Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32/cycbot.B (https://www.trojaner-board.de/95900-win32-cycbot-b.html)

Trendy 21.02.2011 13:17
Win32/cycbot.B
 
habe seit gestern dauernt eine fehlermeldung vom Windows Defender bekommen mit Win 32/Cycbot.B.
Hab dann mal im Netz geGOOGELT und bin dann auf eure seite gestoßen hab mir euer Malwarebytes runtergeladen und mal durchlaufen lassen und das kam dabei raus


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5828

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.02.2011 12:58:25
mbam-log-2011-02-21 (12-58-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141686
Laufzeit: 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
c:\Users\jimmy\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 1944 -> Unloaded process successfully.
c:\Users\jimmy\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> 2980 -> Unloaded process successfully.
c:\Users\jimmy\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> 4128 -> Unloaded process successfully.
c:\Users\jimmy\AppData\Local\Temp\Xqr.exe (Trojan.FakeAlert) -> 4436 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Windows\System32\sshnas21.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.Agent) -> Value: Metropolis -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\jimmy\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\jimmy\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\sshnas21.dll (Trojan.Agent) -> Delete on reboot.
c:\Users\jimmy\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\jimmy\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\jimmy\AppData\Local\Temp\7027.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\jimmy\AppData\Local\Temp\Xqp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jimmy\AppData\Local\Temp\EULA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jimmy\AppData\Local\Temp\controla.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\jimmy\AppData\Local\Temp\D001.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\jimmy\AppData\Local\Temp\Xqr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

markusg 21.02.2011 13:24
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Trendy 21.02.2011 14:25
seit dem ich die Dateien isoliert habe und dafür ein neustart erforderlich war komme ich seit dem nicht mehr mit dem Laptop ins netz rein
kommt dauernd die meldung
Firefox wurde konfiguriert,einen Proxy-server zu nutzen der die Verbindung zurückweist
und ich habe kein plan was das zu bedeuten hat
die combofix log sende ich gleich wenn ich es hin bekomme

markusg 21.02.2011 15:34
ja aber ich, das ist nen geringes schnell zu lösendes problem.
öffne den internet explorer, dann extras internet optionen.
dort wähle verbindungen, lanverbindung, eintrag bei proxy server löschen. und den haken bei proxy verwenden raus.
übernehmen ok.
dann im firefox auf extras einstellung erweitert netzwerk und kein proxy verwenden auswählen, übernehmen ok.

Trendy 21.02.2011 15:35
Combofix Logfile:
Code:
ComboFix 11-02-20.02 - jimmy 21.02.2011  15:17:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2429.1426 [GMT 1:00]
ausgeführt von:: c:\users\jimmy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2011-01-21 bis 2011-02-21  ))))))))))))))))))))))))))))))
.

2011-02-21 14:23 . 2011-02-21 14:23        --------        d-----w-        c:\users\jimmy\AppData\Local\temp
2011-02-21 14:23 . 2011-02-21 14:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-21 14:10 . 2011-02-21 14:10        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Uniblue
2011-02-21 14:10 . 2011-02-21 14:10        --------        dc-h--w-        c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-02-21 14:10 . 2011-02-21 14:10        --------        d-----w-        c:\program files\Uniblue
2011-02-21 14:10 . 2011-02-21 14:10        --------        d-----w-        c:\users\jimmy\AppData\Local\PackageAware
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Malwarebytes
2011-02-21 11:51 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-21 11:51 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-20 09:34 . 2011-02-20 09:34        --------        d-----w-        c:\windows\Sun
2011-02-20 09:32 . 2011-02-20 09:32        217088        ----a-w-        c:\windows\Xripia.exe
2011-02-20 09:09 . 2011-02-20 09:09        --------        d-----w-        c:\programdata\UAB
2011-02-20 09:09 . 2011-02-20 09:09        --------        d-----w-        c:\users\jimmy\AppData\Local\PC_Drivers_Headquarters
2011-02-20 09:05 . 2011-02-20 09:05        --------        d-----w-        c:\program files\PC Drivers HeadQuarters
2011-02-19 10:41 . 2011-02-19 10:41        --------        d-----w-        c:\program files\Activision
2011-02-19 10:10 . 2011-01-13 09:41        5890896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C20C7F2-5AE4-4A30-BCFD-3D2420252762}\mpengine.dll
2011-02-19 10:08 . 2011-02-20 13:40        214520        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-02-15 11:42 . 2011-02-20 13:40        137464        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-02-15 11:42 . 2011-02-15 11:42        22328        ----a-w-        c:\users\jimmy\AppData\Roaming\PnkBstrK.sys
2011-02-15 11:42 . 2011-02-20 13:40        214520        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-02-15 11:42 . 2011-02-19 09:28        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
2011-02-15 11:42 . 2011-02-15 11:42        682280        ----a-w-        c:\windows\system32\pbsvc.exe
2011-02-15 09:01 . 2011-02-15 09:04        --------        d-----w-        c:\users\jimmy\AppData\Roaming\DivX
2011-02-15 09:00 . 2011-02-20 09:42        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2011-02-15 08:59 . 2011-02-20 09:42        --------        d-----w-        c:\program files\DivX
2011-02-15 08:59 . 2011-02-20 09:42        --------        d-----w-        c:\programdata\DivX
2011-02-13 19:40 . 2011-02-21 13:27        --------        d-sh--w-        c:\windows\ftpcache
2011-02-11 07:49 . 2011-02-11 07:49        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Bubble
2011-02-11 07:49 . 2011-02-11 07:49        --------        d-----w-        c:\program files\Bubble
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\Conduit
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\softonic-de3
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\Recuva
2011-02-10 19:26 . 2011-02-10 19:26        --------        d-----w-        c:\program files\eSupport.com
2011-02-10 10:20 . 2010-12-13 16:03        29008        ----a-w-        c:\windows\system32\SmartDefragBootTime.exe
2011-02-10 10:20 . 2010-11-26 17:02        15672        ----a-w-        c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-10 08:27 . 2011-01-20 16:08        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-02-10 08:27 . 2011-01-20 16:07        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-02-10 08:27 . 2011-01-20 16:04        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-02-10 08:27 . 2011-01-20 14:26        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-02-10 08:27 . 2011-01-20 14:11        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-02-10 08:27 . 2011-01-20 16:07        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-02-10 08:27 . 2011-01-20 16:04        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-02-10 08:27 . 2011-01-20 16:07        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-02-10 08:27 . 2011-01-20 16:06        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-02-10 08:24 . 2011-01-08 06:28        292352        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-10 08:24 . 2011-01-08 08:47        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-31 14:38 . 2011-01-31 14:52        --------        d-----w-        c:\program files\Call of Duty
2011-01-31 12:28 . 2011-01-31 12:28        --------        d-----w-        c:\program files\Common Files\PocketSoft
2011-01-31 12:18 . 2011-01-31 12:18        120320        ----a-w-        c:\windows\system32\drivers\SSHDRV65.sys
2011-01-30 13:57 . 2011-01-30 13:57        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-24 16:49 . 2011-01-24 16:49        --------        d-----w-        c:\users\jimmy\AppData\Local\FRITZ!
2011-01-24 15:55 . 2011-01-24 16:58        --------        d-----w-        c:\program files\1&1

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:11        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 09:10        413696        ----a-w-        c:\windows\system32\odbc32.dll
2010-12-25 08:40 . 2009-02-11 06:58        319456        ----a-w-        c:\windows\DIFxAPI.dll
2010-12-21 11:44 . 2010-10-17 10:04        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 09:09        1169408        ----a-w-        c:\windows\system32\sdclt.exe
2010-11-26 04:19 . 2010-11-26 04:19        6650368        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:02 . 2010-11-26 03:02        16702976        ----a-w-        c:\windows\system32\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58        143360        ----a-w-        c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58        550400        ----a-w-        c:\windows\system32\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54        393216        ----a-w-        c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54        176128        ----a-w-        c:\windows\system32\atiesrxx.exe
2010-11-26 02:52 . 2009-02-11 15:34        159744        ----a-w-        c:\windows\system32\atitmmxx.dll
2010-11-26 02:52 . 2009-02-11 15:34        356352        ----a-w-        c:\windows\system32\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52        15872        ----a-w-        c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49        4066816        ----a-w-        c:\windows\system32\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30        4122624        ----a-w-        c:\windows\system32\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28        5441024        ----a-w-        c:\windows\system32\aticaldd.dll
2010-11-26 02:24 . 2009-02-11 15:34        52736        ----a-w-        c:\windows\system32\coinst.dll
2010-11-26 02:22 . 2010-11-26 02:22        3460096        ----a-w-        c:\windows\system32\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17        249856        ----a-w-        c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16        27136        ----a-w-        c:\windows\system32\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16        231936        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2010-11-26 02:15        30720        ----a-w-        c:\windows\system32\atiuxpag.dll
2010-11-26 02:15 . 2009-02-11 15:34        28672        ----a-w-        c:\windows\system32\atiu9pag.dll
2010-11-26 02:15 . 2010-08-04 01:14        23040        ----a-w-        c:\windows\system32\atitmpxx.dll
2010-11-26 02:15 . 2010-11-26 02:15        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09        52736        ----a-w-        c:\windows\system32\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09        52736        ----a-w-        c:\windows\system32\amdpcom32.dll
2010-11-25 04:04 . 2009-11-20 11:15        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\softonic-de3\tbsoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2011-01-31 120320]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/02/18 16:34];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-10-17 13:49 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-25 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2010-03-15 325672]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-02-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://jahoo.de/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vf5d0ufs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - prefs.js: browser.startup.homepage - yahoo.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62202
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-21 15:23
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2328)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2011-02-21  15:26:15
ComboFix-quarantined-files.txt  2011-02-21 14:26
ComboFix2.txt  2011-02-21 13:56

Vor Suchlauf: 15 Verzeichnis(se), 97.831.219.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 97.832.853.504 Bytes frei

- - End Of File - - 0DA6DE07DA53BF64DDB7FFA0913DE2EF
--- --- ---

Trendy 21.02.2011 15:42
Danke! :) ich komme jetzt wieder ins Netz rein

Trendy 21.02.2011 15:43
Combofix habe ich ach schon gepostet

markusg 21.02.2011 15:46
start programme zubehör editor kopiere rein:

Killall::
Rootkit::
c:\windows\Xripia.exe
folder::
c:\programdata\UAB

datei speichern unter, typ alle dateien.
ort, dort wo sich combofix.exe befindet.
name cfscript.
ziehe cfscript auf combofix, programm startet log posten.

Trendy 21.02.2011 17:07
cann ich Combofix wieder von meinem rechner entfernen oder brauch ich das noch ?

markusg 21.02.2011 17:08
ja um das script auszuführen um mir das neue log zu posten...

Trendy 21.02.2011 17:47
hir ist der neue Log ich hoffe es hat sich was verändert


Combofix Logfile:
Code:
ComboFix 11-02-20.03 - jimmy 21.02.2011  17:30:46.7.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2429.1446 [GMT 1:00]
ausgeführt von:: c:\users\jimmy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2011-01-21 bis 2011-02-21  ))))))))))))))))))))))))))))))
.

2011-02-21 16:38 . 2011-02-21 16:38        --------        d-----w-        c:\users\jimmy\AppData\Local\temp
2011-02-21 16:38 . 2011-02-21 16:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-21 15:49 . 2011-02-21 15:49        --------        dc-h--w-        c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-02-21 14:10 . 2011-02-21 16:04        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Uniblue
2011-02-21 14:10 . 2011-02-21 16:04        --------        d-----w-        c:\program files\Uniblue
2011-02-21 14:10 . 2011-02-21 14:10        --------        d-----w-        c:\users\jimmy\AppData\Local\PackageAware
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Malwarebytes
2011-02-21 11:51 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-21 11:51 . 2011-02-21 11:51        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-21 11:51 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-20 09:34 . 2011-02-20 09:34        --------        d-----w-        c:\windows\Sun
2011-02-20 09:32 . 2011-02-20 09:32        217088        ----a-w-        c:\windows\Xripia.exe
2011-02-20 09:09 . 2011-02-20 09:09        --------        d-----w-        c:\users\jimmy\AppData\Local\PC_Drivers_Headquarters
2011-02-20 09:05 . 2011-02-20 09:05        --------        d-----w-        c:\program files\PC Drivers HeadQuarters
2011-02-19 10:41 . 2011-02-19 10:41        --------        d-----w-        c:\program files\Activision
2011-02-19 10:10 . 2011-01-13 09:41        5890896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C20C7F2-5AE4-4A30-BCFD-3D2420252762}\mpengine.dll
2011-02-19 10:08 . 2011-02-20 13:40        214520        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-02-15 11:42 . 2011-02-20 13:40        137464        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-02-15 11:42 . 2011-02-15 11:42        22328        ----a-w-        c:\users\jimmy\AppData\Roaming\PnkBstrK.sys
2011-02-15 11:42 . 2011-02-20 13:40        214520        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-02-15 11:42 . 2011-02-19 09:28        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
2011-02-15 11:42 . 2011-02-15 11:42        682280        ----a-w-        c:\windows\system32\pbsvc.exe
2011-02-15 09:01 . 2011-02-15 09:04        --------        d-----w-        c:\users\jimmy\AppData\Roaming\DivX
2011-02-15 09:00 . 2011-02-20 09:42        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2011-02-15 08:59 . 2011-02-20 09:42        --------        d-----w-        c:\program files\DivX
2011-02-15 08:59 . 2011-02-20 09:42        --------        d-----w-        c:\programdata\DivX
2011-02-13 19:40 . 2011-02-21 13:27        --------        d-sh--w-        c:\windows\ftpcache
2011-02-11 07:49 . 2011-02-11 07:49        --------        d-----w-        c:\users\jimmy\AppData\Roaming\Bubble
2011-02-11 07:49 . 2011-02-11 07:49        --------        d-----w-        c:\program files\Bubble
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\Conduit
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\softonic-de3
2011-02-10 20:16 . 2011-02-10 20:16        --------        d-----w-        c:\program files\Recuva
2011-02-10 19:26 . 2011-02-10 19:26        --------        d-----w-        c:\program files\eSupport.com
2011-02-10 10:20 . 2010-12-13 16:03        29008        ----a-w-        c:\windows\system32\SmartDefragBootTime.exe
2011-02-10 10:20 . 2010-11-26 17:02        15672        ----a-w-        c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-10 08:27 . 2011-01-20 16:08        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-02-10 08:27 . 2011-01-20 16:07        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-02-10 08:27 . 2011-01-20 16:04        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-02-10 08:27 . 2011-01-20 14:26        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-02-10 08:27 . 2011-01-20 14:11        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-02-10 08:27 . 2011-01-20 16:07        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-02-10 08:27 . 2011-01-20 16:04        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-02-10 08:27 . 2011-01-20 16:07        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-02-10 08:27 . 2011-01-20 16:06        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-02-10 08:24 . 2011-01-08 06:28        292352        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-10 08:24 . 2011-01-08 08:47        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-31 14:38 . 2011-01-31 14:52        --------        d-----w-        c:\program files\Call of Duty
2011-01-31 12:28 . 2011-01-31 12:28        --------        d-----w-        c:\program files\Common Files\PocketSoft
2011-01-31 12:18 . 2011-01-31 12:18        120320        ----a-w-        c:\windows\system32\drivers\SSHDRV65.sys
2011-01-30 13:57 . 2011-01-30 13:57        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-24 16:49 . 2011-01-24 16:49        --------        d-----w-        c:\users\jimmy\AppData\Local\FRITZ!

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:11        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 09:10        413696        ----a-w-        c:\windows\system32\odbc32.dll
2010-12-25 08:40 . 2009-02-11 06:58        319456        ----a-w-        c:\windows\DIFxAPI.dll
2010-12-21 11:44 . 2010-10-17 10:04        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 09:09        1169408        ----a-w-        c:\windows\system32\sdclt.exe
2010-11-26 04:19 . 2010-11-26 04:19        6650368        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:02 . 2010-11-26 03:02        16702976        ----a-w-        c:\windows\system32\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58        143360        ----a-w-        c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58        550400        ----a-w-        c:\windows\system32\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54        393216        ----a-w-        c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54        176128        ----a-w-        c:\windows\system32\atiesrxx.exe
2010-11-26 02:52 . 2009-02-11 15:34        159744        ----a-w-        c:\windows\system32\atitmmxx.dll
2010-11-26 02:52 . 2009-02-11 15:34        356352        ----a-w-        c:\windows\system32\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52        15872        ----a-w-        c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49        4066816        ----a-w-        c:\windows\system32\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30        4122624        ----a-w-        c:\windows\system32\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28        5441024        ----a-w-        c:\windows\system32\aticaldd.dll
2010-11-26 02:24 . 2009-02-11 15:34        52736        ----a-w-        c:\windows\system32\coinst.dll
2010-11-26 02:22 . 2010-11-26 02:22        3460096        ----a-w-        c:\windows\system32\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17        249856        ----a-w-        c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16        27136        ----a-w-        c:\windows\system32\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16        231936        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2010-11-26 02:15        30720        ----a-w-        c:\windows\system32\atiuxpag.dll
2010-11-26 02:15 . 2009-02-11 15:34        28672        ----a-w-        c:\windows\system32\atiu9pag.dll
2010-11-26 02:15 . 2010-08-04 01:14        23040        ----a-w-        c:\windows\system32\atitmpxx.dll
2010-11-26 02:15 . 2010-11-26 02:15        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09        52736        ----a-w-        c:\windows\system32\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09        52736        ----a-w-        c:\windows\system32\amdpcom32.dll
2010-11-25 04:04 . 2009-11-20 11:15        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files\softonic-de3\tbsoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 EagleXNt;EagleXNt; [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WisINT15;WisINT15; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2011-01-31 120320]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/02/18 16:34];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-10-17 13:49 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-25 284160]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2010-03-15 325672]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-02-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://jahoo.de/
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vf5d0ufs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - prefs.js: browser.startup.homepage - yahoo.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-21 17:38
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1416)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2011-02-21  17:41:49
ComboFix-quarantined-files.txt  2011-02-21 16:41
ComboFix2.txt  2011-02-21 15:07
ComboFix3.txt  2011-02-21 14:26
ComboFix4.txt  2011-02-21 13:56

Vor Suchlauf: 16 Verzeichnis(se), 98.882.113.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 98.853.462.016 Bytes frei

- - End Of File - - 5B6339863BEF2194130DBE39642A3849
--- --- ---

markusg 21.02.2011 18:09
öffne mal computer c: dort qoobox und den quarantain ordner packen mit winrar oder zip dann hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

Trendy 21.02.2011 19:01
der link zum Tehma haut nicht hin hab win32/cycbot.B aber der geht net

markusg 21.02.2011 19:02
einfach link aus der adress zeile kopieren geht nicht?

Trendy 21.02.2011 19:04
nein geht nicht


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:28 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131