|
Plagegeister aller Art und deren Bekämpfung: TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes AuswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.09.2010, 18:30 | #16 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - HP_Besitzer 31.08.2010 18:53:38.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.118 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AcroIEHelpe019.dll c:\windows\system32\UAs c:\windows\system32\UAs\firefox.exe_UAs001.dat c:\windows\system32\UAs\java.exe_UAs001.dat D:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 )))))))))))))))))))))))))))))) . 2010-08-30 20:59 . 2010-08-30 21:31 -------- d-----w- C:\Combo-Fix 2010-08-29 18:11 . 2010-08-29 18:11 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-08-29 19:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-08-29 18:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 16:26 . 2010-08-22 16:26 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help 2010-08-22 16:11 . 2010-08-22 16:11 799 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll 2010-08-22 15:06 . 2010-08-22 15:06 -------- d-----w- c:\programme\Unlocker 2010-08-21 12:36 . 2010-08-22 14:19 -------- d-----w- c:\programme\iKnowPS 2010-08-19 13:56 . 2010-08-19 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters 2010-08-19 13:55 . 2010-08-19 13:55 -------- d-----w- c:\programme\Fighters . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-30 17:01 . 2010-07-02 18:31 217 ----a-w- c:\windows\system32\urhtps.dat 2010-08-29 15:23 . 2006-11-19 11:48 -------- d-----w- c:\programme\PokerStars 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\programme\Uniblue 2010-08-29 14:39 . 2010-08-22 16:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-08-27 18:26 . 2006-05-06 15:53 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-08-22 16:26 . 2010-08-22 16:11 -------- d-----w- c:\programme\Security Task Manager 2010-08-22 16:11 . 2010-08-22 16:11 57 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll 2010-08-22 16:11 . 2010-08-22 16:11 116 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll 2010-08-22 16:11 . 2010-08-22 16:11 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll 2010-08-22 16:11 . 2010-08-22 16:11 6205 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll 2010-08-22 16:11 . 2010-08-22 16:11 699 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll 2010-08-22 16:11 . 2010-08-22 16:11 55 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll 2010-08-22 16:11 . 2010-08-22 16:11 3356 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll 2010-08-22 16:11 . 2010-08-22 16:11 210 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll 2010-08-22 16:11 . 2010-08-22 16:11 2056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll 2010-08-22 16:11 . 2010-08-22 16:11 1055 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll 2010-08-22 16:11 . 2010-08-22 16:11 58 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll 2010-08-22 16:11 . 2010-08-22 16:11 833 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll 2010-08-18 13:06 . 2004-11-02 18:10 64650 ----a-w- c:\windows\system32\perfc007.dat 2010-08-18 13:06 . 2004-11-02 18:10 392842 ----a-w- c:\windows\system32\perfh007.dat 2010-08-17 15:54 . 2009-04-18 15:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW 2010-07-01 20:12 . 2010-07-01 20:12 112 ----a-w- c:\windows\system32\srvblck2.tmp 2010-06-30 12:28 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-04 04:00 1852032 ------w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-04 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys 2010-06-18 20:07 . 2009-02-07 13:34 160 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat 2010-06-17 14:03 . 2004-08-04 04:00 80384 ------w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-04 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2008-12-09 15:23 . 2008-12-09 15:23 47616 --sh--r- c:\windows\system32\appconf32.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888] "Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632] Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680] HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [07.02.2009 16:33 100032] S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232] . . ------- Zusätzlicher Suchlauf ------- . IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-08-31 19:05 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALCXWDM] "ImagePath"="system32\drivers\ALCXWDM.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AmdK8] "ImagePath"="system32\DRIVERS\AmdK8.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirScheduler] "ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirService] "ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Arp1394] "ImagePath"="system32\DRIVERS\arp1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ati HotKey Poller] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ati2mtag] "ImagePath"="system32\DRIVERS\ati2mtag.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atierecord] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Automatisches LiveUpdate - Scheduler] "ImagePath"="\"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AvgArCln] "ImagePath"="System32\DRIVERS\AvgArCln.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgio] "ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgntflt] "ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avipbb] "ImagePath"="system32\DRIVERS\avipbb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme] "ImagePath"="\??\c:\dokume~1\HP_BES~1.NAM\LOKALE~1\Temp\catchme.sys [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem] "ServiceDll"="c:\windows\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ] "ServiceDll"=" %SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hidusb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDriverT] "ImagePath"="\"c:\programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde] "ImagePath"="system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw] "ImagePath"="system32\drivers\ip6fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JavaQuickStarterService] "ImagePath"="\"c:\programme\Java\jre6\bin\jqs.exe\" -service -config \"c:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate] "ImagePath"="\"c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate Notice Service] "ImagePath"="\"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /m \"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc] "ImagePath"="c:\windows\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIC1394] "ImagePath"="system32\DRIVERS\nic1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pml Driver HPZ12] "ImagePath"="c:\windows\system32\HPZipm12.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Processor] "ImagePath"="system32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ps2] "ImagePath"="system32\DRIVERS\PS2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RTL8023xp] "ImagePath"="system32\DRIVERS\Rtnicxp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rtl8139] "ImagePath"="system32\DRIVERS\RTL8139.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SE4501D] "ImagePath"="system32\DRIVERS\SE4501D.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssmdrv] "ImagePath"="system32\DRIVERS\ssmdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SwPrv] "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{49ECC87E-722F-4CFD-ADDA-0BC30D854B7D}" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swwd] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TlntSvr] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usb] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbstor] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde] "ImagePath"="system32\DRIVERS\viaide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wmi] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApSrv] "ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc] "ImagePath"="\"c:\programme\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{5BDFA431-22ED-4E47-BF65-951D1CF79944}] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{7EA1D9EA-25EB-4E5E-B554-E4B089DE3C32}] [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{91C349D8-C3BC-4331-BE67-B82CCBE94DE2}] . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2010-08-31 19:09:28 ComboFix-quarantined-files.txt 2010-08-31 17:09 Vor Suchlauf: 9 Verzeichnis(se), 133.596.569.600 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 133.718.683.648 Bytes frei - - End Of File - - AF991E549B4A1D528AD1DA4A501186E1 |
02.09.2010, 21:39 | #17 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Antwort folgt morgen
__________________ |
03.09.2010, 17:31 | #18 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1
__________________Combofix mit Skript laufen lassen
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Schritt 2 Wie läufts? Noch Meldungen? |
03.09.2010, 18:24 | #19 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich hab die combo-Fix datei, kanns aber wieder weder als Code noch als Anhang hier reinstellen Combo-Fix Datei:Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - HP_Besitzer 03.09.2010 18:57:20.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.214 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} * Neuer Wiederherstellungspunkt wurde erstellt FILE :: "c:\windows\system32\appconf32.exe" "c:\windows\system32\urhtps.dat" . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\appconf32.exe c:\windows\system32\urhtps.dat . ((((((((((((((((((((((( Dateien erstellt von 2010-08-03 bis 2010-09-03 )))))))))))))))))))))))))))))) . 2010-08-30 20:59 . 2010-08-30 21:31 -------- d-----w- C:\Combo-Fix 2010-08-29 18:11 . 2010-08-29 18:11 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-08-29 19:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-08-29 18:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 16:26 . 2010-08-22 16:26 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help 2010-08-22 16:11 . 2010-08-22 16:11 799 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll 2010-08-22 15:06 . 2010-08-22 15:06 -------- d-----w- c:\programme\Unlocker 2010-08-21 12:36 . 2010-08-22 14:19 -------- d-----w- c:\programme\iKnowPS 2010-08-19 13:56 . 2010-08-19 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters 2010-08-19 13:55 . 2010-08-19 13:55 -------- d-----w- c:\programme\Fighters . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-02 17:40 . 2006-11-19 11:48 -------- d-----w- c:\programme\PokerStars 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\programme\Uniblue 2010-08-29 14:39 . 2010-08-22 16:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-08-27 18:26 . 2006-05-06 15:53 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-08-22 16:26 . 2010-08-22 16:11 -------- d-----w- c:\programme\Security Task Manager 2010-08-22 16:11 . 2010-08-22 16:11 57 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll 2010-08-22 16:11 . 2010-08-22 16:11 116 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll 2010-08-22 16:11 . 2010-08-22 16:11 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll 2010-08-22 16:11 . 2010-08-22 16:11 6205 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll 2010-08-22 16:11 . 2010-08-22 16:11 699 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll 2010-08-22 16:11 . 2010-08-22 16:11 55 ----a-w- weiter: c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll 2010-08-22 16:11 . 2010-08-22 16:11 3356 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll 2010-08-22 16:11 . 2010-08-22 16:11 210 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll 2010-08-22 16:11 . 2010-08-22 16:11 2056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll 2010-08-22 16:11 . 2010-08-22 16:11 1055 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll 2010-08-22 16:11 . 2010-08-22 16:11 58 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll 2010-08-22 16:11 . 2010-08-22 16:11 833 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll 2010-08-18 13:06 . 2004-11-02 18:10 64650 ----a-w- c:\windows\system32\perfc007.dat 2010-08-18 13:06 . 2004-11-02 18:10 392842 ----a-w- c:\windows\system32\perfh007.dat 2010-08-17 15:54 . 2009-04-18 15:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW 2010-07-01 20:12 . 2010-07-01 20:12 112 ----a-w- c:\windows\system32\srvblck2.tmp 2010-06-30 12:28 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-04 04:00 1852032 ------w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-04 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys 2010-06-18 20:07 . 2009-02-07 13:34 160 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat 2010-06-17 14:03 . 2004-08-04 04:00 80384 ------w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-04 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-31_17.05.03 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-03 16:22 . 2010-09-03 16:22 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888] "Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632] Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680] HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232] . . ------- Zusätzlicher Suchlauf ------- . IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-09-03 19:05 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2010-09-03 19:09:35 ComboFix-quarantined-files.txt 2010-09-03 17:09 Vor Suchlauf: 14 Verzeichnis(se), 133.626.843.136 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 133.615.886.336 Bytes frei - - End Of File - - 8E3D7B5DADE6C637ACEE56D85219F210 |
03.09.2010, 18:28 | #20 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Nach diese Anleitung in Code-Tags gehts nicht? |
03.09.2010, 18:30 | #21 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung wenn ich auf Datei hochladen klicke, kommt im Problembericht: C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\firefox.exe.mdmp C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\appcompat.txt Falls dir das hilft. Sonst habe ich momentan nichts feststellen können, Firefox hat nach Neustart immer noch relativ lange gebraucht, wenn auch nicht mehr ganz so lange. |
03.09.2010, 18:32 | #22 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich kann kleine Tags machen Code:
ATTFilter test fjdkfkjsflfkdsjklsdfjdlkfjdkfdlfdjfklffjklsdfjlksfj |
03.09.2010, 21:29 | #23 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1 Wende bitte CCleaner an. Schritt 2 Programme updaten Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor. |
04.09.2010, 19:49 | #24 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Cleaner hab ich gemacht. Updates auch, er findet aber noch verschiedene alte java Versionen, habe aber 1x geupdatet und die Meldung kommt noch. dann hab ich eben nochmal Malwarebytes laufen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4544 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04.09.2010 20:24:05 mbam-log-2010-09-04 (20-24-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 142149 Laufzeit: 8 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 34 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken. Infizierte Dateien: C:\WINDOWS\system32\xmldm\1384_FF_0000000117.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\1504_FF_0000000107.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000087.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000088.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000089.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000090.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000091.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000092.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\2360_FF_0000000093.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\308_FF_0000000094.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\308_FF_0000000095.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\308_FF_0000000096.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\308_FF_0000000097.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\308_FF_0000000098.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000099.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000100.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000101.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000102.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000103.frm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3416_FF_0000000104.pst (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3428_FF_0000000105.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3428_FF_0000000106.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3800_FF_0000000108_ifrm.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3800_FF_0000000109.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\3800_FF_0000000110.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4088_FF_0000000113.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4088_FF_0000000114.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4088_FF_0000000115_ifrm.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4088_FF_0000000116_ifrm.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4520_FF_0000000111.htm (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\4520_FF_0000000112.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CB35A8ADABD10C_00006992_rasphone.pbk (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CB35A8AF7A5940_00006992_rasphone.pbk (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CB372477FEA5DE_00004328_rasphone.pbk (Stolen.Data) -> No action taken. |
04.09.2010, 23:09 | #25 | |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Schritt 1 TDSSKiller von Kaspersky
Schritt 2 Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
Schritt 3 Wende bitte AVZ an und poste das Log. |
05.09.2010, 15:54 | #26 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung TDSKiller: Neustart gabs nicht, wurde aber auch nichts gefunden. sorry muss wieder aufteilen Code:
ATTFilter 2010/09/05 16:48:29.0750 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06 2010/09/05 16:48:29.0750 ================================================================================ 2010/09/05 16:48:29.0750 SystemInfo: 2010/09/05 16:48:29.0750 2010/09/05 16:48:29.0750 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/05 16:48:29.0750 Product type: Workstation 2010/09/05 16:48:29.0750 ComputerName: NAME-CD5FDA878D 2010/09/05 16:48:29.0750 UserName: HP_Besitzer 2010/09/05 16:48:29.0750 Windows directory: C:\WINDOWS 2010/09/05 16:48:29.0750 System windows directory: C:\WINDOWS 2010/09/05 16:48:29.0750 Processor architecture: Intel x86 2010/09/05 16:48:29.0750 Number of processors: 1 2010/09/05 16:48:29.0750 Page size: 0x1000 2010/09/05 16:48:29.0750 Boot type: Normal boot 2010/09/05 16:48:29.0750 ================================================================================ 2010/09/05 16:48:30.0218 Initialize success 2010/09/05 16:48:37.0265 ================================================================================ 2010/09/05 16:48:37.0265 Scan started 2010/09/05 16:48:37.0265 Mode: Manual; 2010/09/05 16:48:37.0265 ================================================================================ 2010/09/05 16:48:38.0421 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/05 16:48:38.0468 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/05 16:48:38.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/05 16:48:38.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/05 16:48:38.0859 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/09/05 16:48:39.0062 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2010/09/05 16:48:39.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/05 16:48:39.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/05 16:48:39.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/05 16:48:39.0500 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/09/05 16:48:39.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/05 16:48:39.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/05 16:48:39.0718 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys 2010/09/05 16:48:39.0828 avgio (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 2010/09/05 16:48:39.0875 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 2010/09/05 16:48:39.0906 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/09/05 16:48:39.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/05 16:48:40.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/05 16:48:40.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/05 16:48:40.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/05 16:48:40.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/05 16:48:40.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/05 16:48:40.0656 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/05 16:48:40.0703 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/05 16:48:40.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/05 16:48:40.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/05 16:48:40.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/05 16:48:40.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/05 16:48:40.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/05 16:48:41.0015 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/05 16:48:41.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/05 16:48:41.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/05 16:48:41.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/05 16:48:41.0156 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/05 16:48:41.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/05 16:48:41.0250 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/05 16:48:41.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/05 16:48:41.0437 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/05 16:48:41.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/05 16:48:41.0562 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/05 16:48:41.0593 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/05 16:48:41.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/05 16:48:41.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/05 16:48:41.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/05 16:48:41.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/05 16:48:41.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/05 16:48:41.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/05 16:48:41.0828 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/05 16:48:41.0859 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/05 16:48:41.0890 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/09/05 16:48:41.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/05 16:48:41.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/05 16:48:42.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/05 16:48:42.0109 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/05 16:48:42.0140 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/05 16:48:42.0156 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/05 16:48:42.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/05 16:48:42.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/05 16:48:42.0343 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/05 16:48:42.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/05 16:48:42.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/05 16:48:42.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/05 16:48:42.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/05 16:48:42.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/05 16:48:42.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/05 16:48:42.0578 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/05 16:48:42.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/05 16:48:42.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/05 16:48:42.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/05 16:48:42.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/05 16:48:42.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/05 16:48:42.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/05 16:48:42.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/05 16:48:42.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/05 16:48:42.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/05 16:48:43.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/05 16:48:43.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/05 16:48:43.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/05 16:48:43.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/05 16:48:43.0156 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/05 16:48:43.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/05 16:48:43.0234 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/05 16:48:43.0265 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/05 16:48:43.0312 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/05 16:48:43.0359 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/05 16:48:43.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/05 16:48:43.0625 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/09/05 16:48:43.0671 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/09/05 16:48:43.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/05 16:48:43.0765 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2010/09/05 16:48:43.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/05 16:48:43.0828 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/09/05 16:48:43.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/05 16:48:44.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/05 16:48:44.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/05 16:48:44.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/05 16:48:44.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/05 16:48:44.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/05 16:48:44.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/05 16:48:44.0296 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/05 16:48:44.0343 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2010/09/05 16:48:44.0390 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/09/05 16:48:44.0468 SE4501D (8dc9cf101d175a1daf2fd917e19a68b1) C:\WINDOWS\system32\DRIVERS\SE4501D.sys 2010/09/05 16:48:44.0531 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/05 16:48:44.0593 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/05 16:48:44.0640 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/05 16:48:44.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/05 16:48:44.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/05 16:48:44.0875 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/05 16:48:44.0937 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/05 16:48:44.0984 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/09/05 16:48:45.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/05 16:48:45.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/05 16:48:45.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/05 16:48:45.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/05 16:48:45.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/05 16:48:45.0390 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/05 16:48:45.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/05 16:48:45.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/05 16:48:45.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/05 16:48:45.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/05 16:48:45.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/05 16:48:45.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/05 16:48:45.0812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/09/05 16:48:45.0859 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/05 16:48:45.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/05 16:48:45.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/05 16:48:45.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/09/05 16:48:46.0015 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/05 16:48:46.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/05 16:48:46.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/05 16:48:46.0265 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/05 16:48:46.0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/05 16:48:46.0375 ================================================================================ 2010/09/05 16:48:46.0375 Scan finished 2010/09/05 16:48:46.0375 ================================================================================ |
05.09.2010, 16:33 | #27 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung RKU 1. Teil: Code:
ATTFilter RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0xF6DDA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3645440 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM)) 0xBF0BF000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069120 bytes (Microsoft Corporation, NT-Kernel und -System) 0x804D7000 PnpManager 2069120 bytes 0x804D7000 RAW 2069120 bytes 0x804D7000 WMIxWDM 2069120 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber) 0xF71F1000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBF30C000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver) 0xF73CE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xF26AB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF688C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xF2617000 C:\WINDOWS\system32\DRIVERS\SE4501D.sys 380928 bytes (Siemens AG, Siemens Wireless NDIS 5.1 Driver) 0xF27B8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xEFE75000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xEF286000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver) 0xBF051000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module) 0xBF08A000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager) 0xF74EC000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT) 0xF73A1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xF2743000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xF2790000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xF2685000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xF25F3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xF6DB6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF718B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF7168000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xF276E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806D1000 ACPI_HAL 131840 bytes 0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF7484000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF74BC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber) 0xF7387000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF74A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xF25DB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF745B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF6D8B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xF000A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF001F000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver) 0xF6DA2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Treiber für parallelen Anschluss) 0xF7154000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver ) 0xF71DD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xF2811000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF7472000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung) 0xF2674000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 69632 bytes (Avira GmbH, Avira Driver for RootKit Detection) 0xF74DB000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator) 0xF6D7A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF784C000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver) 0xEFD9D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF786C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF788C000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xF762C000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xF77AC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xF76AC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF787C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber) 0xF03B3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF774C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF763C000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xF765C000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber) 0xF767C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF76BC000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber) 0xF76CC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF76EC000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF778C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber) 0xF785C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF764C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF76DC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF761C000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber) 0xF771C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF770C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF766C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF76FC000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF775C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xEEFE3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF779C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF79DC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF7984000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF79C4000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF799C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber) 0xF789C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF79EC000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xF798C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber) 0xF79E4000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (AVIRA GmbH, AVIRA SnapShot Driver) 0xF79CC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF79D4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF78A4000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF7994000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS) 0xF79AC000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF78AC000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF79B4000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver) 0xF79A4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF797C000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xF79FC000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF7AFC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xF043F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xF7A2C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF7AD4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF7AEC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF734B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF7B54000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter) 0xF7B4C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF7B56000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xF7B4A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF7B22000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Treiber) 0xF7B1C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF7B4E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF7B50000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF7B46000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF7B48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF7B20000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0xF7B1E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF7CEB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xF7C63000 C:\WINDOWS\System32\DRIVERS\AvgArCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver) 0xF7C72000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF7C62000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF7BE4000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber) ============================================== >Stealth ============================================== |
05.09.2010, 22:17 | #28 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Ja das umbenennen ist wichtig. In einen andeen namen geht auch nicht? |
06.09.2010, 17:41 | #29 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich konnte es doch noch umbenennen, indem ich die datei kurz in nen anderen ordner geschoben habe. Ich habe gelesen, dass so ein AVZ Scan sehr lange dauern kann... Kannst du mir ne Durchschnittslaufzeit ca. sagen? Wenns wirklich mehr als 6 h dauert dann verschieb ichs aufn Samstag. |
07.09.2010, 10:54 | #30 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Es liegt an Dir. Ich würde Dir aber empfehlen das System bis zum Scan nicht zu nutzen. |
Themen zu TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung |
.dll, 5 minuten, acroiehelpe, anti-malware, antivir, auswertung, browser, center, dateien, explorer, festgestellt, firefox, gmer, grundlos, hallo zusammen, helper, hintergrundgeräusche, löschen, malwarebytes, microsoft, nicht sicher, software, start, stolen.data, system volume information, system32, task manager, tr/dropper.gen, trojaner, trojaner gehabt, xmldm |