Backdoorprogramm BDS/Cycbot.176128.56

Rheingold · 25.12.2011, 08:52

Zweiter Teil combo fix log:

Code:

ATTFilter

.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5635736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-15 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Conime"="c:\windows\system32\conime.exe" [BU]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 5975704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Nico.dell-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-22 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-30 1997416]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3230886925-126132133-2629391164-1025UA.job
- c:\users\Nico.dell-PC.000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-10 19:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-11 2186856]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-11-29 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{F50EF1BC-60D3-4A72-B6ED-99F234833F2C}: NameServer = 62.109.123.7 213.191.92.86
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3cers2zs.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,9e,47,77,90,b8,f8,4f,8e,46,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,9e,47,77,90,b8,f8,4f,8e,46,72,\
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dbf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hwp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="txtfile"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarMathDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NCH.MixPad.mpdp"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.DatabaseDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.MathDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.DrawDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.WriterDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.ImpressDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.CalcDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.WriterDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.DrawDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oth\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.WriterDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.ImpressDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\UserChoice]
@Denied: (2) (Administrator)
"Progid"="opendocument.WriterDocument.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="office.Extension.1"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.slk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.std\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarDrawTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sti\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sxc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sxd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarDrawDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sxi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarImpressDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sxm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarMathDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sxw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wk1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wks\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NCH.WavePad.wpp"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcTemplate.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarCalcDocument.6"
.
[HKEY_USERS\S-1-5-21-3230886925-126132133-2629391164-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="soffice.StarWriterDocument.6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\cchservice.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-25  08:34:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-25 07:34
ComboFix2.txt  2011-12-21 07:36
.
Vor Suchlauf: 17 Verzeichnis(se), 115.714.088.960 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 115.401.179.136 Bytes frei
.
- - End Of File - - 4A5C54B28517F4A01C4D7079D2BCDCFE

Rheingold · 25.12.2011, 09:08

c:\users\Jasmina\AppData\Local\4d0d2e25 ist ein Ordner, darunter gibt es einen weiteren Ordner U und eine datei @
Der Unterordner U ist leer.

Bei Eigenschaften/Details:
Typ: Systemdatei
Größe: 2,00 KB
Änderungsdatum: 14.12.2011 08:38

Sonst keine Angaben.

Unter c:\users\Nico.dell-PC.000\AppData\Local\4d0d2e25 sind die Angbaen genauso, bis auf datum und uhrzeit.

Viele grüße
jasmina

kira · 26.12.2011, 14:15

lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

- Problem besteht immer noch?

Rheingold · 26.12.2011, 18:27

Hi Kira,
unten der HijackThis log.
Probleme sind:

Windows Defender funktioniert nicht
windows firewall kann nicht gestartet werden

Malwarebytes meldet weiterhin folgenden Fund:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122501

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25.12.2011 13:45:20
mbam-log-2011-12-25 (13-45-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 492289
Laufzeit: 42 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:13:15, on 26.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-3230886925-126132133-2629391164-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = Secunia\PSI\psi_tray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: File-/Update Service (ksupmgr) - Salfeld Computer - C:\Windows\SysWOW64\ksupmgr.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13456 bytes

Rheingold · 26.12.2011, 18:31

Viele Grüße
Jasmina

kira · 27.12.2011, 05:43

Zitat:

Zitat von Rheingold

1. unter System und Sicherheit - Verwaltung - Dienste, gibt es Basisfiltermodul nicht.

gehe bitte auf (Rechtsklick) Eigenschaften-> "Abhängigkeiten"

Rheingold · 27.12.2011, 09:14

Zitat:

Zitat von kira

gehe bitte auf (Rechtsklick) Eigenschaften-> "Abhängigkeiten"

rechtsklick auf dienste, .... da gibt es bei mir keine "Abhängigkeiten" .... ? Was soll ich tun?
J.

Rheingold · 27.12.2011, 11:13

p.s. bin am 29ten wieder on. vielen dank bis hierher und grüße
jasmina

Rheingold · 30.12.2011, 11:32

Hallo Kira,
bei Eigenschaften von Dienste gibt es bei mir nur die Reiter: Allgemein, Verknüpfung, Sicherheit, Details, Vorgängerversion

Die Virusmeldung von Malware ist auch noch da.

Was kann ich tun?

Viele Grüße
Jasmina

kira · 31.12.2011, 08:31

Was die Malware bereits mit dem System angestellt bzw welche Spuren hinterlassen, kann man nicht wirklich einschätzen. Neuinstallation ist immer schnellste und einfachste meiner Meinung nach, da nie wieder nachvollziehbar ist, was der Schädling alles manipulliert hat:-> *klick* - Technische Kompromittierung
Ich denke, die einzige 100%ige Lösung ist: Festplatte formatieren und Windows neu installieren, nur so kannst Du sicher sein, dass dein Arbeitsspeicher virenfrei ist!

Rheingold · 31.12.2011, 14:42

Hallo Kira,
vielen Dank für die Antwort. Dann werde ich wohl oder übel als neu installieren müssen. :-( Danke dir sehr herzlich für deine Hilfe!
Alles Gute und viel Glück für´s neue Jahr!

Jasmina

kira · 01.01.2012, 10:47

1.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung

2.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

3.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

alles Gute

kira

Rheingold · 01.01.2012, 15:07

Danke! Werde ich alles so machen!

Jasmina

26.12.2011, 14:15	#48
kira /// Helfer-Team	Backdoorprogramm BDS/Cycbot.176128.56 lade Dir HijackThis 2.0.4 von von hier herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen" - Problem besteht immer noch? __________________ __________________

Backdoorprogramm BDS/Cycbot.176128.56

Plagegeister aller Art und deren Bekämpfung: Backdoorprogramm BDS/Cycbot.176128.56