| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes AuswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.09.2010, 18:30
| #16 |
 |  TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - HP_Besitzer 31.08.2010 18:53:38.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.118 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AcroIEHelpe019.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\firefox.exe_UAs001.dat
c:\windows\system32\UAs\java.exe_UAs001.dat
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 ))))))))))))))))))))))))))))))
.
2010-08-30 20:59 . 2010-08-30 21:31 -------- d-----w- C:\Combo-Fix
2010-08-29 18:11 . 2010-08-29 18:11 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-08-29 19:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-08-29 18:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 16:26 . 2010-08-22 16:26 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help
2010-08-22 16:11 . 2010-08-22 16:11 799 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll
2010-08-22 15:06 . 2010-08-22 15:06 -------- d-----w- c:\programme\Unlocker
2010-08-21 12:36 . 2010-08-22 14:19 -------- d-----w- c:\programme\iKnowPS
2010-08-19 13:56 . 2010-08-19 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters
2010-08-19 13:55 . 2010-08-19 13:55 -------- d-----w- c:\programme\Fighters
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 17:01 . 2010-07-02 18:31 217 ----a-w- c:\windows\system32\urhtps.dat
2010-08-29 15:23 . 2006-11-19 11:48 -------- d-----w- c:\programme\PokerStars
2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue
2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\programme\Uniblue
2010-08-29 14:39 . 2010-08-22 16:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-08-27 18:26 . 2006-05-06 15:53 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-08-22 16:26 . 2010-08-22 16:11 -------- d-----w- c:\programme\Security Task Manager
2010-08-22 16:11 . 2010-08-22 16:11 57 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll
2010-08-22 16:11 . 2010-08-22 16:11 116 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll
2010-08-22 16:11 . 2010-08-22 16:11 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll
2010-08-22 16:11 . 2010-08-22 16:11 6205 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll
2010-08-22 16:11 . 2010-08-22 16:11 699 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll
2010-08-22 16:11 . 2010-08-22 16:11 55 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll
2010-08-22 16:11 . 2010-08-22 16:11 3356 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll
2010-08-22 16:11 . 2010-08-22 16:11 210 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll
2010-08-22 16:11 . 2010-08-22 16:11 2056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll
2010-08-22 16:11 . 2010-08-22 16:11 1055 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll
2010-08-22 16:11 . 2010-08-22 16:11 58 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll
2010-08-22 16:11 . 2010-08-22 16:11 833 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2010-08-18 13:06 . 2004-11-02 18:10 64650 ----a-w- c:\windows\system32\perfc007.dat
2010-08-18 13:06 . 2004-11-02 18:10 392842 ----a-w- c:\windows\system32\perfh007.dat
2010-08-17 15:54 . 2009-04-18 15:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW
2010-07-01 20:12 . 2010-07-01 20:12 112 ----a-w- c:\windows\system32\srvblck2.tmp
2010-06-30 12:28 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 04:00 1852032 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-18 20:07 . 2009-02-07 13:34 160 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2010-06-17 14:03 . 2004-08-04 04:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-12-09 15:23 . 2008-12-09 15:23 47616 --sh--r- c:\windows\system32\appconf32.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632]
Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [07.02.2009 16:33 100032]
S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 19:05
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALCXWDM]
"ImagePath"="system32\drivers\ALCXWDM.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirScheduler]
"ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirService]
"ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atierecord]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Automatisches LiveUpdate - Scheduler]
"ImagePath"="\"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AvgArCln]
"ImagePath"="System32\DRIVERS\AvgArCln.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgio]
"ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgntflt]
"ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme]
"ImagePath"="\??\c:\dokume~1\HP_BES~1.NAM\LOKALE~1\Temp\catchme.sys
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDriverT]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JavaQuickStarterService]
"ImagePath"="\"c:\programme\Java\jre6\bin\jqs.exe\" -service -config \"c:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate]
"ImagePath"="\"c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate Notice Service]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /m \"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ps2]
"ImagePath"="system32\DRIVERS\PS2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SE4501D]
"ImagePath"="system32\DRIVERS\SE4501D.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{49ECC87E-722F-4CFD-ADDA-0BC30D854B7D}"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TlntSvr]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usb]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wmi]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc]
"ImagePath"="\"c:\programme\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{5BDFA431-22ED-4E47-BF65-951D1CF79944}]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{7EA1D9EA-25EB-4E5E-B554-E4B089DE3C32}]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{91C349D8-C3BC-4331-BE67-B82CCBE94DE2}]
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2010-08-31 19:09:28
ComboFix-quarantined-files.txt 2010-08-31 17:09
Vor Suchlauf: 9 Verzeichnis(se), 133.596.569.600 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 133.718.683.648 Bytes frei
- - End Of File - - AF991E549B4A1D528AD1DA4A501186E1
|
|
02.09.2010, 21:39
| #17 |
| /// Malwareteam   | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Antwort folgt morgen
__________________ |
|
03.09.2010, 17:31
| #18 |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1
__________________Combofix mit Skript laufen lassen
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Schritt 2 Wie läufts? Noch Meldungen? |
|
03.09.2010, 18:24
| #19 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich hab die combo-Fix datei, kanns aber wieder weder als Code noch als Anhang hier reinstellen Combo-Fix Datei:Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - HP_Besitzer 03.09.2010 18:57:20.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.214 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Neuer Wiederherstellungspunkt wurde erstellt
FILE ::
"c:\windows\system32\appconf32.exe"
"c:\windows\system32\urhtps.dat"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\appconf32.exe
c:\windows\system32\urhtps.dat
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-03 bis 2010-09-03 ))))))))))))))))))))))))))))))
.
2010-08-30 20:59 . 2010-08-30 21:31 -------- d-----w- C:\Combo-Fix
2010-08-29 18:11 . 2010-08-29 18:11 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-08-29 19:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-08-29 18:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 16:26 . 2010-08-22 16:26 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help
2010-08-22 16:11 . 2010-08-22 16:11 799 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll
2010-08-22 15:06 . 2010-08-22 15:06 -------- d-----w- c:\programme\Unlocker
2010-08-21 12:36 . 2010-08-22 14:19 -------- d-----w- c:\programme\iKnowPS
2010-08-19 13:56 . 2010-08-19 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters
2010-08-19 13:55 . 2010-08-19 13:55 -------- d-----w- c:\programme\Fighters
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 17:40 . 2006-11-19 11:48 -------- d-----w- c:\programme\PokerStars
2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue
2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\programme\Uniblue
2010-08-29 14:39 . 2010-08-22 16:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-08-27 18:26 . 2006-05-06 15:53 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-08-22 16:26 . 2010-08-22 16:11 -------- d-----w- c:\programme\Security Task Manager
2010-08-22 16:11 . 2010-08-22 16:11 57 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll
2010-08-22 16:11 . 2010-08-22 16:11 116 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll
2010-08-22 16:11 . 2010-08-22 16:11 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll
2010-08-22 16:11 . 2010-08-22 16:11 6205 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll
2010-08-22 16:11 . 2010-08-22 16:11 699 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll
2010-08-22 16:11 . 2010-08-22 16:11 55 ----a-w-
weiter:
c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll
2010-08-22 16:11 . 2010-08-22 16:11 3356 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll
2010-08-22 16:11 . 2010-08-22 16:11 210 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll
2010-08-22 16:11 . 2010-08-22 16:11 2056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll
2010-08-22 16:11 . 2010-08-22 16:11 1055 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll
2010-08-22 16:11 . 2010-08-22 16:11 58 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll
2010-08-22 16:11 . 2010-08-22 16:11 833 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2010-08-18 13:06 . 2004-11-02 18:10 64650 ----a-w- c:\windows\system32\perfc007.dat
2010-08-18 13:06 . 2004-11-02 18:10 392842 ----a-w- c:\windows\system32\perfh007.dat
2010-08-17 15:54 . 2009-04-18 15:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW
2010-07-01 20:12 . 2010-07-01 20:12 112 ----a-w- c:\windows\system32\srvblck2.tmp
2010-06-30 12:28 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 04:00 1852032 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-18 20:07 . 2009-02-07 13:34 160 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2010-06-17 14:03 . 2004-08-04 04:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-31_17.05.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-03 16:22 . 2010-09-03 16:22 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632]
Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-03 19:05
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2010-09-03 19:09:35
ComboFix-quarantined-files.txt 2010-09-03 17:09
Vor Suchlauf: 14 Verzeichnis(se), 133.626.843.136 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 133.615.886.336 Bytes frei
- - End Of File - - 8E3D7B5DADE6C637ACEE56D85219F210
|
|
03.09.2010, 18:28
| #20 |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Nach diese Anleitung in Code-Tags gehts nicht? |
|
03.09.2010, 18:30
| #21 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung wenn ich auf Datei hochladen klicke, kommt im Problembericht: C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\firefox.exe.mdmp C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\appcompat.txt Falls dir das hilft. Sonst habe ich momentan nichts feststellen können, Firefox hat nach Neustart immer noch relativ lange gebraucht, wenn auch nicht mehr ganz so lange. |
|
03.09.2010, 18:32
| #22 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich kann kleine Tags machen Code:
ATTFilter test fjdkfkjsflfkdsjklsdfjdlkfjdkfdlfdjfklffjklsdfjlksfj
|
|
03.09.2010, 21:29
| #23 |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1 Wende bitte CCleaner an. Schritt 2 Programme updaten Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor. |
|
04.09.2010, 19:49
| #24 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Cleaner hab ich gemacht. Updates auch, er findet aber noch verschiedene alte java Versionen, habe aber 1x geupdatet und die Meldung kommt noch. dann hab ich eben nochmal Malwarebytes laufen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04.09.2010 20:24:05
mbam-log-2010-09-04 (20-24-05).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142149
Laufzeit: 8 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 34
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.
Infizierte Dateien:
C:\WINDOWS\system32\xmldm\1384_FF_0000000117.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\1504_FF_0000000107.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000087.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000088.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000089.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000090.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000091.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000092.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\2360_FF_0000000093.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\308_FF_0000000094.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\308_FF_0000000095.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\308_FF_0000000096.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\308_FF_0000000097.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\308_FF_0000000098.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000099.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000100.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000101.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000102.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000103.frm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3416_FF_0000000104.pst (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3428_FF_0000000105.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3428_FF_0000000106.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3800_FF_0000000108_ifrm.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3800_FF_0000000109.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\3800_FF_0000000110.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4088_FF_0000000113.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4088_FF_0000000114.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4088_FF_0000000115_ifrm.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4088_FF_0000000116_ifrm.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4520_FF_0000000111.htm (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\4520_FF_0000000112.key (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB35A8ADABD10C_00006992_rasphone.pbk (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB35A8AF7A5940_00006992_rasphone.pbk (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB372477FEA5DE_00004328_rasphone.pbk (Stolen.Data) -> No action taken.
|
|
04.09.2010, 23:09
| #25 | |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1 TDSSKiller von Kaspersky
Schritt 2 Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
Schritt 3 Wende bitte AVZ an und poste das Log. |
|
05.09.2010, 15:54
| #26 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung TDSKiller: Neustart gabs nicht, wurde aber auch nichts gefunden. sorry muss wieder aufteilen Code:
ATTFilter
2010/09/05 16:48:29.0750 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/05 16:48:29.0750 ================================================================================
2010/09/05 16:48:29.0750 SystemInfo:
2010/09/05 16:48:29.0750
2010/09/05 16:48:29.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/05 16:48:29.0750 Product type: Workstation
2010/09/05 16:48:29.0750 ComputerName: NAME-CD5FDA878D
2010/09/05 16:48:29.0750 UserName: HP_Besitzer
2010/09/05 16:48:29.0750 Windows directory: C:\WINDOWS
2010/09/05 16:48:29.0750 System windows directory: C:\WINDOWS
2010/09/05 16:48:29.0750 Processor architecture: Intel x86
2010/09/05 16:48:29.0750 Number of processors: 1
2010/09/05 16:48:29.0750 Page size: 0x1000
2010/09/05 16:48:29.0750 Boot type: Normal boot
2010/09/05 16:48:29.0750 ================================================================================
2010/09/05 16:48:30.0218 Initialize success
2010/09/05 16:48:37.0265 ================================================================================
2010/09/05 16:48:37.0265 Scan started
2010/09/05 16:48:37.0265 Mode: Manual;
2010/09/05 16:48:37.0265 ================================================================================
2010/09/05 16:48:38.0421 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/05 16:48:38.0468 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/05 16:48:38.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/05 16:48:38.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/05 16:48:38.0859 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/05 16:48:39.0062 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/09/05 16:48:39.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/05 16:48:39.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/05 16:48:39.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/05 16:48:39.0500 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/05 16:48:39.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/05 16:48:39.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/05 16:48:39.0718 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/09/05 16:48:39.0828 avgio (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
2010/09/05 16:48:39.0875 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2010/09/05 16:48:39.0906 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/05 16:48:39.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/05 16:48:40.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/05 16:48:40.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/05 16:48:40.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/05 16:48:40.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/05 16:48:40.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/05 16:48:40.0656 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/05 16:48:40.0703 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/05 16:48:40.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/05 16:48:40.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/05 16:48:40.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/05 16:48:40.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/05 16:48:40.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/05 16:48:41.0015 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/05 16:48:41.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/05 16:48:41.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/05 16:48:41.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/05 16:48:41.0156 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/05 16:48:41.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/05 16:48:41.0250 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/05 16:48:41.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/05 16:48:41.0437 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/05 16:48:41.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/05 16:48:41.0562 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/05 16:48:41.0593 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/05 16:48:41.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/05 16:48:41.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/05 16:48:41.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/05 16:48:41.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/05 16:48:41.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/05 16:48:41.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/05 16:48:41.0828 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/05 16:48:41.0859 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/05 16:48:41.0890 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/05 16:48:41.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/05 16:48:41.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/05 16:48:42.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/05 16:48:42.0109 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/05 16:48:42.0140 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/05 16:48:42.0156 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/05 16:48:42.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/05 16:48:42.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/05 16:48:42.0343 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/05 16:48:42.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/05 16:48:42.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/05 16:48:42.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/05 16:48:42.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/05 16:48:42.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/05 16:48:42.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/05 16:48:42.0578 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/05 16:48:42.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/05 16:48:42.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/05 16:48:42.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/05 16:48:42.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/05 16:48:42.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/05 16:48:42.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/05 16:48:42.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/05 16:48:42.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/05 16:48:42.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/05 16:48:43.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/05 16:48:43.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/05 16:48:43.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/05 16:48:43.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/05 16:48:43.0156 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/05 16:48:43.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/05 16:48:43.0234 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/05 16:48:43.0265 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/05 16:48:43.0312 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/05 16:48:43.0359 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/05 16:48:43.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/05 16:48:43.0625 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/05 16:48:43.0671 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/09/05 16:48:43.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/05 16:48:43.0765 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/09/05 16:48:43.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/05 16:48:43.0828 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/05 16:48:43.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/05 16:48:44.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/05 16:48:44.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/05 16:48:44.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/05 16:48:44.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/05 16:48:44.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/05 16:48:44.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/05 16:48:44.0296 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/05 16:48:44.0343 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/09/05 16:48:44.0390 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/05 16:48:44.0468 SE4501D (8dc9cf101d175a1daf2fd917e19a68b1) C:\WINDOWS\system32\DRIVERS\SE4501D.sys
2010/09/05 16:48:44.0531 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/05 16:48:44.0593 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/05 16:48:44.0640 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/05 16:48:44.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/05 16:48:44.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/05 16:48:44.0875 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/05 16:48:44.0937 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/05 16:48:44.0984 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/05 16:48:45.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/05 16:48:45.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/05 16:48:45.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/05 16:48:45.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/05 16:48:45.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/05 16:48:45.0390 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/05 16:48:45.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/05 16:48:45.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/05 16:48:45.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/05 16:48:45.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/05 16:48:45.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/05 16:48:45.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/05 16:48:45.0812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/05 16:48:45.0859 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/05 16:48:45.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/05 16:48:45.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/05 16:48:45.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/05 16:48:46.0015 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/05 16:48:46.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/05 16:48:46.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/05 16:48:46.0265 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/05 16:48:46.0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/05 16:48:46.0375 ================================================================================
2010/09/05 16:48:46.0375 Scan finished
2010/09/05 16:48:46.0375 ================================================================================
|
|
05.09.2010, 16:33
| #27 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung RKU 1. Teil: Code:
ATTFilter RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6DDA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3645440 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBF0BF000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069120 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2069120 bytes
0x804D7000 RAW 2069120 bytes
0x804D7000 WMIxWDM 2069120 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xF71F1000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF30C000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF73CE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF26AB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF688C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF2617000 C:\WINDOWS\system32\DRIVERS\SE4501D.sys 380928 bytes (Siemens AG, Siemens Wireless NDIS 5.1 Driver)
0xF27B8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEFE75000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEF286000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF051000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF08A000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF74EC000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xF73A1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF2743000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2790000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF2685000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF25F3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6DB6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF718B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7168000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF276E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7484000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xF7387000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF25DB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF745B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6D8B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF000A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF001F000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF6DA2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Treiber für parallelen Anschluss)
0xF7154000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF71DD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2811000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7472000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xF2674000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 69632 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF74DB000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xF6D7A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF784C000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)
0xEFD9D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF786C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF788C000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF762C000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF77AC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76AC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF787C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xF03B3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF774C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF763C000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF765C000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xF767C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76BC000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xF76CC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76EC000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF778C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xF785C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF764C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76DC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF761C000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xF771C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF770C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF766C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76FC000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF775C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEEFE3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF779C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79DC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7984000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF79C4000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF799C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xF789C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79EC000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF798C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xF79E4000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (AVIRA GmbH, AVIRA SnapShot Driver)
0xF79CC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79D4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78A4000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7994000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xF79AC000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78AC000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79B4000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF79A4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF797C000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF79FC000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AFC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF043F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A2C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7AD4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AEC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF734B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B54000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7B4C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B56000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B4A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B22000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Treiber)
0xF7B1C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B4E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B50000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B46000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B20000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B1E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CEB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C63000 C:\WINDOWS\System32\DRIVERS\AvgArCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0xF7C72000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C62000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BE4000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
==============================================
>Stealth
==============================================
|
|
05.09.2010, 22:17
| #28 |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Ja das umbenennen ist wichtig. In einen andeen namen geht auch nicht? |
|
06.09.2010, 17:41
| #29 |
| | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich konnte es doch noch umbenennen, indem ich die datei kurz in nen anderen ordner geschoben habe. Ich habe gelesen, dass so ein AVZ Scan sehr lange dauern kann... Kannst du mir ne Durchschnittslaufzeit ca. sagen? Wenns wirklich mehr als 6 h dauert dann verschieb ichs aufn Samstag. |
|
07.09.2010, 10:54
| #30 |
| /// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Es liegt an Dir. Ich würde Dir aber empfehlen das System bis zum Scan nicht zu nutzen. |
|
| Themen zu TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung |
| .dll, 5 minuten, acroiehelpe, anti-malware, antivir, auswertung, browser, center, dateien, explorer, festgestellt, firefox, gmer, grundlos, hallo zusammen, helper, hintergrundgeräusche, löschen, malwarebytes, microsoft, nicht sicher, software, start, stolen.data, system volume information, system32, task manager, tr/dropper.gen, trojaner, trojaner gehabt, xmldm |
Linear-Darstellung
