Ist in dieser Datei ein Virus drin??

Sunnii' · 09/04/2012, 15:27

Hallo Leute, ich habe mir eben einen spambot runter geladen, und diesen auch ausgeführt und hat auch alles super gefunzt, ein ganz normaler spambot eben.
Dannach hab ich die Datei gescannt, und ein Freund meinte dass da ein Backdoor drin sei, ich kenne mich mit sowas GAR NICHT aus. Ps: ich weiß epvp ist e. kein Virusboard, hoffe aber dass sich hier ein paar damit auskennen

.
Virustotal:

Das video dazu:

Combofix log:

ComboFix 12-09-04.01 - Fex 04.09.2012 15:00:30.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.8154.6055 [GMT 2:00]
ausgeführt von:: c:\users\Fex\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-04 bis 2012-09-04 ))))))))))))))))))))))))))))))
.
.
2012-09-04 13:03 . 2012-09-04 13:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-04 13:03 . 2012-09-04 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 06:47 . 2012-09-02 06:47 -------- d-----w- c:\users\Fex\AppData\Roaming\Image-Line
2012-09-01 18:30 . 2012-09-01 18:30 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-09-01 18:30 . 2012-09-01 18:30 -------- d-----w- c:\program files (x86)\VstPlugins
2012-09-01 18:30 . 2011-10-11 14:45 1431552 ----a-w- c:\windows\SysWow64\rewire.dll
2012-09-01 18:30 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-09-01 18:30 . 2012-09-01 18:30 -------- d-----w- c:\program files (x86)\Outsim
2012-09-01 18:28 . 2012-09-01 18:30 -------- d-----w- c:\program files (x86)\Image-Line
2012-09-01 13:57 . 2012-09-03 19:58 -------- d-----w- c:\users\Fex\AppData\Roaming\.minecraft
2012-08-30 18:02 . 2012-08-30 18:03 -------- d-----w- c:\users\Fex\AppData\Local\Facebook
2012-08-29 08:07 . 2012-08-29 08:07 -------- d-----w- c:\users\Fex\.thumbnails
2012-08-29 08:06 . 2012-08-29 08:06 -------- d-----w- c:\users\Fex\AppData\Local\fontconfig
2012-08-29 08:06 . 2012-08-29 08:08 -------- d-----w- c:\users\Fex\.gimp-2.8
2012-08-29 08:06 . 2012-08-29 08:06 -------- d-----w- c:\users\Fex\AppData\Local\gegl-0.2
2012-08-29 07:04 . 2012-08-29 07:04 -------- d-----w- C:\cstrike
2012-08-29 06:30 . 2012-08-29 06:30 -------- d-----w- c:\program files\GIMP 2
2012-08-28 18:53 . 2012-08-28 18:53 -------- d-----w- c:\users\Fex\AppData\Roaming\.Nitrous
2012-08-28 17:06 . 2012-08-28 17:13 -------- d-----w- c:\users\Fex\AppData\Roaming\Teeworlds
2012-08-28 13:56 . 2012-08-28 13:59 -------- d-----w- c:\users\Fex\AppData\Roaming\MTE
2012-08-28 13:56 . 2012-08-28 13:56 -------- d-----w- c:\program files (x86)\Minecraft Texturepack Editor
2012-08-25 09:47 . 2012-08-25 09:47 -------- d-----w- c:\users\Fex\AppData\Roaming\TEdit
2012-08-25 09:47 . 2012-08-25 09:47 -------- d-----w- c:\program files (x86)\TEdit
2012-08-22 15:23 . 2012-08-22 15:23 -------- d-----w- c:\users\Fex\AppData\Roaming\lol
2012-08-21 06:03 . 2012-09-04 07:13 -------- d-----w- c:\users\Fex\AppData\Local\TSVNCache
2012-08-20 17:38 . 2012-08-20 17:38 -------- d-----w- c:\users\Fex\AppData\Roaming\TortoiseSVN
2012-08-20 17:25 . 2012-08-20 17:25 -------- d-----w- c:\program files\TortoiseSVN
2012-08-20 17:25 . 2012-08-20 17:25 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-08-20 17:25 . 2012-08-20 17:25 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-08-20 17:13 . 2012-08-20 17:13 -------- d-----w- C:\Test
2012-08-20 17:12 . 2012-08-20 17:12 -------- d-----w- c:\users\Fex\AppData\Roaming\Subversion
2012-08-20 07:54 . 2012-08-20 07:54 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2012-08-20 07:53 . 2012-08-20 07:53 -------- d-----w- c:\program files (x86)\Stardock
2012-08-19 18:49 . 2012-08-19 18:55 -------- d-----w- c:\users\Fex\AppData\Roaming\Notepad++
2012-08-19 18:49 . 2012-08-19 18:49 -------- d-----w- c:\program files (x86)\Notepad++
2012-08-19 08:31 . 2012-08-19 08:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-19 08:31 . 2012-08-29 19:15 -------- d-----w- c:\users\Fex\AppData\Local\LogMeIn Hamachi
2012-08-19 07:35 . 2012-08-19 07:35 -------- d-----w- c:\windows\W7FBC
2012-08-19 06:02 . 2012-08-19 06:49 -------- d-----w- C:\1Wichtig1
2012-08-18 18:09 . 2012-08-18 18:09 -------- d-----w- c:\users\Fex\AppData\Roaming\Rainmeter
2012-08-17 09:26 . 2012-08-17 09:36 -------- d-----w- c:\program files (x86)\Adventure Game Studio 3.2.1
2012-08-17 07:11 . 2012-08-17 07:11 -------- d-----w- c:\program files (x86)\ScummVM
2012-08-15 09:27 . 2012-08-15 09:27 -------- d-----w- c:\users\Fex\AppData\Roaming\ScummVM
2012-08-15 06:10 . 2012-08-17 15:38 -------- d-----w- c:\program files (x86)\LucasFan Games
2012-08-14 09:10 . 2012-08-14 09:10 -------- d-----w- c:\program files (x86)\AutoIt3
2012-08-12 16:05 . 2012-08-12 16:05 -------- d-----w- c:\users\Fex\.sessionstealer
2012-08-11 15:13 . 2012-08-11 15:13 -------- d-----w- c:\users\Fex\AppData\Roaming\TuneUp Software
2012-08-11 15:12 . 2012-08-11 15:13 -------- d-----w- c:\programdata\TuneUp Software
2012-08-11 15:12 . 2012-08-11 15:12 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-11 14:42 . 2012-08-11 14:44 -------- d-----w- c:\users\Fex\AppData\Roaming\.Spoutcraft
2012-08-11 14:33 . 2012-08-11 14:33 -------- d-----w- c:\program files\CCleaner
2012-08-11 12:20 . 2012-09-04 08:25 -------- d-----w- c:\users\Fex\AppData\Local\ApplicationHistory
2012-08-11 12:05 . 2012-08-11 12:05 -------- d--h--r- c:\users\Fex\AppData\Roaming\SecuROM
2012-08-11 11:51 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\iKernel.dll
2012-08-11 11:51 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\ctor.dll
2012-08-11 11:51 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\iscript.dll
2012-08-11 11:51 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\iuser.dll
2012-08-11 11:51 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\DotNetInstaller.exe
2012-08-11 11:51 . 2012-08-11 11:51 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\setup.dll
2012-08-11 11:51 . 2012-08-11 11:51 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Int el32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2012-08-20 08:02 . 2009-07-13 23:57 20621312 ----a-w- c:\windows\system32\imageres.dll
2012-07-15 16:25 . 2012-07-15 16:22 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-07-06 18:23 . 2012-07-06 18:04 2389184 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\Re sourceCache.dll
2012-07-03 14:41 . 2012-07-18 17:57 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-07-03 14:41 . 2012-07-18 17:57 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-07-03 11:46 . 2012-05-25 12:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 16:03 . 2012-06-23 14:59 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-28 13:57 . 2012-06-23 14:56 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-09 00:37 . 2012-06-30 16:45 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-09 00:37 . 2012-06-30 16:45 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-09 00:37 . 2012-06-30 16:45 31384 ----a-w- c:\windows\system32\drivers\VMparport.sys
2012-06-09 00:37 . 2012-06-30 16:45 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-09 00:36 . 2012-06-30 16:45 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-09 00:36 . 2012-06-30 16:45 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-06-09 00:35 . 2012-06-30 16:45 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-08 22:29 . 2012-06-08 22:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-08 21:52 . 2012-06-08 21:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-08 21:52 . 2012-06-08 21:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-08 21:52 . 2012-06-08 21:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-08 21:52 . 2012-06-08 21:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-08 21:52 . 2012-06-08 21:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_07.46.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-01 10:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-03 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-01 10:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 16:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 10:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2012-09-03 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-02-09 22:39 . 2012-09-04 07:15 38556 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-04 07:15 33158 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2012-05-24 14:41 . 2012-09-04 07:15 11314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1755032760-2020323104-2806333516-1000_UserData.bin
+ 2012-05-24 20:31 . 2012-09-03 06:53 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-24 20:31 . 2012-09-01 19:35 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-24 20:31 . 2012-09-03 06:53 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-24 20:31 . 2012-09-01 19:35 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 06:53 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-09-01 19:35 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2012-05-24 15:55 . 2012-09-02 07:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-24 15:55 . 2012-09-04 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-24 15:55 . 2012-09-04 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2012-05-24 15:55 . 2012-09-02 07:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2012-09-04 07:13 . 2012-09-04 07:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2012-09-02 07:36 . 2012-09-02 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2012-09-02 07:36 . 2012-09-02 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2012-09-04 07:13 . 2012-09-04 07:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-07-14 05:01 . 2012-09-03 20:26 337068 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-09-02 20:50 4892224 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-25 21:32 . 2012-09-03 20:26 28947908 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-1755032760-2020323104-2806333516-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 ALSysIO;ALSysIO;c:\users\Fex\AppData\Local\Temp\AL SysIO64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va00 8 [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs .sys [2012-01-27 16152]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-05-04 27760]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-03 935480]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sy s [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\ iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [2011-08-11 104560]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-04-03 880128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755032760-2020323104-2806333516-1000Core.job
- c:\users\Fex\AppData\Local\Google\Update\GoogleUpd ate.exe [2012-07-09 10:29]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755032760-2020323104-2806333516-1000UA.job
- c:\users\Fex\AppData\Local\Google\Update\GoogleUpd ate.exe [2012-07-09 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au torunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au torunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au torunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au torunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Fex\AppData\Roaming\Dropbox\bin\DropboxEx t64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2012-04-04 446392]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\W7FBC\dll.dll" [2012-08-19 211968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Fex\AppData\Roaming\Mozilla\Firefox\Profi les\i8go1l5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=KW_ss&mntrId=28c 298d400000000000000ff3f761386&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 28c298d400000000000000ff3f761386
FF - user.js: extensions.BabylonToolbar_i.hardId - 28c298d400000000000000ff3f761386
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15512
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X 6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va0 08"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1755032760-2020323104-2806333516-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,5e,a9,71,02,99,ef,39,9a,11,24,00,7a,e3 ,34,7c,01,aa,7b,da,3a,2e,12,
4a,8a,ee,48,5c,28,7d,9d,c6,e3,68,f6,dc,e8,d0,9e,79 ,ab,69,b3,33,6d,86,b9,1f,\
"??"=hex:fe,2e,07,72,bf,dc,6c,33,e9,51,6f,47,96,d6 ,81,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Flash\\ FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-04 15:04:44
ComboFix-quarantined-files.txt 2012-09-04 13:04
ComboFix2.txt 2012-09-03 08:32
ComboFix3.txt 2012-09-02 07:47
.
Vor Suchlauf: 25 Verzeichnis(se), 358.842.597.376 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 360.936.411.136 Bytes frei
.
- - End Of File - - 61F5F327B684EB3A34EA45AC2630492F

Zypheel · 09/04/2012, 15:28

Okay,lieber Finger von lassen !.

Sunnii' · 09/04/2012, 15:37

Das Problem ist ich habs schon ausgeführt :/

Aggrobär · 09/04/2012, 15:39

Dann rate ich dir sofort ein gutes Antivirus Programm zu holen,aber bitte keine Avira oder Kaspersky.

Hol dir ESET nod 32 und scanne mal dein System durch,ebenfalls würde ich dir raten SuperAntiSpyware zu holen (gut gegen Trojaner,Keylogger usw.)

Sunnii' · 09/04/2012, 15:42

Ok, ich scanne gerade mit der testv. von eset nod 32

~~anonymous-f4h279~~ · 09/04/2012, 15:47

Die Main ist für Fragen über Epvp gedacht, lesen soll gelernt sein.

Sunnii' · 09/04/2012, 16:01

Ja sry, ich konnte nix anderes finden

, jedenfalls beim skype schreiben, hab ich mit den spamer mal torlol gespamt, und jetzt schreibe NUR bei ihm NACH JEDEM SATZ 3x trolol
bei mir sehe ich das nicht... -.-

Pataya40 · 09/04/2012, 16:05

1. spoiler das
2. falscher bereich
3.

Sunnii' · 09/04/2012, 18:27

Vielen Dank an Aggrobär!! Dank den vorgeschlagenen Programmen hab ich den fix weggebracht

Aimless Angel · 09/04/2012, 18:29

Und das nächste Mal gehst du bitte gleich in entpsrechende Foren.