Trojaner-Board - Trojan.Win.Agent.dcc

Hier der Bericht von Cofi:
Code:
ComboFix 10-01-17.04 - Versuch 18.01.2010  17:22:27.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1022.326 [GMT 1:00]

ausgeführt von:: c:\users\Versuch\Desktop\cofi.exe

SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-3431969251-4012776688-2110599007-500

C:\install.exe

c:\users\Versuch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
 

.

(((((((((((((((((((((((   Dateien erstellt von 2009-12-18 bis 2010-01-18  ))))))))))))))))))))))))))))))

.
 

2010-01-18 16:34 . 2010-01-18 16:34        --------        d-----w-        c:\users\Versuch\AppData\Local\temp

2010-01-18 16:34 . 2010-01-18 16:34        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-01-15 20:52 . 2010-01-15 20:52        --------        d-----w-        c:\users\Versuch\AppData\Roaming\Malwarebytes

2010-01-15 18:07 . 2010-01-07 15:07        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 18:07 . 2010-01-15 18:07        --------        d-----w-        c:\programdata\Malwarebytes

2010-01-15 18:07 . 2010-01-15 18:49        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-01-15 18:07 . 2010-01-07 15:07        19160        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-01-15 17:50 . 2010-01-15 17:51        --------        d-----w-        C:\rsit

2010-01-14 22:07 . 2010-01-14 22:07        --------        d-----w-        c:\program files\Trend Micro

2010-01-14 21:12 . 2010-01-14 21:12        --------        d-----w-        c:\users\Versuch\AppData\Local\Threat Expert

2010-01-14 21:08 . 2010-01-18 10:27        --------        d-----w-        c:\program files\Spyware Doctor

2010-01-14 20:39 . 2009-11-25 10:19        56816        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2010-01-14 20:39 . 2009-03-30 08:33        96104        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2010-01-14 20:39 . 2010-01-14 20:39        --------        d-----w-        c:\programdata\Avira

2010-01-13 08:47 . 2009-10-19 13:38        156672        ----a-w-        c:\windows\system32\t2embed.dll

2010-01-13 08:47 . 2009-10-19 13:35        72704        ----a-w-        c:\windows\system32\fontsub.dll

2010-01-04 14:32 . 2010-01-04 14:32        6868368        ----a-w-        c:\users\Versuch\AppData\Roaming\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-17 02:41 . 2007-02-14 17:03        --------        d-----w-        c:\program files\winamp

2010-01-13 11:48 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-01-12 16:17 . 2008-07-01 20:23        --------        d-----w-        c:\users\Versuch\AppData\Roaming\ICQ

2010-01-12 11:23 . 2009-12-01 11:09        --------        d-----w-        c:\program files\pdfforge Toolbar

2010-01-11 19:39 . 2007-01-15 18:12        628210        ----a-w-        c:\windows\system32\perfh007.dat

2010-01-11 19:39 . 2007-01-15 18:12        126850        ----a-w-        c:\windows\system32\perfc007.dat

2009-12-31 14:36 . 2009-07-18 10:48        --------        d-----w-        c:\program files\ICQ6.5

2009-12-30 17:42 . 2007-02-22 22:12        136008        ----a-w-        c:\users\Versuch\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-30 15:14 . 2009-07-01 15:47        --------        d-----w-        c:\programdata\Microsoft Help

2009-12-16 22:12 . 2007-04-16 12:36        --------        d-----w-        c:\programdata\HP

2009-12-05 12:36 . 2007-02-13 22:36        --------        d-----w-        c:\programdata\Roxio

2009-12-01 11:09 . 2009-12-01 11:08        --------        d-----w-        c:\program files\PDFCreator

2009-11-23 20:04 . 2007-04-04 12:47        --------        d-----w-        c:\program files\Common Files\Adobe

2009-11-21 06:40 . 2009-12-09 11:50        916480        ----a-w-        c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 11:50        71680        ----a-w-        c:\windows\system32\iesetup.dll

2009-11-21 06:34 . 2009-12-09 11:50        109056        ----a-w-        c:\windows\system32\iesysprep.dll

2009-11-21 04:59 . 2009-12-09 11:50        133632        ----a-w-        c:\windows\system32\ieUnatt.exe

2009-11-18 00:43 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat

2009-11-09 12:31 . 2009-12-10 13:29        24064        ----a-w-        c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-10 13:29        30720        ----a-w-        c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-10 13:29        411648        ----a-w-        c:\windows\system32\drivers\http.sys

2009-11-03 11:56 . 2009-11-03 11:56        1180920        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-11-02 19:42 . 2009-10-03 11:37        195456        ------w-        c:\windows\system32\MpSigStub.exe

2009-10-29 09:17 . 2009-12-03 14:50        2048        ----a-w-        c:\windows\system32\tzres.dll

2003-04-27 20:02 . 2007-04-13 21:49        647168        ----a-w-        c:\program files\tetris.exe

2008-08-10 23:19 . 2008-08-10 23:19        23552        ----a-w-        c:\program files\mozilla firefox\plugins\DrvMgt.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-26 09:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

2009-07-31 01:00        698880        ----a-w-        c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
 

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"mHotkey"="mHotkey.exe" [2006-06-19 559104]

"HostManager"="c:\program files\Common Files\AOL\1168853550\ee\AOLSoftware.exe" [2006-11-14 50736]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-12-20 2519040]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-9 110592]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):92,4e,f4,b3,f1,36,ca,01
 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [14.01.2010 21:39 108289]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17.01.2008 16:15 715248]

S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [28.05.2008 01:50 21504]

S4 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\System32\drivers\FLMckUSB.sys [15.01.2007 19:08 69810]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners
 

2010-01-18 c:\windows\Tasks\Erweiterte Garantie.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-15 16:38]
 

2010-01-18 c:\windows\Tasks\Recovery DVD Creator.job

- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-15 16:34]
 

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{0E8EFC26-C431-4765-8592-57102D933EBF}.job

- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
 

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job

- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/ig?hl=de

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de

FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npskilljamloader.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npssp32.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

BHO-{B814DEE4-49A2-4958-B204-F3B17279B663} - (no file)

HKLM-Run-CDEjtCtr - CDCtr.exe

HKLM-Run-Arcor Online - (no file)

HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-18 17:34

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\users\Versuch\AppData\Local\Temp\catchme.dll 53248 bytes executable
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 1
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-2978858628-215539607-716368754-1003\Software\SecuROM\License information*]

"datasecu"=hex:b0,6a,1b,a3,df,24,54,68,dd,34,fd,3e,4e,e5,41,e9,96,bf,be,1f,dd,

   cd,0d,ac,d7,48,20,6d,08,92,3f,84,47,f2,d1,8a,90,57,a4,91,dd,95,3e,90,d3,07,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6e05a693-de63-454e-94f4-beafdbf83b31}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:c6020054

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8a8aee4f-2d2f-4137-aad7-30240dba8f10}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c0019db

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

Zeit der Fertigstellung: 2010-01-18  17:37:41

ComboFix-quarantined-files.txt  2010-01-18 16:37
 

Vor Suchlauf: 12 Verzeichnis(se), 123.644.817.408 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 128.998.309.888 Bytes frei
 

- - End Of File - - 1A272BDB2E99B960069F00EB8AAEE478
Hoffe, dass die ganze Sache aufschlußreich ist. Danke