-07 05:19 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2010-10-07 05:19 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2010-10-07 05:19 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2010-10-07 05:19 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2010-10-07 05:19 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2010-10-07 05:19 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2010-10-07 05:18 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-10-07 05:18 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-10-07 05:18 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-10-05 16:45 . 2010-10-05 16:45	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2010-10-05 16:45 . 2010-10-05 16:45	--------	d-----w-	c:\program files\Cisco Systems
2010-10-05 14:30 . 2010-10-05 14:32	--------	d-----w-	c:\windows\system32\ca-ES
2010-10-05 14:30 . 2010-10-05 14:32	--------	d-----w-	c:\windows\system32\eu-ES
2010-10-05 14:30 . 2010-10-05 14:31	--------	d-----w-	c:\windows\system32\vi-VN
2010-10-05 13:48 . 2010-10-05 14:06	--------	d-----w-	c:\users\Clemens\AppData\Local\Microsoft Games
2010-10-05 12:45 . 2010-10-05 12:45	--------	d-----w-	c:\windows\system32\EventProviders

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 23:29 . 2009-07-30 22:07	124464	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-26 11:36 . 2010-09-25 09:52	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-09-25 12:12 . 2010-09-25 12:12	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-08-26 16:33 . 2010-10-27 11:16	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 11:16	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 11:16	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 11:16	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-26 07:55	128000	----a-w-	c:\windows\system32\spoolsv.exe
2008-10-14 21:57 . 2008-10-14 21:57	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2010-10-28 19:48
Modified time: 2010-11-03 12:53
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095

---- Directory of C:\peanut ----

2010-10-15 07:18 . 2010-10-15 07:18	1743360	----a-w-	c:\peanut\wplotde.exe


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Updater shortcut"="c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe" [2008-06-19 857544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-30 47672]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-30 3054136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-09-25 253952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

c:\users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-7-30 12862]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-5 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20101028.001\IDSvix86.sys [2010-09-15 287792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-25 1181328]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-04-21 90112]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1019392]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 09:35]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 09:35]

2010-11-01 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Clemens.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:04]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{BD687A08-5A9C-400A-8642-ED7D92BF23B0}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
LSP: bmnet.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-03 17:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 
  DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?ublic?SystemDrive=C:?SystemRoot???VR????7??????=c:\users\Clemens\AppData\Local\Temp?TMP=c:\users\Clemens\AppData\Local\Temp?TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(2560)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2010-11-03  17:09:49
ComboFix-quarantined-files.txt  2010-11-03 16:09
ComboFix2.txt  2010-11-02 19:01

Vor Suchlauf: 12 Verzeichnis(se), 223.548.063.744 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 223.521.288.192 Bytes frei

- - End Of File - - A533D6A6B8588F158D1A4769527264ED

TR/ATRAPS.Gen bzw. Agobot-Infekt?

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen bzw. Agobot-Infekt?

TR/ATRAPS.Gen bzw. Agobot-Infekt?

Ähnliche Themen: TR/ATRAPS.Gen bzw. Agobot-Infekt?