Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35

Xanadu17 · 22.06.2012, 18:40

Hallo Chris,

Hier das log vom ComboFix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-21.03 - Yyy 22.06.2012  18:55:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.43.1031.18.3070.2102 [GMT 2:00]
ausgeführt von:: c:\users\Yyy\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\CLICKS~1\CLICks~2.exe
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\programdata\hpeA40B.dll
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n
c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Recent\Arbeitsmarktservice Österreich.url
c:\users\Yyy\Desktop\Internet Explorer.lnk
c:\windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-22 17:03 . 2012-06-22 17:05	--------	d-----w-	c:\users\Yyy\AppData\Local\temp
2012-06-22 17:03 . 2012-06-22 17:03	--------	d-----w-	c:\users\Xxx\AppData\Local\temp
2012-06-22 17:03 . 2012-06-22 17:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-21 21:02 . 2012-06-21 21:02	--------	d-----w-	C:\_OTL
2012-06-20 20:28 . 2012-06-20 20:28	--------	d-----w-	c:\program files\7-Zip
2012-06-20 18:56 . 2012-06-20 18:56	--------	d-----w-	c:\users\Yyy\AppData\Roaming\Malwarebytes
2012-06-20 18:56 . 2012-06-20 18:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-20 18:56 . 2012-06-20 18:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-20 18:56 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-20 18:44 . 2012-06-20 18:44	--------	d-----w-	c:\users\Yyy\AppData\Roaming\SUPERAntiSpyware.com
2012-06-20 18:44 . 2012-06-20 22:02	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-06-20 18:44 . 2012-06-20 18:44	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-06-20 18:41 . 2012-06-20 18:41	--------	d-----w-	c:\program files\Secunia
2012-06-20 18:40 . 2012-06-20 18:40	--------	d-----w-	c:\program files\FileHippo.com
2012-06-20 18:30 . 2012-06-21 22:17	--------	d-----w-	c:\users\Xxx\TrojanerTemp
2012-06-19 20:29 . 2012-06-19 20:29	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-19 12:47 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{35379C1C-8ADF-4C7D-8405-F3EAA79BFA8F}\mpengine.dll
2012-06-17 23:23 . 2012-06-17 23:23	--------	d-----w-	c:\users\Xxx\AppData\Local\Macromedia
2012-06-14 07:06 . 2012-06-14 07:06	--------	d-----w-	c:\users\Yyy\AppData\Local\Macromedia
2012-06-09 11:36 . 2012-06-09 11:36	--------	d-----w-	c:\programdata\mquadr.at
2012-06-09 11:35 . 2010-03-02 12:54	105856	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-06-09 11:35 . 2010-03-02 12:54	105856	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-06-09 11:35 . 2010-03-02 12:54	105856	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-06-09 11:35 . 2010-02-22 08:06	9216	----a-w-	c:\windows\system32\drivers\massfilter.sys
2012-06-09 11:35 . 2009-12-28 13:05	114688	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2012-06-09 11:35 . 2008-03-21 22:41	503864	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-06-09 11:35 . 2008-03-21 22:41	35896	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-06-09 11:34 . 2011-02-25 16:02	90368	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2012-06-09 11:34 . 2011-01-30 16:19	73216	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2012-06-09 11:34 . 2011-01-30 16:19	64384	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2012-06-09 11:34 . 2011-01-30 16:19	26624	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2012-06-09 11:34 . 2010-09-26 16:09	19200	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2012-06-09 11:34 . 2010-07-27 07:52	102784	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-09 11:34 . 2010-03-20 10:06	11136	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-06-09 11:34 . 2008-03-27 14:49	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2012-06-09 11:34 . 2008-03-27 14:49	1112288	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-09 11:34 . 2012-06-09 11:36	--------	dc-h--w-	c:\programdata\{7DECD834-973E-4B75-9B37-79105C3EA3B6}
2012-06-09 11:34 . 2012-06-09 11:34	--------	d-----w-	c:\program files\bob internet
2012-06-09 11:33 . 2012-06-09 11:33	--------	d-----w-	c:\users\Yyy\AppData\Local\PackageAware
2012-06-09 11:12 . 2012-06-09 11:12	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:12 . 2012-06-09 11:12	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-04 14:56 . 2012-06-20 21:52	--------	d-----w-	c:\program files\Microsoft
2012-06-04 14:55 . 2012-06-04 14:55	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-06-04 14:55 . 2012-06-04 14:59	--------	d-----w-	c:\programdata\HP Photo Creations
2012-06-04 14:55 . 2012-06-04 14:55	--------	d-----w-	c:\program files\HP Photo Creations
2012-06-04 14:55 . 2012-06-04 14:55	--------	d-----w-	c:\users\Yyy\AppData\Roaming\HpUpdate
2012-06-04 14:53 . 2012-06-04 14:53	--------	d-----w-	c:\programdata\HP
2012-06-04 14:53 . 2012-06-04 14:55	--------	d-----w-	c:\program files\HP
2012-06-04 14:53 . 2012-06-04 14:59	--------	d-----w-	c:\users\Yyy\AppData\Local\HP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 20:29 . 2010-04-17 14:42	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-14 07:03 . 2012-04-01 22:15	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-14 07:03 . 2011-05-18 18:02	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 19:16 . 2011-10-15 13:26	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:16 . 2011-10-15 13:26	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-19 13:02 . 2011-05-07 08:46	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
1998-12-13 22:00	57344	--sha-w-	c:\windows\System32\mfc42loc.dll
1995-09-20 14:16	35088	--sha-w-	c:\windows\System32\msjint32.dll
1995-09-20 14:13	977680	--sha-w-	c:\windows\System32\msjt3032.dll
1995-09-20 14:16	23824	--sha-w-	c:\windows\System32\msjter32.dll
1995-09-24 09:02	243472	--sha-w-	c:\windows\System32\vbar2232.dll
1998-05-18 01:06	368912	--sha-w-	c:\windows\System32\vbar332.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-18 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-18 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-18 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 155648]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Yyy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Yyy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk]
path=c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
backup=c:\windows\pss\Picture Motion Browser Medien-Prüfung.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-12 06:44	29744	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSD]
2007-09-20 14:32	561152	----a-w-	c:\program files\C&E\OSD\osd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 19:38	155648	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recinfo542]
2007-10-23 12:52	2764800	----a-w-	c:\recinfo\RecInfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-10 15:10	4468736	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31	630784	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-06 09:23	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [2008-05-13 93696]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [2008-05-13 97280]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [2008-05-13 97280]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [2008-05-13 97280]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2008-05-13 99840]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:03]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 21:58]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 21:58]
.
2012-06-20 c:\windows\Tasks\hpwebreg_CN1691P3Z005QV.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 19:16]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1F9BFDFE-AB51-4AB8-A3C3-7450B4DC52EB}: NameServer = 194.48.139.254 194.48.124.200
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Yyy\AppData\Roaming\Mozilla\Firefox\Profiles\dnzu70z5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-446832_R1 - c:\windows\IsUn0407.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 19:04
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(228)
c:\program files\HappyFoto\Bestellassistent\FotoSync.dll
c:\program files\HappyFoto\Bestellassistent\xerc2701.dll
c:\program files\HappyFoto\Bestellassistent\fotosynr.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  19:13:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 17:13
.
Vor Suchlauf: 20 Verzeichnis(se), 56.361.168.896 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 57.001.410.560 Bytes frei
.
- - End Of File - - 6EAF63CD241756412EEF7ECFD5DF2E72

--- --- ---

Ich bin zwar Parzifistin, aber da hab ich nichts gegen Waffengebrauch

Ist das Rootkit jetzt weggeschossen?

lg,
Xanadu

Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35

Plagegeister aller Art und deren Bekämpfung: Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35

Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35

Ähnliche Themen: Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35