Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Obfuscated.29996C + TR/ATRAPS.Gen

TR/Obfuscated.29996C + TR/ATRAPS.Gen


Plagegeister aller Art und deren Bekämpfung: TR/Obfuscated.29996C + TR/ATRAPS.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2011, 15:17   #1
killver
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


Hallo!

Hab mir vor zwei Tagen die oben genannten Trojaner über ne Website zugelegt (obwol Firefox + Noscript + Adblock etc.).

Ich glaube ATRAPS hab ich schon wegbekommen. Hier war ein komisches exe file im Autostart. Den anderen bekomm ich aber nicht so richtig weg. Hab bereits Antivir, Spybot, Hijackthis etc ausgeführt. Der kommt immer wieder. Habmal jetzt noch Combofix ausgeführt. Vll hilft das was:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-17.04 - Killver 18.01.2011 14:56:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.4094.1732 [GMT 1:00]
ausgeführt von:: c:\users\Killver\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams. 
 
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Killver\a.exe
c:\users\Killver\AppData\Roaming\desktop.ini
c:\users\Killver\AppData\Roaming\xssend2
c:\users\Killver\AppData\Roaming\xssend2\svcnost.exe
c:\users\Killver\dgRZByom*8é¶Ërwrrlvae.exe
c:\users\Killver\dgRZByom*8é¶Ërwrrlvae.exe\rwrrlvae.exe
c:\windows\system32\muzapp.exe
c:\windows\SysWow64\1C387495AB.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
D:\install.exe
I:\autorun.inf
 
----- BITS: Eventuell infizierte Webseiten -----
 
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-18 bis 2011-01-18 ))))))))))))))))))))))))))))))
.
 
2011-01-18 14:04 . 2011-01-18 14:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-18 13:26 . 2011-01-18 13:26    --------    d-----w-    c:\program files (x86)\FileASSASSIN
2011-01-18 13:22 . 2011-01-18 13:22    --------    d-----w-    C:\!KillBox
2011-01-18 08:25 . 2011-01-18 13:34    29996    ---h--w-    c:\users\Killver\AppData\Roaming\ntuser.dat
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\users\Killver\AppData\Roaming\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-17 22:05 . 2011-01-17 22:05    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 21:22 . 2011-01-17 21:22    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendckdcivprsqft2toge2abexzkcyimorx
2011-01-17 16:39 . 2011-01-17 17:10    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2011-01-17 16:39 . 2011-01-17 16:43    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2011-01-17 16:18 . 2011-01-17 16:18    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
2011-01-16 21:28 . 2011-01-18 13:28    --------    d-----w-    c:\users\Killver\win
2011-01-16 21:24 . 2011-01-16 21:24    --------    d-----w-    c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
2011-01-16 21:24 . 2011-01-17 23:18    --------    d-----w-    c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
2011-01-07 12:50 . 2010-09-17 17:42    19968    ----a-w-    c:\windows\system32\drivers\FlashUSB_x64.sys
2011-01-07 12:50 . 2010-08-27 04:32    13800    ----a-w-    c:\windows\system32\drivers\ssadwhnt.sys
2011-01-07 12:50 . 2010-08-27 04:32    13800    ----a-w-    c:\windows\system32\drivers\ssadwh.sys
2011-01-07 12:50 . 2010-08-27 04:32    16872    ----a-w-    c:\windows\system32\drivers\ssadmdfl.sys
2011-01-07 12:50 . 2010-08-27 04:32    159208    ----a-w-    c:\windows\system32\drivers\ssadmdm.sys
2011-01-07 12:50 . 2010-08-27 04:32    13288    ----a-w-    c:\windows\system32\drivers\ssadcmnt.sys
2011-01-07 12:50 . 2010-08-27 04:32    13288    ----a-w-    c:\windows\system32\drivers\ssadcm.sys
2011-01-07 12:50 . 2010-08-27 04:32    125416    ----a-w-    c:\windows\system32\drivers\ssadbus.sys
2011-01-02 17:52 . 2011-01-02 21:29    --------    d-----w-    c:\users\Killver\AppData\Local\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52    --------    d-----w-    c:\users\Killver\AppData\Roaming\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52    --------    d-----w-    c:\program files (x86)\Ask.com
2011-01-02 17:51 . 2011-01-02 17:52    --------    d-----w-    c:\program files (x86)\ManyCam
2010-12-31 12:55 . 2011-01-03 11:29    --------    d-----w-    c:\program files (x86)\osu!
2010-12-31 12:54 . 2010-12-31 12:54    --------    d-----w-    c:\users\Killver\AppData\Roaming\Downloaded Installations
2010-12-29 19:25 . 2010-12-29 19:25    --------    d-----w-    c:\users\Killver\AppData\Local\CrashRpt
2010-12-29 19:24 . 2010-12-29 19:25    --------    d-----w-    c:\users\Killver\AppData\Local\Procaster
2010-12-29 19:24 . 2010-12-29 19:24    --------    d-----w-    c:\program files (x86)\Livestream Procaster
 
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-03-21 11:45 . 2010-08-20 13:56    250544    ----a-w-    c:\program files (x86)\Common Files\keyhelp.ocx
.
 
------- Sigcheck -------
 
[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
 
[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 17:10    2734688    ----a-w-    c:\program files (x86)\HotSpot_International\tbHotS.dll
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44    1400712    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
 
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51    919408    ----a-w-    c:\program files (x86)\kikin\ie_kikin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files (x86)\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
 
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2010-11-23 38184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Octoshape Streaming Services"="c:\users\Killver\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2010-07-30 569344]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-07-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-08-14 64048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
 
c:\users\Killver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Killver\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
 
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Killver\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [2010-09-17 19968]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 138896]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [2010-06-19 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 871408]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 183184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 53008]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-15 95568]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2009-12-19 682232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 65072]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-03-06 58400]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 154000]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ     hpqcxs08 hpqddsvc
Akamai    REG_MULTI_SZ     Akamai
iissvcs    REG_MULTI_SZ     w3svc was
apphost    REG_MULTI_SZ     apphostsvc
.
Inhalt des "geplante Tasks" Ordners
 
2011-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001Core.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
 
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001UA.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
.
 
--------- x86-64 -----------
 
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-09-22 19:19    284208    ----a-w-    c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    97792    ----a-w-    c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55    97032    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=102869&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: {ADCC9ABB-C4B8-4CA0-8EC9-343C37108EE7} = 10.17.8.1
TCP: {F5332B9C-0E76-4560-9FB4-C8E2C1EC6614} = 129.27.2.3,129.27.3.3
FF - ProfilePath - c:\users\Killver\AppData\Roaming\Mozilla\Firefox\Profiles\dma8xir1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=102869&l=dis&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_US&apn_uid=26349A39-8AC5-445C-9872-4A113C23379C&apn_ptnrs=5J&apn_sauid=537F2106-96C0-4549-B379-2650C25FCDDA&apn_dtid=YYYYYYYYAT&q=
FF - user.js: extensions.checkUpdateSecurity - false 
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
Wow6432Node-HKCU-Run-mssend - c:\users\Killver\AppData\Roaming\xssend2\svcnost.exe
WebBrowser-{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
 
 
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-18 15:07:36
ComboFix-quarantined-files.txt 2011-01-18 14:07
 
Vor Suchlauf: 27 Verzeichnis(se), 57.185.677.312 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 58.056.183.808 Bytes frei
 
- - End Of File - - DA844A3D3354D457325AE98A32BF453C
--- --- ---


mfg
Philipp

Alt 18.01.2011, 15:31   #2
markusg
/// Malware-holic
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


1. combofix niemals auf eigene faust einseten bitte.
2. deinstaliere spybot, es stört die reinigung, neustart.

3.
start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
Folder::
c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
c:\users\Killver\win
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe

Datei speichern unter, typ alle dateien, ort, dort wo sich combofix.exe befindet.
name
cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.
__________________

__________________
Alt 18.01.2011, 16:54   #3
killver
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


Alles klar, erledigt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-17.04 - Killver 18.01.2011  16:35:08.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.4094.2278 [GMT 1:00]
ausgeführt von:: c:\users\Killver\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\users\Killver\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim
c:\users\Killver\AppData\Roaming\xssendj3wg3ba1nodwnbnreg3kmrcqizv1gim\svcnost.exe
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1
c:\users\Killver\AppData\Roaming\xssendk3eolvhm1fvz1yaotzgpxkksdmsbip1\svcnost.exe
c:\users\Killver\JbNpBlNW)²ÃµËrwrrlvae.exe
c:\users\Killver\win

.
(((((((((((((((((((((((   Dateien erstellt von 2010-12-18 bis 2011-01-18  ))))))))))))))))))))))))))))))
.

2011-01-18 15:44 . 2011-01-18 15:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-01-18 13:26 . 2011-01-18 13:26	--------	d-----w-	c:\program files (x86)\FileASSASSIN
2011-01-18 13:22 . 2011-01-18 13:22	--------	d-----w-	C:\!KillBox
2011-01-18 08:25 . 2011-01-18 13:34	29996	---h--w-	c:\users\Killver\AppData\Roaming\ntuser.dat
2011-01-17 22:05 . 2011-01-17 22:05	--------	d-----w-	c:\users\Killver\AppData\Roaming\Malwarebytes
2011-01-17 22:05 . 2011-01-17 22:05	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-17 22:05 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-17 22:05 . 2011-01-18 15:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 21:22 . 2011-01-17 21:22	--------	d-----w-	c:\users\Killver\AppData\Roaming\xssendckdcivprsqft2toge2abexzkcyimorx
2011-01-17 16:39 . 2011-01-18 15:25	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-01-17 16:39 . 2011-01-18 15:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-01-16 21:24 . 2011-01-18 13:10	--------	d-----w-	c:\users\Killver\windows
2011-01-07 12:50 . 2010-09-17 17:42	19968	----a-w-	c:\windows\system32\drivers\FlashUSB_x64.sys
2011-01-07 12:50 . 2010-08-27 04:32	13800	----a-w-	c:\windows\system32\drivers\ssadwhnt.sys
2011-01-07 12:50 . 2010-08-27 04:32	13800	----a-w-	c:\windows\system32\drivers\ssadwh.sys
2011-01-07 12:50 . 2010-08-27 04:32	16872	----a-w-	c:\windows\system32\drivers\ssadmdfl.sys
2011-01-07 12:50 . 2010-08-27 04:32	159208	----a-w-	c:\windows\system32\drivers\ssadmdm.sys
2011-01-07 12:50 . 2010-08-27 04:32	13288	----a-w-	c:\windows\system32\drivers\ssadcmnt.sys
2011-01-07 12:50 . 2010-08-27 04:32	13288	----a-w-	c:\windows\system32\drivers\ssadcm.sys
2011-01-07 12:50 . 2010-08-27 04:32	125416	----a-w-	c:\windows\system32\drivers\ssadbus.sys
2011-01-02 17:52 . 2011-01-02 21:29	--------	d-----w-	c:\users\Killver\AppData\Local\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52	--------	d-----w-	c:\users\Killver\AppData\Roaming\ManyCam
2011-01-02 17:52 . 2011-01-02 17:52	--------	d-----w-	c:\program files (x86)\Ask.com
2011-01-02 17:51 . 2011-01-02 17:52	--------	d-----w-	c:\program files (x86)\ManyCam
2010-12-31 12:55 . 2011-01-03 11:29	--------	d-----w-	c:\program files (x86)\osu!
2010-12-31 12:54 . 2010-12-31 12:54	--------	d-----w-	c:\users\Killver\AppData\Roaming\Downloaded Installations
2010-12-29 19:25 . 2010-12-29 19:25	--------	d-----w-	c:\users\Killver\AppData\Local\CrashRpt
2010-12-29 19:24 . 2010-12-29 19:25	--------	d-----w-	c:\users\Killver\AppData\Local\Procaster
2010-12-29 19:24 . 2010-12-29 19:24	--------	d-----w-	c:\program files (x86)\Livestream Procaster

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-03-21 11:45 . 2010-08-20 13:56	250544	----a-w-	c:\program files (x86)\Common Files\keyhelp.ocx
.

------- Sigcheck -------

[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

[-] 2010-06-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-06-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((((   SnapShot@2011-01-18_14.04.57   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-18 15:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 15:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 15:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 13:34	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 16:04 . 2011-01-18 15:32	73178              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-18 15:32	31276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-18 13:35	31276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-26 15:56 . 2011-01-18 15:32	14828              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963724632-1544281435-49120679-1001_UserData.bin
- 2009-08-26 15:56 . 2011-01-18 13:35	14828              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963724632-1544281435-49120679-1001_UserData.bin
- 2009-08-26 21:30 . 2011-01-15 14:20	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 21:30 . 2011-01-18 14:19	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 21:30 . 2011-01-15 14:20	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-26 21:30 . 2011-01-18 14:19	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 14:20	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-18 14:19	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:34	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:48	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:35	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-26 15:55 . 2011-01-18 13:35	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-26 15:55 . 2011-01-18 15:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-03 22:20 . 2011-01-17 23:20	3868              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-09-03 22:20 . 2011-01-18 15:28	3868              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-01-18 13:33 . 2011-01-18 13:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-18 15:46 . 2011-01-18 15:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-18 15:46 . 2011-01-18 15:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-18 13:33 . 2011-01-18 13:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-01-18 13:32	485532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-18 15:44	485532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-01-18 13:47	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-18 15:44	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-01 23:27 . 2011-01-18 15:44	43722745              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963724632-1544281435-49120679-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 17:10	2734688	----a-w-	c:\program files (x86)\HotSpot_International\tbHotS.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51	919408	----a-w-	c:\program files (x86)\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files (x86)\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NCsoft Launcher"="c:\program files (x86)\NCsoft\Launcher\NCLauncher.exe" [2010-11-23 38184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Octoshape Streaming Services"="c:\users\Killver\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2010-07-30 569344]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-07-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-08-14 64048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

c:\users\Killver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Killver\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Killver\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [2010-09-17 19968]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 138896]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [2010-06-19 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 871408]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 183184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 53008]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-15 95568]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2009-12-19 682232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 65072]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-03-06 58400]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 154000]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
Akamai	REG_MULTI_SZ   	Akamai
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001Core.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963724632-1544281435-49120679-1001UA.job
- c:\users\Killver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 21:05]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\Killver\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=102869&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: {ADCC9ABB-C4B8-4CA0-8EC9-343C37108EE7} = 10.17.8.1
TCP: {F5332B9C-0E76-4560-9FB4-C8E2C1EC6614} = 129.27.2.3,129.27.3.3
FF - ProfilePath - c:\users\Killver\AppData\Roaming\Mozilla\Firefox\Profiles\dma8xir1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=102869&l=dis&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_US&apn_uid=26349A39-8AC5-445C-9872-4A113C23379C&apn_ptnrs=5J&apn_sauid=537F2106-96C0-4549-B379-2650C25FCDDA&apn_dtid=YYYYYYYYAT&q=
FF - user.js: extensions.checkUpdateSecurity - false 
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Razer\Abyssus\razertra.exe
c:\program files (x86)\Razer\Abyssus\razerofa.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-18  16:53:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-01-18 15:53
ComboFix2.txt  2011-01-18 14:07

Vor Suchlauf: 32 Verzeichnis(se), 60.878.647.296 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 60.569.509.888 Bytes frei

- - End Of File - - 86BBA91F01B666AFCF51BC28B82DAAA7
--- --- ---
__________________
Alt 18.01.2011, 17:34   #4
markusg
/// Malware-holic
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


öffne computer, c: qoobox rechtsklick auf den quarantain ordner, mit winrar oder zip packen, hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2011, 17:45   #5
killver
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


Okay ist hochgeladen.


Alt 18.01.2011, 17:49   #6
markusg
/// Malware-holic
 
TR/Obfuscated.29996C + TR/ATRAPS.Gen - Standard

TR/Obfuscated.29996C + TR/ATRAPS.Gen


download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
--> TR/Obfuscated.29996C + TR/ATRAPS.Gen

Antwort

Themen zu TR/Obfuscated.29996C + TR/ATRAPS.Gen
adblock, ads -, akamai, antivir, atraps, avgnt, avira, bho, browser, combofix, cyberghost, desktop, device driver, downloader, error, exe, firefox, helper, hijack, hijackthis, hotspot, hotspot shield, internet, internet explorer, mozilla, performance, programdata, proxy, realtek, sigcheck, skype.exe, software, sptd.sys, start menu, studio, svchost.exe, system, syswow64, trojaner, virtualbox, visual studio, windows, windows 7 ultimate


« konstante CPU-Auslastung 100%, Logfiles allesamt erfolglos | mein computer passwort wurde geändert.... »


Ähnliche Themen: TR/Obfuscated.29996C + TR/ATRAPS.Gen


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  3. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  4. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  5. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  6. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  7. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  8. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  9. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  10. TR/Obfuscated.GX
    Mülltonne - 21.10.2008 (0)
  11. TR/Obfuscated
    Mülltonne - 13.10.2008 (0)
  12. TR/Obfuscated.BL
    Log-Analyse und Auswertung - 05.02.2007 (5)
  13. TR/Obfuscated.BL
    Log-Analyse und Auswertung - 05.02.2007 (4)
  14. TR/Obfuscated.BL
    Plagegeister aller Art und deren Bekämpfung - 28.01.2007 (13)
  15. TR/Obfuscated.BL
    Log-Analyse und Auswertung - 24.01.2007 (3)
  16. TR/obfuscated.BL !! Und was nun?
    Plagegeister aller Art und deren Bekämpfung - 12.01.2007 (6)
  17. TR/obfuscated.BL
    Mülltonne - 10.01.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Obfuscated.29996C + TR/ATRAPS.Gen - Hallo! Hab mir vor zwei Tagen die oben genannten Trojaner über ne Website zugelegt (obwol Firefox + Noscript + Adblock etc.). Ich glaube ATRAPS hab ich schon wegbekommen. Hier war - TR/Obfuscated.29996C + TR/ATRAPS.Gen...
Archiv
Du betrachtest: TR/Obfuscated.29996C + TR/ATRAPS.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131