Persistance durch Patch bekommen

markusg · 06.10.2011, 14:25

dein freund, du solltest übrigens überdenken ob er wirklich so zu nennen ist, hat dir nen passwort stealer geschickt.
deswegen hätte ich diesen gern an hersteller von antimalware software geschickt damit sie den erkennen.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

DonSerious · 06.10.2011, 14:43

Code:

ATTFilter

ComboFix 11-10-06.03 - Markus 06.10.2011  15:32:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6576 [GMT 2:00]
ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-06 bis 2011-10-06  ))))))))))))))))))))))))))))))
.
.
2011-10-06 13:17 . 2011-09-13 00:26	9049936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B76978FB-BC28-458F-BFCB-9B2A2A332EF9}\mpengine.dll
2011-10-05 12:42 . 2011-10-05 12:42	--------	d--h--w-	c:\programdata\CanonBJ
2011-10-05 12:42 . 2009-07-14 01:40	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2011-10-05 12:27 . 2011-10-05 12:27	--------	d-----w-	c:\users\Markus\AppData\Roaming\OpenOffice.org
2011-10-05 12:26 . 2011-10-05 12:26	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-10-02 00:20 . 2011-10-02 00:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-01 23:37 . 2011-10-01 23:37	--------	d-----w-	c:\windows\de
2011-10-01 23:16 . 2011-10-01 23:16	270912	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-01 23:16 . 2011-10-01 23:16	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-10-01 23:16 . 2011-10-02 00:22	--------	d-----w-	c:\users\Markus\AppData\Roaming\DAEMON Tools Lite
2011-10-01 23:16 . 2011-10-01 23:16	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2011-10-01 14:35 . 2011-10-01 14:35	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-10-01 14:35 . 2004-07-15 22:20	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-10-01 14:35 . 2004-07-15 22:20	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-10-01 14:35 . 2004-07-15 22:19	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-10-01 14:35 . 2004-07-15 22:18	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-10-01 14:35 . 2004-07-15 22:18	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-10-01 14:35 . 2011-10-01 14:35	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-09-29 11:02 . 2011-09-29 11:02	--------	d-----w-	c:\program files (x86)\ESET
2011-09-29 01:26 . 2011-10-06 13:36	--------	d-----w-	c:\programdata\NVIDIA
2011-09-29 01:26 . 2011-09-22 22:41	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-09-29 01:26 . 2011-09-22 22:41	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-09-29 01:26 . 2011-09-22 22:41	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-09-29 01:26 . 2011-09-22 22:41	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-09-29 01:26 . 2011-09-22 22:41	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-09-29 01:26 . 2011-09-22 22:41	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-09-29 01:26 . 2011-09-22 22:41	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-09-29 01:26 . 2011-09-29 01:26	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-09-29 01:18 . 2011-09-29 01:18	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2011-09-28 01:04 . 2011-09-28 01:04	--------	d-----w-	c:\users\Markus\AppData\Local\Risen
2011-09-28 01:03 . 2011-09-28 01:03	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-09-28 01:03 . 2011-09-28 01:03	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-09-28 01:03 . 2011-09-28 01:03	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-09-26 22:01 . 2007-06-01 16:37	1037312	----a-w-	c:\windows\system32\drivers\WG111Tvx.sys
2011-09-26 22:01 . 2006-11-28 19:46	43328	----a-w-	c:\windows\system32\drivers\PCAMp50a64.sys
2011-09-26 22:01 . 2006-11-28 19:46	41280	----a-w-	c:\windows\system32\drivers\PCASp50a64.sys
2011-09-26 21:34 . 2011-09-29 01:17	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2011-09-26 12:11 . 2011-09-26 12:11	--------	d-----w-	c:\users\Markus\AppData\Local\The Witcher 2
2011-09-22 10:29 . 2011-09-22 10:29	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-09-21 12:43 . 2011-09-21 12:43	--------	d-----w-	c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-09-21 12:43 . 2011-09-28 01:03	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2011-09-16 13:48 . 2011-09-16 14:40	--------	d-----w-	c:\users\Markus\AppData\Local\VMware
2011-09-16 13:47 . 2011-09-17 00:10	--------	d-----w-	c:\users\Markus\AppData\Roaming\VMware
2011-09-16 13:40 . 2011-09-17 00:14	--------	d-----w-	c:\programdata\VMware
2011-09-15 18:48 . 2011-09-15 19:01	--------	d-----w-	c:\users\Markus\VirtualBox VMs
2011-09-15 18:48 . 2011-09-15 19:04	--------	d-----w-	c:\users\Markus\.VirtualBox
2011-09-15 18:47 . 2011-08-15 12:32	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2011-09-15 18:47 . 2011-09-15 19:11	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-09-15 18:47 . 2011-08-15 12:32	128816	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-15 18:12 . 2011-09-15 18:12	--------	d-----w-	c:\programdata\Blizzard
2011-09-15 13:29 . 2011-09-30 16:05	--------	d-----w-	c:\users\UpdatusUser.Markus-PC
2011-09-12 13:47 . 2011-10-01 15:20	--------	d-----w-	c:\users\Markus\AppData\Roaming\Xfire
2011-09-12 13:46 . 2011-09-21 16:50	--------	d-----w-	c:\programdata\Xfire
2011-09-12 13:46 . 2011-09-12 13:47	--------	d-----w-	c:\program files (x86)\Xfire
2011-09-11 16:16 . 2011-09-11 16:16	--------	d-----w-	c:\users\Markus\AppData\Local\NCSoft
2011-09-11 13:08 . 2011-09-11 13:08	--------	d-----w-	c:\program files (x86)\NCsoft
2011-09-11 13:07 . 2011-09-11 13:07	--------	d-----w-	c:\users\Markus\AppData\Local\assembly
2011-09-11 13:04 . 2011-09-11 13:08	--------	d-----w-	c:\users\Markus\AppData\Roaming\GetRightToGo
2011-09-08 16:14 . 2010-11-30 09:43	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16AFEC32-5BA1-4D78-AFE5-40B4ADCC5F7B}\gapaengine.dll
2011-09-07 15:02 . 2011-09-07 15:02	--------	d-----w-	c:\users\Markus\AppData\Local\SCE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 00:18 . 2011-05-03 12:47	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 00:18 . 2011-04-30 19:46	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 23:36 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-01 11:09 . 2011-04-30 19:46	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 01:16 . 2011-04-30 19:46	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-09-23 17:57 . 2011-05-19 01:52	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 00:26 . 2011-07-26 15:57	9049936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 15:00 . 2011-05-18 17:44	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-29 16:13 . 2011-04-30 19:46	794408	----a-w-	c:\windows\SysWow64\pbsvc.exe
2011-08-26 22:22 . 2011-08-26 22:22	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-08-26 22:22 . 2011-08-26 22:22	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-08-15 12:32 . 2011-08-15 12:32	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-14 01:02 . 2011-08-14 01:02	40960	----a-r-	c:\users\Markus\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-08-14 01:02 . 2011-08-14 01:02	40960	----a-r-	c:\users\Markus\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-08-06 15:17 . 2011-08-06 15:15	16384	----a-w-	c:\windows\SysWow64\lgfwunis.exe
2011-08-06 15:13 . 2011-08-06 15:13	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2011-08-06 15:13 . 2011-08-06 15:13	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2011-08-06 15:13 . 2011-08-06 15:13	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-07-22 05:42 . 2011-08-10 22:07	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 22:07	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 22:07	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 22:07	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 22:07	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 22:07	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-19 03:05 . 2011-04-27 21:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-07-16 05:41 . 2011-08-10 18:52	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 18:52	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 18:52	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 18:52	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 18:52	421888	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 18:52	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 18:52	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 18:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 18:52	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 18:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 18:52	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:52	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 18:52	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 18:52	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-08-09 11:11	8578896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-09 05:26 . 2011-08-24 11:02	2048	----a-w-	c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 11:02	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-10 18:52	288768	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-08-06 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 17:14;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
R3 ALSysIO;ALSysIO;c:\users\Markus\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-28 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tvx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jgn0wioz.default\
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-NCsoft - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:64,7c,54,af,c6,3d,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,bf,77,7d,83,0f,ae,4f,be,c9,66,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,bf,77,7d,83,0f,ae,4f,be,c9,66,\
.
[HKEY_USERS\S-1-5-21-2776381635-1646080414-3709318696-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,61,75,b0,a7,e2,59,f6,ce,16,da,2b,a1,b5,21,cb,33,36,ea,46,65,08,09,
   80,19,a2,51,4b,15,26,28,0b,66,b1,3a,89,f5,a6,28,1b,e1,95,c5,76,62,6d,b0,6d,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2776381635-1646080414-3709318696-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,85,29,e2,88,2d,36,41,59,b2,13,67,1e,83,18,04,fb,e6,52,f3,eb,
   9b,7b,35,97,6b,50,dc,e9,76,2b,a4,78,ff,88,19,ab,9e,22,39,9c,e9,be,90,be,b8,\
"rkeysecu"=hex:73,9a,11,58,27,bf,1d,06,ee,3e,66,13,4a,df,a9,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-06  15:38:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-06 13:38
.
Vor Suchlauf: 11 Verzeichnis(se), 66.814.898.176 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 66.509.881.344 Bytes frei
.
- - End Of File - - B58C71C90D2F1A3A7BDA22B2D62E244B

Persistance durch Patch bekommen

Log-Analyse und Auswertung: Persistance durch Patch bekommen

Persistance durch Patch bekommen

Persistance durch Patch bekommen

Ähnliche Themen: Persistance durch Patch bekommen