Persistance durch Patch bekommen

DonSerious · 06.10.2011, 14:43

Code:

ATTFilter

ComboFix 11-10-06.03 - Markus 06.10.2011  15:32:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6576 [GMT 2:00]
ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-06 bis 2011-10-06  ))))))))))))))))))))))))))))))
.
.
2011-10-06 13:17 . 2011-09-13 00:26	9049936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B76978FB-BC28-458F-BFCB-9B2A2A332EF9}\mpengine.dll
2011-10-05 12:42 . 2011-10-05 12:42	--------	d--h--w-	c:\programdata\CanonBJ
2011-10-05 12:42 . 2009-07-14 01:40	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2011-10-05 12:27 . 2011-10-05 12:27	--------	d-----w-	c:\users\Markus\AppData\Roaming\OpenOffice.org
2011-10-05 12:26 . 2011-10-05 12:26	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-10-02 00:20 . 2011-10-02 00:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-01 23:37 . 2011-10-01 23:37	--------	d-----w-	c:\windows\de
2011-10-01 23:16 . 2011-10-01 23:16	270912	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-01 23:16 . 2011-10-01 23:16	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-10-01 23:16 . 2011-10-02 00:22	--------	d-----w-	c:\users\Markus\AppData\Roaming\DAEMON Tools Lite
2011-10-01 23:16 . 2011-10-01 23:16	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2011-10-01 14:35 . 2011-10-01 14:35	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-10-01 14:35 . 2004-07-15 22:20	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-10-01 14:35 . 2004-07-15 22:20	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-10-01 14:35 . 2004-07-15 22:19	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-10-01 14:35 . 2004-07-15 22:18	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-10-01 14:35 . 2004-07-15 22:18	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-10-01 14:35 . 2011-10-01 14:35	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-09-29 11:02 . 2011-09-29 11:02	--------	d-----w-	c:\program files (x86)\ESET
2011-09-29 01:26 . 2011-10-06 13:36	--------	d-----w-	c:\programdata\NVIDIA
2011-09-29 01:26 . 2011-09-22 22:41	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-09-29 01:26 . 2011-09-22 22:41	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-09-29 01:26 . 2011-09-22 22:41	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-09-29 01:26 . 2011-09-22 22:41	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-09-29 01:26 . 2011-09-22 22:41	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-09-29 01:26 . 2011-09-22 22:41	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-09-29 01:26 . 2011-09-22 22:41	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-09-29 01:26 . 2011-09-29 01:26	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-09-29 01:18 . 2011-09-29 01:18	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2011-09-28 01:04 . 2011-09-28 01:04	--------	d-----w-	c:\users\Markus\AppData\Local\Risen
2011-09-28 01:03 . 2011-09-28 01:03	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-09-28 01:03 . 2011-09-28 01:03	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-09-28 01:03 . 2011-09-28 01:03	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-09-26 22:01 . 2007-06-01 16:37	1037312	----a-w-	c:\windows\system32\drivers\WG111Tvx.sys
2011-09-26 22:01 . 2006-11-28 19:46	43328	----a-w-	c:\windows\system32\drivers\PCAMp50a64.sys
2011-09-26 22:01 . 2006-11-28 19:46	41280	----a-w-	c:\windows\system32\drivers\PCASp50a64.sys
2011-09-26 21:34 . 2011-09-29 01:17	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2011-09-26 12:11 . 2011-09-26 12:11	--------	d-----w-	c:\users\Markus\AppData\Local\The Witcher 2
2011-09-22 10:29 . 2011-09-22 10:29	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-09-21 12:43 . 2011-09-21 12:43	--------	d-----w-	c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-09-21 12:43 . 2011-09-28 01:03	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2011-09-16 13:48 . 2011-09-16 14:40	--------	d-----w-	c:\users\Markus\AppData\Local\VMware
2011-09-16 13:47 . 2011-09-17 00:10	--------	d-----w-	c:\users\Markus\AppData\Roaming\VMware
2011-09-16 13:40 . 2011-09-17 00:14	--------	d-----w-	c:\programdata\VMware
2011-09-15 18:48 . 2011-09-15 19:01	--------	d-----w-	c:\users\Markus\VirtualBox VMs
2011-09-15 18:48 . 2011-09-15 19:04	--------	d-----w-	c:\users\Markus\.VirtualBox
2011-09-15 18:47 . 2011-08-15 12:32	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2011-09-15 18:47 . 2011-09-15 19:11	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-09-15 18:47 . 2011-08-15 12:32	128816	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-15 18:12 . 2011-09-15 18:12	--------	d-----w-	c:\programdata\Blizzard
2011-09-15 13:29 . 2011-09-30 16:05	--------	d-----w-	c:\users\UpdatusUser.Markus-PC
2011-09-12 13:47 . 2011-10-01 15:20	--------	d-----w-	c:\users\Markus\AppData\Roaming\Xfire
2011-09-12 13:46 . 2011-09-21 16:50	--------	d-----w-	c:\programdata\Xfire
2011-09-12 13:46 . 2011-09-12 13:47	--------	d-----w-	c:\program files (x86)\Xfire
2011-09-11 16:16 . 2011-09-11 16:16	--------	d-----w-	c:\users\Markus\AppData\Local\NCSoft
2011-09-11 13:08 . 2011-09-11 13:08	--------	d-----w-	c:\program files (x86)\NCsoft
2011-09-11 13:07 . 2011-09-11 13:07	--------	d-----w-	c:\users\Markus\AppData\Local\assembly
2011-09-11 13:04 . 2011-09-11 13:08	--------	d-----w-	c:\users\Markus\AppData\Roaming\GetRightToGo
2011-09-08 16:14 . 2010-11-30 09:43	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16AFEC32-5BA1-4D78-AFE5-40B4ADCC5F7B}\gapaengine.dll
2011-09-07 15:02 . 2011-09-07 15:02	--------	d-----w-	c:\users\Markus\AppData\Local\SCE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 00:18 . 2011-05-03 12:47	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 00:18 . 2011-04-30 19:46	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 23:36 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-01 11:09 . 2011-04-30 19:46	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 01:16 . 2011-04-30 19:46	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-09-23 17:57 . 2011-05-19 01:52	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 00:26 . 2011-07-26 15:57	9049936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 15:00 . 2011-05-18 17:44	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-29 16:13 . 2011-04-30 19:46	794408	----a-w-	c:\windows\SysWow64\pbsvc.exe
2011-08-26 22:22 . 2011-08-26 22:22	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-08-26 22:22 . 2011-08-26 22:22	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-08-15 12:32 . 2011-08-15 12:32	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-14 01:02 . 2011-08-14 01:02	40960	----a-r-	c:\users\Markus\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-08-14 01:02 . 2011-08-14 01:02	40960	----a-r-	c:\users\Markus\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-08-06 15:17 . 2011-08-06 15:15	16384	----a-w-	c:\windows\SysWow64\lgfwunis.exe
2011-08-06 15:13 . 2011-08-06 15:13	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2011-08-06 15:13 . 2011-08-06 15:13	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2011-08-06 15:13 . 2011-08-06 15:13	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-07-22 05:42 . 2011-08-10 22:07	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 22:07	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 22:07	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 22:07	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 22:07	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 22:07	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-19 03:05 . 2011-04-27 21:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-07-16 05:41 . 2011-08-10 18:52	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 18:52	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 18:52	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 18:52	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 18:52	421888	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 18:52	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 18:52	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 18:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 18:52	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 18:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 18:52	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:52	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 18:52	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 18:52	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-08-09 11:11	8578896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-09 05:26 . 2011-08-24 11:02	2048	----a-w-	c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 11:02	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-10 18:52	288768	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-08-06 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 17:14;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
R3 ALSysIO;ALSysIO;c:\users\Markus\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-28 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tvx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jgn0wioz.default\
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-NCsoft - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:64,7c,54,af,c6,3d,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,bf,77,7d,83,0f,ae,4f,be,c9,66,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,bf,77,7d,83,0f,ae,4f,be,c9,66,\
.
[HKEY_USERS\S-1-5-21-2776381635-1646080414-3709318696-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,61,75,b0,a7,e2,59,f6,ce,16,da,2b,a1,b5,21,cb,33,36,ea,46,65,08,09,
   80,19,a2,51,4b,15,26,28,0b,66,b1,3a,89,f5,a6,28,1b,e1,95,c5,76,62,6d,b0,6d,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2776381635-1646080414-3709318696-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,85,29,e2,88,2d,36,41,59,b2,13,67,1e,83,18,04,fb,e6,52,f3,eb,
   9b,7b,35,97,6b,50,dc,e9,76,2b,a4,78,ff,88,19,ab,9e,22,39,9c,e9,be,90,be,b8,\
"rkeysecu"=hex:73,9a,11,58,27,bf,1d,06,ee,3e,66,13,4a,df,a9,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-06  15:38:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-06 13:38
.
Vor Suchlauf: 11 Verzeichnis(se), 66.814.898.176 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 66.509.881.344 Bytes frei
.
- - End Of File - - B58C71C90D2F1A3A7BDA22B2D62E244B

Persistance durch Patch bekommen

Log-Analyse und Auswertung: Persistance durch Patch bekommen

Persistance durch Patch bekommen

Ähnliche Themen: Persistance durch Patch bekommen