Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Obfuscated.29996C + TR/ATRAPS.Gen (https://www.trojaner-board.de/94829-tr-obfuscated-29996c-tr-atraps-gen.html)

killver 18.01.2011 15:17
TR/Obfuscated.29996C + TR/ATRAPS.Gen
 
Hallo!

Hab mir vor zwei Tagen die oben genannten Trojaner über ne Website zugelegt (obwol Firefox + Noscript + Adblock etc.).

Ich glaube ATRAPS hab ich schon wegbekommen. Hier war ein komisches exe file im Autostart. Den anderen bekomm ich aber nicht so richtig weg. Hab bereits Antivir, Spybot, Hijackthis etc ausgeführt. Der kommt immer wieder. Habmal jetzt noch Combofix ausgeführt. Vll hilft das was:

Combofix Logfile:
Code:
ComboFix 11-01-17.04 - Killver 18.01.2011 14:56:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.4094.1732 [GMT 1:00]
ausgeführt von:: c:\users\Killver\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.
 
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Killver\a.exe
c:\users\Killver\AppData\Roaming\desktop.ini
c:\users\Killver\AppData\Roaming\xssend2
c:\users\Killver\AppData\Roaming\xssend2\svcnost.exe
c:\users\Killver\dgRZByom*8é¶Ërwrrlvae.exe
c:\users\Killver\dgRZByom*8é¶Ërwrrlvae.exe\rwrrlvae.exe
c:\windows\system32\muzapp.exe
c:\windows\SysWow64\1C387495AB.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
D:\install.exe
I:\autorun.inf
 
----- BITS: Eventuell infizierte Webseiten -----
 
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-18 bis 2011-01-18 ))))))))))))))))))))))))))))))
.
 
2011-01-18 14:04 . 2011-01-18 14:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-18 13:26 . 2011-01-18 13:26    --------    d-----w-    c:\program files (x86)\FileASSASSIN
2011-01-18 13:22 . 2011-01-18 13:22    --------    d-----w-    C:\!KillBox
2011-01-18 08:25 . 2011-01-18 13:34    29996    ---h--w-    c:\users\Killver\AppData\Roaming\ntuser.dat
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\users\Killver\AppData\Roaming\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 21:22 . 2011-01-17 21:22    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendckdcivprsqft2toge2abexzkcyimorx
2011-01-17 16:39 . 2011-01-17 17:10    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2011-01-17 16:39 . 2011-01-17 16:43    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2011-01-17 16:18 . 2011-01-17 16:18    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
2011-01-16 21:28 . 2011-01-18 13:28    --------    d-----w-    c:\users\Killver\win
2011-01-16 21:24 . 2011-01-16 21:24    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
2011-01-16 21:24 . 2011-01-17 23:18    --------    d-----w-    c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
2011-01-07 12:50 . 2010-09-17 17:42    19968    ----a-w-    c:\windows\system32\drivers\FlashUSB_x64.sys
2011-01-07 12:50 . 2010-08-27 04:32    13800    ----a-w-    c:\windows\system32\drivers\ssadwhnt.sys
2011-01-07 12:50 . 2010-08-27 04:32    13800    ----a-w-    c:\windows\system32\drivers\ssadwh.sys
2011-01-07 12:50 . 2010-08-27 04:32    16872    ----a-w-    c:\windows\system32\drivers\ssadmdfl.sys
2011-01-07 12:50 . 2010-08-27 04:32    159208    ----a-w-    c:\windows\system32\drivers\ssadmdm.sys
2011-01-07 12:50 . 2010-08-27 04:32    13288    ----a-w-    c:\windows\system32\drivers\ssadcmnt.sys
2011-01-07 12:50 . 2010-08-27 04:32    13288    ----a-w-    c:\windows\system32\drivers\ssadcm.sys
2011-01-07 12:50 . 2010-08-27 04:32    125416    ----a-w-    c:\windows\system32\drivers\ssadbus.sys
2011-01-02 17:52 . 2011-01-02 21:29    --------    d-----w-    c:\users\Killver\AppData\Local\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52    --------    d-----w-    c:\users\Killver\AppData\Roaming\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52    --------    d-----w-    c:\program files (x86)\Ask.com
2011-01-02 17:51 . 2011-01-02 17:52    --------    d-----w-    c:\program files (x86)\ManyCam
2010-12-31 12:55 . 2011-01-03 11:29    --------    d-----w-    c:\program files (x86)\osu!
2010-12-31 12:54 . 2010-12-31 12:54    --------    d-----w-    c:\users\Killver\AppData\Roaming\Downloaded Installations
2010-12-29 19:25 . 2010-12-29 19:25    --------    d-----w-    c:\users\Killver\AppData\Local\CrashRpt
2010-12-29 19:24 . 2010-12-29 19:25    --------    d-----w-    c:\users\Killver\AppData\Local\Procaster
2010-12-29 19:24 . 2010-12-29 19:24    --------    d-----w-    c:\program files (x86)\Livestream Procaster
 
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-03-21 11:45 . 2010-08-20 13:56    250544    ----a-w-    c:\program files (x86)\Common Files\keyhelp.ocx
.
 
------- Sigcheck -------
 
[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
 
[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 17:10    2734688    ----a-w-    c:\program files (x86)\HotSpot_International\tbHotS.dll
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44    1400712    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51    919408    ----a-w-    c:\program files (x86)\kikin\ie_kikin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files (x86)\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
 
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2010-11-23 38184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Octoshape Streaming Services"="c:\users\Killver\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2010-07-30 569344]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-07-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-08-14 64048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
 
c:\users\Killver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Killver\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
 
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Killver\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [2010-09-17 19968]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 138896]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [2010-06-19 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 871408]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 183184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 53008]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-15 95568]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2009-12-19 682232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 65072]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-03-06 58400]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 154000]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ    hpqcxs08 hpqddsvc
Akamai    REG_MULTI_SZ    Akamai
iissvcs    REG_MULTI_SZ    w3svc was
apphost    REG_MULTI_SZ    apphostsvc
.
Inhalt des "geplante Tasks" Ordners
 
2011-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001Core.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
 
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001UA.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
.
 
--------- x86-64 -----------
 
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-09-22 19:19    284208    ----a-w-    c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=102869&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: {ADCC9ABB-C4B8-4CA0-8EC9-343C37108EE7} = 10.17.8.1
TCP: {F5332B9C-0E76-4560-9FB4-C8E2C1EC6614} = 129.27.2.3,129.27.3.3
FF - ProfilePath - c:\users\Killver\AppData\Roaming\Mozilla\Firefox\Profiles\dma8xir1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=102869&l=dis&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_US&apn_uid=26349A39-8AC5-445C-9872-4A113C23379C&apn_ptnrs=5J&apn_sauid=537F2106-96C0-4549-B379-2650C25FCDDA&apn_dtid=YYYYYYYYAT&q=
FF - user.js: extensions.checkUpdateSecurity - false
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
Wow6432Node-HKCU-Run-mssend - c:\users\Killver\AppData\Roaming\xssend2\svcnost.exe
WebBrowser-{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
 
 
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-18 15:07:36
ComboFix-quarantined-files.txt 2011-01-18 14:07
 
Vor Suchlauf: 27 Verzeichnis(se), 57.185.677.312 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 58.056.183.808 Bytes frei
 
- - End Of File - - DA844A3D3354D457325AE98A32BF453C
--- --- ---


mfg
Philipp

markusg 18.01.2011 15:31
1. combofix niemals auf eigene faust einseten bitte.
2. deinstaliere spybot, es stört die reinigung, neustart.

3.
start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
Folder::
c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
c:\users\Killver\win
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe

Datei speichern unter, typ alle dateien, ort, dort wo sich combofix.exe befindet.
name
cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.

killver 18.01.2011 16:54
Alles klar, erledigt:

Combofix Logfile:
Code:
ComboFix 11-01-17.04 - Killver 18.01.2011  16:35:08.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.43.1031.18.4094.2278 [GMT 1:00]
ausgeführt von:: c:\users\Killver\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\users\Killver\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim\svcnost.exe
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1\svcnost.exe
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
c:\users\Killver\win

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-18 bis 2011-01-18  ))))))))))))))))))))))))))))))
.

2011-01-18 15:44 . 2011-01-18 15:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-18 13:26 . 2011-01-18 13:26        --------        d-----w-        c:\program files (x86)\FileASSASSIN
2011-01-18 13:22 . 2011-01-18 13:22        --------        d-----w-        C:\!KillBox
2011-01-18 08:25 . 2011-01-18 13:34        29996        ---h--w-        c:\users\Killver\AppData\Roaming\ntuser.dat
2011-01-17 22:05 . 2011-01-17 22:05        --------        d-----w-        c:\users\Killver\AppData\Roaming\Malwarebytes
2011-01-17 22:05 . 2011-01-17 22:05        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-17 22:05 . 2011-01-18 15:30        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 21:22 . 2011-01-17 21:22        --------        d-----w-        c:\users\Killver\AppData\Roaming\xssendckdcivprsqft2toge2abexzkcyimorx
2011-01-17 16:39 . 2011-01-18 15:25        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2011-01-17 16:39 . 2011-01-18 15:25        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-01-16 21:24 . 2011-01-18 13:10        --------        d-----w-        c:\users\Killver\windows
2011-01-07 12:50 . 2010-09-17 17:42        19968        ----a-w-        c:\windows\system32\drivers\FlashUSB_x64.sys
2011-01-07 12:50 . 2010-08-27 04:32        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys
2011-01-07 12:50 . 2010-08-27 04:32        13800        ----a-w-        c:\windows\system32\drivers\ssadwh.sys
2011-01-07 12:50 . 2010-08-27 04:32        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys
2011-01-07 12:50 . 2010-08-27 04:32        159208        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys
2011-01-07 12:50 . 2010-08-27 04:32        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys
2011-01-07 12:50 . 2010-08-27 04:32        13288        ----a-w-        c:\windows\system32\drivers\ssadcm.sys
2011-01-07 12:50 . 2010-08-27 04:32        125416        ----a-w-        c:\windows\system32\drivers\ssadbus.sys
2011-01-02 17:52 . 2011-01-02 21:29        --------        d-----w-        c:\users\Killver\AppData\Local\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52        --------        d-----w-        c:\users\Killver\AppData\Roaming\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52        --------        d-----w-        c:\program files (x86)\Ask.com
2011-01-02 17:51 . 2011-01-02 17:52        --------        d-----w-        c:\program files (x86)\ManyCam
2010-12-31 12:55 . 2011-01-03 11:29        --------        d-----w-        c:\program files (x86)\osu!
2010-12-31 12:54 . 2010-12-31 12:54        --------        d-----w-        c:\users\Killver\AppData\Roaming\Downloaded Installations
2010-12-29 19:25 . 2010-12-29 19:25        --------        d-----w-        c:\users\Killver\AppData\Local\CrashRpt
2010-12-29 19:24 . 2010-12-29 19:25        --------        d-----w-        c:\users\Killver\AppData\Local\Procaster
2010-12-29 19:24 . 2010-12-29 19:24        --------        d-----w-        c:\program files (x86)\Livestream Procaster

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-03-21 11:45 . 2010-08-20 13:56        250544        ----a-w-        c:\program files (x86)\Common Files\keyhelp.ocx
.

------- Sigcheck -------

[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((((  SnapShot@2011-01-18_14.04.57  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-18 15:46        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 15:46        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 15:46        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 16:04 . 2011-01-18 15:32        73178              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-18 15:32        31276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-18 13:35        31276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-26 15:56 . 2011-01-18 15:32        14828              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963724632-1544281435-49120679-1001_UserData.bin
- 2009-08-26 15:56 . 2011-01-18 13:35        14828              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963724632-1544281435-49120679-1001_UserData.bin
- 2009-08-26 21:30 . 2011-01-15 14:20        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 21:30 . 2011-01-18 14:19        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 21:30 . 2011-01-15 14:20        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-26 21:30 . 2011-01-18 14:19        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 14:20        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 14:19        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:31        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:35        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:35        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:31        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-03 22:20 . 2011-01-17 23:20        3868              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-09-03 22:20 . 2011-01-18 15:28        3868              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-01-18 13:33 . 2011-01-18 13:33        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-18 15:46 . 2011-01-18 15:46        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-18 15:46 . 2011-01-18 15:46        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-18 13:33 . 2011-01-18 13:33        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-01-18 13:32        485532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-18 15:44        485532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-01-18 13:47        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-18 15:44        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-01 23:27 . 2011-01-18 15:44        43722745              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963724632-1544281435-49120679-1001-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 17:10        2734688        ----a-w-        c:\program files (x86)\HotSpot_International\tbHotS.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44        1400712        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51        919408        ----a-w-        c:\program files (x86)\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files (x86)\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2010-11-23 38184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Octoshape Streaming Services"="c:\users\Killver\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2010-07-30 569344]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-07-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-08-14 64048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

c:\users\Killver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Killver\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Killver\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [2010-09-17 19968]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 138896]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [2010-06-19 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 871408]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 183184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 53008]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-15 95568]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2009-12-19 682232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 65072]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-03-06 58400]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 154000]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
Akamai        REG_MULTI_SZ          Akamai
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001Core.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001UA.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=102869&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: {ADCC9ABB-C4B8-4CA0-8EC9-343C37108EE7} = 10.17.8.1
TCP: {F5332B9C-0E76-4560-9FB4-C8E2C1EC6614} = 129.27.2.3,129.27.3.3
FF - ProfilePath - c:\users\Killver\AppData\Roaming\Mozilla\Firefox\Profiles\dma8xir1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=102869&l=dis&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_US&apn_uid=26349A39-8AC5-445C-9872-4A113C23379C&apn_ptnrs=5J&apn_sauid=537F2106-96C0-4549-B379-2650C25FCDDA&apn_dtid=YYYYYYYYAT&q=
FF - user.js: extensions.checkUpdateSecurity - false
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Razer\Abyssus\razertra.exe
c:\program files (x86)\Razer\Abyssus\razerofa.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-18  16:53:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-01-18 15:53
ComboFix2.txt  2011-01-18 14:07

Vor Suchlauf: 32 Verzeichnis(se), 60.878.647.296 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 60.569.509.888 Bytes frei

- - End Of File - - 86BBA91F01B666AFCF51BC28B82DAAA7
--- --- ---

markusg 18.01.2011 17:34
öffne computer, c: qoobox rechtsklick auf den quarantain ordner, mit winrar oder zip packen, hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

killver 18.01.2011 17:45
Okay ist hochgeladen.

markusg 18.01.2011 17:49
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:25 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130