Windows Defender findet Win32/Agent

blubb22 · 15.05.2009, 13:46

Mein Windows Defender hat heute bei einer Systemüberprüfung TrojanDownloader Win32/Agent gefunden.
Auf Rat eines Freundes von mir habe ich Combofix nach dieser Anleitung durchgeführt. Ein Leitfaden und Tutorium zur Nutzung von ComboFix.
Könnte mal einer von euch gucken ob noch was drauf ist?
Schonmal

Zitat:

ComboFix 09-05-14.06 - *** 15.05.2009 14:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1022.431 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-04-15 bis 2009-05-15 ))))))))))))))))))))))))))))))
.

2009-05-13 12:22 . 2009-05-13 12:23 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-13 12:22 . 2009-05-13 12:23 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-09 16:11 . 2009-05-09 16:11 -------- d-----w c:\programdata\InstallShield
2009-05-09 16:04 . 2009-05-09 16:04 -------- d-----w c:\program files\Gravity
2009-05-09 14:35 . 2009-05-09 16:15 -------- d-----w c:\program files\DNA
2009-05-08 14:04 . 2009-05-08 14:04 -------- d-----w c:\programdata\WindowsSearch
2009-05-08 13:56 . 2009-05-08 13:56 -------- d-----w C:\AeriaGames
2009-05-08 12:43 . 2009-05-08 12:43 -------- d-----w c:\users\***\Program Files
2009-05-08 11:53 . 2009-05-09 16:15 -------- d-----w c:\users\***\AppData\Local\Google
2009-05-08 11:49 . 2009-05-08 11:49 -------- d-----w c:\users\***\AppData\Local\Opera
2009-05-08 11:49 . 2009-05-08 11:50 -------- d-----w c:\program files\Opera
2009-05-08 11:43 . 2009-05-08 11:44 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-08 11:43 . 2009-05-08 11:44 -------- d-----w c:\program files\DivX
2009-05-08 11:36 . 2009-05-08 11:36 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-08 11:35 . 2009-05-08 11:35 -------- d-----w c:\program files\Java
2009-05-08 11:32 . 2009-05-08 11:32 -------- d-----w c:\windows\system32\Macromed
2009-05-08 10:20 . 2009-05-08 10:20 -------- d-----w c:\program files\CCleaner
2009-05-08 10:19 . 2009-05-08 10:19 -------- d-----w c:\users\***\AppData\Local\Mozilla
2009-05-08 10:18 . 2009-05-08 10:18 -------- d-----w c:\program files\Trend Micro
2009-05-08 10:16 . 2009-05-08 10:16 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-08 10:16 . 2009-05-08 10:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-08 10:16 . 2009-05-08 10:16 -------- d-----w c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2009-05-08 10:16 . 2009-05-08 10:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-08 10:15 . 2009-05-08 10:15 -------- d-----w c:\users\***\AppData\Roaming\Malwarebytes
2009-05-08 10:15 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 10:15 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 10:15 . 2009-05-08 10:15 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 10:15 . 2009-05-08 10:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 10:04 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-08 10:04 . 2009-05-08 10:04 -------- d-----w c:\programdata\Avira
2009-05-08 10:04 . 2009-05-08 10:04 -------- d-----w c:\program files\Avira
2009-05-07 18:44 . 2009-05-07 18:44 -------- d-----w c:\users\***\AppData\Roaming\ATI
2009-05-07 18:44 . 2009-05-07 18:44 -------- d-----w c:\users\***\AppData\Local\ATI
2009-05-07 17:27 . 2009-05-07 17:27 -------- d-----w c:\program files\EzManual
2009-05-07 17:26 . 2006-12-11 13:58 114688 ----a-w c:\windows\system32\bmpsap.dll
2009-05-07 17:26 . 2005-12-14 19:30 7552 ----a-w c:\windows\system32\drivers\lgsnd_filter.sys
2009-05-07 17:26 . 2009-05-07 17:27 -------- d-----w c:\program files\LG Software
2009-05-07 17:25 . 2009-05-07 17:25 -------- d-----w c:\windows\system32\DEU
2009-05-07 17:25 . 2006-10-13 15:54 126976 ----a-w c:\windows\system32\Imsmudlg.exe
2009-05-07 17:25 . 2006-09-29 09:59 250368 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-05-07 17:24 . 2009-05-07 17:24 -------- d-----w c:\users\***\AppData\Roaming\InstallShield
2009-05-07 17:20 . 2009-05-07 17:20 -------- d-----w c:\program files\Synaptics
2009-05-07 17:14 . 2009-05-07 17:14 -------- d-----w c:\program files\IVT Corporation
2009-05-07 17:09 . 2009-05-07 17:11 -------- d-----w c:\program files\ATI Technologies
2009-05-07 17:09 . 2009-05-07 17:09 -------- d-----w c:\program files\ATI
2009-05-07 17:06 . 2009-05-07 17:06 -------- d-----w c:\windows\system32\RTCOM
2009-05-07 17:05 . 2009-05-07 17:05 319456 ----a-w c:\windows\DIFxAPI.dll
2009-05-07 17:04 . 2006-11-29 09:47 135168 ----a-w c:\windows\system32\SRSWOW.dll
2009-05-07 17:04 . 2006-12-13 01:30 339968 ----a-w c:\windows\system32\SRSTSXT.dll
2009-05-07 17:04 . 2006-12-16 04:10 1191936 ----a-w c:\windows\RtlUpd.exe
2009-05-07 17:04 . 2007-01-02 04:41 1668456 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2009-05-07 17:04 . 2006-12-28 22:59 489472 ----a-w c:\windows\system32\RtkPgExt.dll
2009-05-07 17:04 . 2006-12-27 11:01 17408 ----a-w c:\windows\system32\RtkCoInst.dll
2009-05-07 17:04 . 2006-12-28 23:03 1814016 ----a-w c:\windows\system32\RtkAPO.dll
2009-05-07 17:04 . 2006-12-29 02:11 4317184 ----a-w c:\windows\RtHDVCpl.exe
2009-05-07 17:04 . 2009-05-07 17:04 -------- d-----w c:\program files\Realtek
2009-05-07 17:04 . 2006-12-16 02:29 499712 ------r c:\windows\RtlExUpd.dll
2009-05-07 17:03 . 2009-05-07 17:03 -------- d-----w c:\windows\tiinst
2009-05-07 17:02 . 2006-09-27 06:22 69120 ------w c:\windows\system32\agrsmdel.exe
2009-05-07 17:02 . 2006-10-05 02:39 1161152 ----a-w c:\windows\system32\drivers\AGRSM.sys
2009-05-07 17:02 . 2006-09-11 06:34 13312 ----a-w c:\windows\system32\agrscoin.dll
2009-05-07 17:02 . 2006-10-05 04:10 9216 ----a-w c:\windows\system32\agrsmsvc.exe
2009-05-07 17:02 . 2006-09-27 06:22 69120 ----a-w c:\windows\agrsmdel.exe
2009-05-07 17:02 . 2009-05-07 17:02 -------- d-----w c:\windows\Options
2009-05-07 17:00 . 2006-12-19 00:12 1786880 ----a-w c:\windows\system32\drivers\NETw3v32.sys
2009-05-07 16:55 . 2009-05-07 17:25 -------- d-----w c:\program files\Intel
2009-05-06 16:27 . 2009-05-06 16:33 -------- d-----w C:\Temp
2009-05-06 16:17 . 2009-05-08 14:14 -------- d-sh--w c:\windows\Installer
2009-05-06 16:13 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-06 16:13 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-06 16:13 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-06 16:13 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-06 16:13 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-06 16:13 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-06 16:13 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-06 16:08 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-06 16:08 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-06 16:08 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-06 16:07 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-06 16:07 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-06 16:02 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-05-06 16:01 . 2008-02-29 07:14 19000 ----a-w c:\windows\system32\kd1394.dll
2009-05-06 16:01 . 2008-02-22 05:05 615992 ----a-w c:\windows\system32\ci.dll
2009-05-06 16:01 . 2008-02-29 07:11 988216 ----a-w c:\windows\system32\winload.exe
2009-05-06 16:01 . 2008-02-29 07:11 927288 ----a-w c:\windows\system32\winresume.exe
2009-05-06 16:01 . 2008-02-29 06:53 378368 ----a-w c:\windows\system32\srcore.dll
2009-05-06 16:01 . 2008-02-29 06:53 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-05-06 16:01 . 2008-02-29 06:53 40960 ----a-w c:\windows\system32\srclient.dll
2009-05-06 16:01 . 2008-02-29 04:12 318464 ----a-w c:\windows\system32\rstrui.exe
2009-05-06 16:01 . 2008-02-29 04:12 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-05-06 16:01 . 2008-02-29 06:35 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-05-06 16:00 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-05-06 16:00 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-05-06 16:00 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-05-06 15:58 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-05-06 15:58 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-05-06 15:57 . 1998-04-23 22:00 83552 ----a-w c:\windows\system32\GAPI32.DLL
2009-05-06 15:57 . 1998-07-21 22:00 13824 ----a-w c:\windows\system32\INETKO.DLL
2009-05-06 15:57 . 1998-07-21 22:00 30720 ----a-w c:\windows\system32\Rchtxko.dll
2009-05-06 15:57 . 1998-07-21 22:00 9728 ----a-w c:\windows\system32\SYSINKO.DLL
2009-05-06 15:57 . 1998-07-21 22:00 102912 ----a-w c:\windows\system32\Vb6stkit.dll
2009-05-06 15:57 . 2001-08-29 10:00 495376 ----a-w c:\windows\system32\msxml.dll
2009-05-06 15:57 . 2002-05-11 10:14 102160 ----a-w c:\windows\system32\VB6KO.DLL
2009-05-06 15:57 . 2009-05-06 16:33 42288 ----a-w c:\windows\system32\giljabiunis.exe
2009-05-06 15:57 . 2009-05-06 16:33 1140016 ----a-w c:\windows\system32\CS.dll
2009-05-06 15:57 . 2009-05-09 16:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-06 15:55 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-05-06 15:55 . 2008-10-29 06:29 2927104 ----a-w c:\windows\explorer.exe
2009-05-06 15:55 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-05-06 15:55 . 2008-08-28 03:40 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-05-06 15:55 . 2008-08-28 03:40 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-05-06 15:55 . 2008-08-28 03:40 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-05-06 15:55 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll
2009-05-06 15:55 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-05-06 15:54 . 2008-09-18 04:56 147456 ----a-w c:\windows\system32\Faultrep.dll
2009-05-06 15:54 . 2008-09-18 04:56 125952 ----a-w c:\windows\system32\wersvc.dll
2009-05-06 15:54 . 2008-12-16 05:31 7680 ----a-w c:\windows\system32\spwmp.dll
2009-05-06 15:54 . 2008-12-16 05:31 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-05-06 15:54 . 2008-12-16 03:29 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-05-06 15:39 . 2009-05-07 18:16 -------- d-----w c:\program files\lg_swupdate
2009-05-06 15:38 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-06 15:38 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-06 15:38 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-06 15:38 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-06 15:38 . 2009-05-09 16:04 -------- d-----w c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 12:08 . 2006-11-02 15:33 618442 ----a-w c:\windows\system32\perfh007.dat
2009-05-15 12:08 . 2006-11-02 15:33 122648 ----a-w c:\windows\system32\perfc007.dat
2009-05-13 16:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-07 19:38 . 2009-05-07 19:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-07 17:22 . 2007-01-09 18:49 12 ----a-w c:\windows\bthservsdp.dat
2009-05-07 17:20 . 2009-05-07 17:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-05-06 15:05 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-05-06 14:57 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-05-06 14:47 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-05-06 14:47 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-05-06 14:03 . 2009-05-06 14:03 -------- d-sh--w c:\program files\Gemeinsame Dateien
2009-03-17 03:38 . 2009-05-06 16:02 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-06 16:02 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-07 18:21 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-07 18:21 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-07 18:21 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-07 18:21 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-07 18:21 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-07 18:21 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-07 18:21 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-07 18:21 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-07 18:21 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-07 18:21 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-07 18:21 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-07 18:21 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-07 18:21 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-07 18:21 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-07 18:21 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-07 18:21 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-07 18:21 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-07 18:21 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-05-06 16:02 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-05-06 16:02 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-05-06 16:02 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-05-06 16:02 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-05-06 16:02 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-05-06 16:02 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-05-06 16:02 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-05-06 16:02 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-05-06 16:02 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-05-06 16:02 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"BatteryMiser 5"="c:\program files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-04 337464]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2007-02-02 2655800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]
"LG Direct Media Button Service"="LGDMEBTN.exe" - c:\windows\System32\LGDMEBTN.exe [2006-12-14 94208]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{956F9C70-F384-4B82-8D41-688931C43329}c:\\users\\***\\program files\\dna\\btdna.exe"= UDP:c:\users\***\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D9F3D707-9837-4889-B87E-0E0EA084B9E8}c:\\users\\***\\program files\\dna\\btdna.exe"= TCP:c:\users\***\program files\dna\btdna.exe:btdna.exe
"TCP Query User{5138D87B-E838-4E04-B0A7-E1E6FBB09E50}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{64A8840C-669C-4FA9-B421-6A8BCE0B1BE6}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.04.2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.04.2009 11:33 72944]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [08.05.2009 12:04 108289]
R3 AGR1310_60;Agere Systems ET-13xx PCI-E Ethernet Adapter Vista Driver;c:\windows\System32\drivers\AGR1310_60.sys [19.01.2007 10:41 77824]
R3 LGDMEBTN;LG Direct Media Button Device Driver for x86;c:\windows\System32\drivers\LGDMEBTN.sys [14.12.2006 00:22 16384]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 15:40 3668480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.04.2009 11:33 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - Toshiba\more4you.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1f2d32d-3bb6-11de-a1bb-00030d000001}]
\shell\AutoRun\command - Toshiba\more4you.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {CD68B67C-0AAC-EB5B-285E-25DE12617939} /qb
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rewy0ia9.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 14:19
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2440)
c:\program files\LG Software\BatteryMiser\McIdle.dll
.
Zeit der Fertigstellung: 2009-05-15 14:21
ComboFix-quarantined-files.txt 2009-05-15 12:21

Vor Suchlauf: 15 Verzeichnis(se), 79.363.772.416 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 79.340.974.080 Bytes frei

280 --- E O F --- 2009-05-15 12:04

Windows Defender findet Win32/Agent

Plagegeister aller Art und deren Bekämpfung: Windows Defender findet Win32/Agent

Windows Defender findet Win32/Agent

Ähnliche Themen: Windows Defender findet Win32/Agent