| |
| |||||||
Log-Analyse und Auswertung: Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2011, 11:20
| #1 |
 |  Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Moin Trojaner-Board, als ich heute Morgen mein FF4 öffnete, stand dort, dass der Proxy-Server die Verbindung verweigert. Als ich in den Internetoptionen-->LAN-Einstellungen nachtgeschaut habe, war der Haken in der Checkbox bei "Proxyserver für LAN verwende..." gesetzt. Nach dem Entfernen des Hakens habe ich einen Fullscan mit meinem Antiviruspriogramm (Security Essentials) vollzogen und folgendes Ergebnis erhalten: "Kategorie: Hintertür Beschreibung: Dieses Programm stellt einen Remotezugriff auf den Computer bereit, auf dem es installiert ist. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung. Elemente: file:C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5cce129d-283aea43 file:C:\Users\Daniel\AppData\Local\Temp\0.05056013415392013.exe Lesen Sie im Internet weitere Informationen zu diesem Element." Danach habe ich nach Informationen im Netz über den Cybot.B-Trojaner gestöbert und bin auf euer Forum gestoßen. Ich habe alle Schritte, welche in dem "Für Hilfesuchende-Thread" aufgelistet wurden, durchgeführt und im Anhang die Logfiles hinterlegt. Eigene Schritte habe ich insofern unternommen, dass ich den Schädling mit Hilfe von Malwarebytes entfernt habe. Zum. laut dem Log :-P. Über Hilfe und Aufklärung wäre ich sehr dankbar! Mit freundlichen Grüßen Daniel |
|
24.05.2011, 19:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
24.05.2011, 22:13
| #3 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Danke für die schnelle Antwort!
__________________Hier der Inhalt des Logfiles: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6665 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24.05.2011 23:11:06 mbam-log-2011-05-24 (23-11-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 395812 Laufzeit: 55 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Daniel\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29\5cce129d-6efcdb17-temp (Malware.Packer.GenX) -> Quarantined and deleted successfully. |
|
25.05.2011, 08:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\Shell - "" = AutoRun
O33 - MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun
O33 - MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun
O33 - MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun
O33 - MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.05.22 20:19:43 | 000,004,353 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\BFFE.4A0
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.05.2011, 09:52
| #5 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Hi Arne, hier der Log nach dem Fix: ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found. File J:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe -a not found. C:\Users\Daniel\AppData\Roaming\BFFE.4A0 moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 05252011_104847 Gruß Daniel |
|
25.05.2011, 10:42
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) |
|
25.05.2011, 11:24
| #7 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Log: 2011/05/25 12:20:42.0621 0168 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/05/25 12:20:42.0746 0168 ================================================================================ 2011/05/25 12:20:42.0746 0168 SystemInfo: 2011/05/25 12:20:42.0746 0168 2011/05/25 12:20:42.0746 0168 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/25 12:20:42.0746 0168 Product type: Workstation 2011/05/25 12:20:42.0746 0168 ComputerName: DANIEL-PC 2011/05/25 12:20:42.0746 0168 UserName: Daniel 2011/05/25 12:20:42.0746 0168 Windows directory: C:\Windows 2011/05/25 12:20:42.0746 0168 System windows directory: C:\Windows 2011/05/25 12:20:42.0746 0168 Running under WOW64 2011/05/25 12:20:42.0746 0168 Processor architecture: Intel x64 2011/05/25 12:20:42.0746 0168 Number of processors: 4 2011/05/25 12:20:42.0746 0168 Page size: 0x1000 2011/05/25 12:20:42.0746 0168 Boot type: Normal boot 2011/05/25 12:20:42.0746 0168 ================================================================================ 2011/05/25 12:20:43.0510 0168 Initialize success 2011/05/25 12:20:44.0914 4644 ================================================================================ 2011/05/25 12:20:44.0914 4644 Scan started 2011/05/25 12:20:44.0914 4644 Mode: Manual; 2011/05/25 12:20:44.0914 4644 ================================================================================ 2011/05/25 12:20:45.0647 4644 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/25 12:20:45.0663 4644 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/25 12:20:45.0694 4644 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/25 12:20:45.0741 4644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/25 12:20:45.0757 4644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/25 12:20:45.0788 4644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/25 12:20:45.0819 4644 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys 2011/05/25 12:20:45.0866 4644 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/25 12:20:45.0881 4644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/25 12:20:45.0928 4644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/25 12:20:45.0959 4644 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys 2011/05/25 12:20:45.0975 4644 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys 2011/05/25 12:20:45.0991 4644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/25 12:20:46.0022 4644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/25 12:20:46.0162 4644 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/25 12:20:46.0209 4644 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/05/25 12:20:46.0209 4644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/25 12:20:46.0240 4644 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/25 12:20:46.0271 4644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/25 12:20:46.0287 4644 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/25 12:20:46.0303 4644 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/25 12:20:46.0349 4644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/25 12:20:46.0381 4644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/25 12:20:46.0396 4644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/25 12:20:46.0412 4644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/25 12:20:46.0459 4644 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 2011/05/25 12:20:46.0490 4644 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 2011/05/25 12:20:46.0615 4644 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/25 12:20:46.0677 4644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/25 12:20:46.0708 4644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/25 12:20:46.0724 4644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/25 12:20:46.0771 4644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/25 12:20:46.0786 4644 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/25 12:20:46.0802 4644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/25 12:20:46.0817 4644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/25 12:20:46.0849 4644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/25 12:20:46.0864 4644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/25 12:20:46.0880 4644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/25 12:20:46.0895 4644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/25 12:20:46.0911 4644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/25 12:20:46.0942 4644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/25 12:20:46.0973 4644 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/25 12:20:46.0989 4644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/25 12:20:47.0020 4644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/25 12:20:47.0083 4644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/25 12:20:47.0098 4644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/25 12:20:47.0129 4644 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/25 12:20:47.0145 4644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/25 12:20:47.0161 4644 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/25 12:20:47.0301 4644 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 2011/05/25 12:20:47.0348 4644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/25 12:20:47.0379 4644 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2011/05/25 12:20:47.0410 4644 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/25 12:20:47.0426 4644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/25 12:20:47.0441 4644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/25 12:20:47.0473 4644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/25 12:20:47.0519 4644 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/25 12:20:47.0597 4644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/25 12:20:47.0644 4644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/25 12:20:47.0675 4644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/25 12:20:47.0707 4644 ET5Drv (5dc0914e8c6168de7702b8e2dc140b80) C:\Windows\ET5Drv.sys 2011/05/25 12:20:47.0738 4644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/25 12:20:47.0753 4644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/25 12:20:47.0769 4644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/25 12:20:47.0800 4644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/25 12:20:47.0816 4644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/25 12:20:47.0831 4644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/25 12:20:47.0863 4644 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/25 12:20:47.0878 4644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/25 12:20:47.0894 4644 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/25 12:20:47.0941 4644 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/25 12:20:47.0972 4644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/25 12:20:48.0003 4644 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys 2011/05/25 12:20:48.0050 4644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/25 12:20:48.0097 4644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/25 12:20:48.0128 4644 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/25 12:20:48.0175 4644 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/25 12:20:48.0190 4644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/25 12:20:48.0206 4644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/25 12:20:48.0221 4644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/25 12:20:48.0253 4644 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/25 12:20:48.0284 4644 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/25 12:20:48.0331 4644 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/25 12:20:48.0377 4644 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/05/25 12:20:48.0393 4644 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/25 12:20:48.0424 4644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/25 12:20:48.0471 4644 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/25 12:20:48.0518 4644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/25 12:20:48.0611 4644 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/25 12:20:48.0643 4644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/25 12:20:48.0658 4644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/25 12:20:48.0689 4644 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/25 12:20:48.0705 4644 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/25 12:20:48.0721 4644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/25 12:20:48.0752 4644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/25 12:20:48.0783 4644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/25 12:20:48.0814 4644 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/25 12:20:48.0830 4644 JRAID (98e7d6164eba27ef25835f95910e622c) C:\Windows\system32\DRIVERS\jraid.sys 2011/05/25 12:20:48.0861 4644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/25 12:20:48.0877 4644 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/25 12:20:48.0892 4644 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/25 12:20:48.0908 4644 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/25 12:20:48.0939 4644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/25 12:20:48.0986 4644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/25 12:20:49.0017 4644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/25 12:20:49.0033 4644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/25 12:20:49.0048 4644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/25 12:20:49.0079 4644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/25 12:20:49.0079 4644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/25 12:20:49.0111 4644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/25 12:20:49.0142 4644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/25 12:20:49.0204 4644 mod7700 (5289f0f94d6fe072d3dc72ea17df57e9) C:\Windows\system32\Drivers\dvb7700all.sys 2011/05/25 12:20:49.0220 4644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/25 12:20:49.0251 4644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/25 12:20:49.0267 4644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/25 12:20:49.0282 4644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/25 12:20:49.0298 4644 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/25 12:20:49.0345 4644 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys 2011/05/25 12:20:49.0360 4644 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/25 12:20:49.0391 4644 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys 2011/05/25 12:20:49.0407 4644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/25 12:20:49.0438 4644 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/25 12:20:49.0469 4644 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/25 12:20:49.0485 4644 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/25 12:20:49.0501 4644 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/25 12:20:49.0532 4644 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/25 12:20:49.0547 4644 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/25 12:20:49.0579 4644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/25 12:20:49.0594 4644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/25 12:20:49.0610 4644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/25 12:20:49.0641 4644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/25 12:20:49.0657 4644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/25 12:20:49.0672 4644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/25 12:20:49.0703 4644 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/25 12:20:49.0719 4644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/25 12:20:49.0750 4644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/25 12:20:49.0766 4644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/25 12:20:49.0797 4644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/25 12:20:49.0828 4644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/25 12:20:49.0859 4644 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/25 12:20:49.0891 4644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/25 12:20:49.0906 4644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/25 12:20:49.0937 4644 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/25 12:20:49.0953 4644 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/25 12:20:49.0984 4644 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/25 12:20:49.0984 4644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/25 12:20:50.0015 4644 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/25 12:20:50.0062 4644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/25 12:20:50.0078 4644 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 2011/05/25 12:20:50.0109 4644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/25 12:20:50.0125 4644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/25 12:20:50.0187 4644 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/25 12:20:50.0218 4644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/25 12:20:50.0249 4644 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/25 12:20:50.0281 4644 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/25 12:20:50.0327 4644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/25 12:20:50.0343 4644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/25 12:20:50.0405 4644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/25 12:20:50.0421 4644 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/25 12:20:50.0437 4644 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/25 12:20:50.0452 4644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/25 12:20:50.0468 4644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/25 12:20:50.0483 4644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/25 12:20:50.0515 4644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/25 12:20:50.0608 4644 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/25 12:20:50.0639 4644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/25 12:20:50.0671 4644 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/25 12:20:50.0717 4644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/25 12:20:50.0749 4644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/25 12:20:50.0764 4644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/25 12:20:50.0780 4644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/25 12:20:50.0811 4644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/25 12:20:50.0827 4644 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/25 12:20:50.0858 4644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/25 12:20:50.0858 4644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/25 12:20:50.0889 4644 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/25 12:20:50.0889 4644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/25 12:20:50.0920 4644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/25 12:20:50.0951 4644 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2011/05/25 12:20:50.0967 4644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/25 12:20:50.0983 4644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/25 12:20:51.0014 4644 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/25 12:20:51.0029 4644 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/25 12:20:51.0061 4644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/25 12:20:51.0092 4644 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/25 12:20:51.0139 4644 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys 2011/05/25 12:20:51.0170 4644 s125bus (ae722fd346b75b776ca75f297347ee8a) C:\Windows\system32\DRIVERS\s125bus.sys 2011/05/25 12:20:51.0201 4644 s125mdfl (651362aadc145d0028df288182989136) C:\Windows\system32\DRIVERS\s125mdfl.sys 2011/05/25 12:20:51.0232 4644 s125mdm (0744248b0ee7c0f652882ae3b67e6429) C:\Windows\system32\DRIVERS\s125mdm.sys 2011/05/25 12:20:51.0232 4644 s125mgmt (51c6262ad6dd5da12543f623b0ee2ebf) C:\Windows\system32\DRIVERS\s125mgmt.sys 2011/05/25 12:20:51.0248 4644 s125obex (5a5b9b10a9545a832b436884a1d1a848) C:\Windows\system32\DRIVERS\s125obex.sys 2011/05/25 12:20:51.0279 4644 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/05/25 12:20:51.0295 4644 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/25 12:20:51.0326 4644 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/25 12:20:51.0357 4644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/25 12:20:51.0373 4644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/25 12:20:51.0388 4644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/25 12:20:51.0404 4644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/25 12:20:51.0435 4644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/25 12:20:51.0451 4644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/25 12:20:51.0466 4644 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/25 12:20:51.0482 4644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/25 12:20:51.0513 4644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/25 12:20:51.0544 4644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/25 12:20:51.0560 4644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/25 12:20:51.0591 4644 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys 2011/05/25 12:20:51.0607 4644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/25 12:20:51.0669 4644 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/05/25 12:20:51.0669 4644 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/05/25 12:20:51.0669 4644 sptd - detected LockedFile.Multi.Generic (1) 2011/05/25 12:20:51.0685 4644 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/25 12:20:51.0716 4644 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/25 12:20:51.0731 4644 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/25 12:20:51.0763 4644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/25 12:20:51.0778 4644 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/05/25 12:20:51.0809 4644 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2011/05/25 12:20:51.0825 4644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/25 12:20:51.0903 4644 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/25 12:20:51.0934 4644 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/25 12:20:51.0965 4644 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/25 12:20:51.0997 4644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/25 12:20:52.0028 4644 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys 2011/05/25 12:20:52.0043 4644 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/25 12:20:52.0075 4644 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/25 12:20:52.0106 4644 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/25 12:20:52.0153 4644 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys 2011/05/25 12:20:52.0184 4644 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/25 12:20:52.0277 4644 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys 2011/05/25 12:20:52.0309 4644 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/25 12:20:52.0355 4644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/25 12:20:52.0402 4644 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/25 12:20:52.0449 4644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/25 12:20:52.0465 4644 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/25 12:20:52.0480 4644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/25 12:20:52.0527 4644 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2011/05/25 12:20:52.0558 4644 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/25 12:20:52.0574 4644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/25 12:20:52.0605 4644 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 2011/05/25 12:20:52.0621 4644 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/25 12:20:52.0636 4644 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 2011/05/25 12:20:52.0652 4644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/25 12:20:52.0683 4644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/25 12:20:52.0699 4644 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/25 12:20:52.0730 4644 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 2011/05/25 12:20:52.0761 4644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/25 12:20:52.0792 4644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/25 12:20:52.0808 4644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/25 12:20:52.0823 4644 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/25 12:20:52.0839 4644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/25 12:20:52.0870 4644 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2011/05/25 12:20:52.0901 4644 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/05/25 12:20:52.0917 4644 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/25 12:20:52.0933 4644 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/25 12:20:52.0948 4644 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/25 12:20:52.0964 4644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/25 12:20:52.0995 4644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/25 12:20:53.0026 4644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/25 12:20:53.0042 4644 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/25 12:20:53.0057 4644 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/25 12:20:53.0104 4644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/25 12:20:53.0135 4644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/25 12:20:53.0198 4644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/25 12:20:53.0213 4644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/25 12:20:53.0291 4644 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/25 12:20:53.0307 4644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/25 12:20:53.0338 4644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/25 12:20:53.0369 4644 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/25 12:20:53.0401 4644 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/25 12:20:53.0432 4644 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/05/25 12:20:53.0432 4644 ================================================================================ 2011/05/25 12:20:53.0432 4644 Scan finished 2011/05/25 12:20:53.0432 4644 ================================================================================ 2011/05/25 12:20:53.0447 3960 Detected object count: 1 2011/05/25 12:20:53.0447 3960 Actual detected object count: 1 2011/05/25 12:21:57.0860 3960 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/05/25 12:21:57.0876 3960 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/05/25 12:21:57.0876 3960 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/05/25 12:21:57.0876 3960 LockedFile.Multi.Generic(sptd) - User select action: Delete |
|
25.05.2011, 13:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2011, 17:13
| #9 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-24.06 - Daniel 25.05.2011 18:04:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2772 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\invokesi.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-25 bis 2011-05-25 ))))))))))))))))))))))))))))))
.
.
2011-05-25 16:08 . 2011-05-25 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 08:49 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0C643B9-C4B7-4517-B84F-4E10FB1480CE}\mpengine.dll
2011-05-25 08:48 . 2011-05-25 08:48 -------- d-----w- C:\_OTL
2011-05-25 05:16 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-24 08:21 . 2011-05-24 08:21 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-05-24 08:20 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-24 08:20 . 2011-05-24 08:20 -------- d-----w- c:\programdata\Malwarebytes
2011-05-24 08:20 . 2011-05-24 08:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-24 08:20 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 15:29 . 2011-01-27 18:26 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A8BEDA-F616-40B0-A8F9-A3A63EA9FA91}\gapaengine.dll
2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-05-19 05:51 . 2011-05-24 06:14 -------- d-----w- c:\users\Daniel\AppData\Roaming\Winamp
2011-05-18 11:44 . 2011-05-18 11:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-13 14:10 . 2011-05-20 22:08 -------- d-----w- c:\programdata\Skype Extras
2011-05-13 14:10 . 2011-05-13 14:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 18:17 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:17 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:17 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:17 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:17 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:17 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:17 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:17 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:17 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:17 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 16:34 . 2011-05-10 16:40 -------- d-----w- c:\program files (x86)\Razer
2011-04-30 12:55 . 2011-05-25 07:19 -------- d-----w- C:\World of Warcraft
2011-04-30 12:55 . 2011-04-30 14:27 -------- d-----w- c:\program files (x86)\World of Warcraft
2011-04-30 11:04 . 2011-04-30 11:04 -------- d-----w- c:\program files (x86)\Smart PC Solutions
2011-04-28 19:35 . 2011-04-28 19:35 -------- d-----w- c:\program files (x86)\Avira
2011-04-28 09:26 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-28 09:26 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 09:26 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 09:26 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 18:18 . 2011-05-04 05:16 -------- d-----w- c:\program files (x86)\ICQ7.5
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 22:00 . 2010-07-02 11:07 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-12 13:29 . 2011-04-12 13:29 428416 ----a-w- c:\windows\SysWow64\RzMwApi.dll
2011-04-10 11:58 . 2010-07-01 10:39 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-10 11:58 . 2011-01-05 12:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-02 07:46 . 2011-01-05 12:53 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-02 07:46 . 2010-07-01 10:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-02 07:46 . 2010-07-01 10:39 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-31 13:01 . 2011-03-31 13:01 126464 ----a-w- c:\windows\system32\drivers\RzSynapse.sys
2011-03-29 09:04 . 2010-08-26 08:32 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 06:19 . 2011-04-13 18:09 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-13 18:09 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-13 18:09 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 18:09 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-13 18:09 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 18:09 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 09:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 09:26 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 18:09 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 18:09 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 18:09 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 18:09 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-05-01 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5141512]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-2-17 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-01 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 1403200]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362952]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/skins7/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\w2jj33h0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/multimedia/sendung/ts26426.html
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-20175182.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-NCsoft-AionEU - c:\users\Daniel\Desktop\Launcher\Launcher\NCLauncher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3772366644-752120911-2093830767-1001\Software\SecuROM\License information*]
"datasecu"=hex:cd,ad,53,ce,6e,bc,fd,59,a9,51,36,ab,6d,1f,ed,3b,80,77,9e,1c,82,
e9,5e,c3,ed,16,a0,af,86,11,66,c2,a0,e1,99,ba,13,e0,0b,d1,d3,e4,67,27,86,55,\
"rkeysecu"=hex:0e,8e,42,7c,fe,55,6d,b9,49,b1,de,19,57,3e,51,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-25 18:10:08
ComboFix-quarantined-files.txt 2011-05-25 16:10
.
Vor Suchlauf: 13 Verzeichnis(se), 58.196.332.544 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 58.004.127.744 Bytes frei
.
- - End Of File - - 8D848A1F00633BEB267D0A39A6405E8B
Danke für deine Mühe! |
|
25.05.2011, 20:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\DRIVERS\afcdp.sys
Driver::
afcdp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 15:50
| #11 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Combofix Logfile: Code:
ATTFilter ComboFix 11-05-25.03 - Daniel 26.05.2011 16:36:59.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2480 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Daniel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\afcdp.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\afcdp.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFCDP
-------\Service_afcdp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-26 bis 2011-05-26 ))))))))))))))))))))))))))))))
.
.
2011-05-26 14:40 . 2011-05-26 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-26 14:35 . 2011-05-26 14:35 -------- d-----w- C:\cofi
2011-05-26 06:37 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB4BB6A-BCE8-465D-9DFB-916B86323595}\mpengine.dll
2011-05-25 08:48 . 2011-05-25 08:48 -------- d-----w- C:\_OTL
2011-05-25 05:16 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 14:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-24 08:21 . 2011-05-24 08:21 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-05-24 08:20 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-24 08:20 . 2011-05-24 08:20 -------- d-----w- c:\programdata\Malwarebytes
2011-05-24 08:20 . 2011-05-24 08:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-24 08:20 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 15:29 . 2011-01-27 18:26 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A8BEDA-F616-40B0-A8F9-A3A63EA9FA91}\gapaengine.dll
2011-05-19 05:51 . 2011-05-19 05:51 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-05-19 05:51 . 2011-05-24 06:14 -------- d-----w- c:\users\Daniel\AppData\Roaming\Winamp
2011-05-18 11:44 . 2011-05-18 11:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-13 14:10 . 2011-05-25 16:23 -------- d-----w- c:\programdata\Skype Extras
2011-05-13 14:10 . 2011-05-13 14:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 18:17 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:17 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:17 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:17 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:17 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:17 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:17 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:17 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:17 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:17 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 16:34 . 2011-05-10 16:40 -------- d-----w- c:\program files (x86)\Razer
2011-04-30 12:55 . 2011-05-26 14:29 -------- d-----w- C:\World of Warcraft
2011-04-30 12:55 . 2011-04-30 14:27 -------- d-----w- c:\program files (x86)\World of Warcraft
2011-04-30 11:04 . 2011-04-30 11:04 -------- d-----w- c:\program files (x86)\Smart PC Solutions
2011-04-28 19:35 . 2011-04-28 19:35 -------- d-----w- c:\program files (x86)\Avira
2011-04-28 09:26 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-28 09:26 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 09:26 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 09:26 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 18:18 . 2011-05-04 05:16 -------- d-----w- c:\program files (x86)\ICQ7.5
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 22:00 . 2010-07-02 11:07 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-12 13:29 . 2011-04-12 13:29 428416 ----a-w- c:\windows\SysWow64\RzMwApi.dll
2011-04-10 11:58 . 2010-07-01 10:39 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-10 11:58 . 2011-01-05 12:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-02 07:46 . 2011-01-05 12:53 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-02 07:46 . 2010-07-01 10:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-02 07:46 . 2010-07-01 10:39 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-31 13:01 . 2011-03-31 13:01 126464 ----a-w- c:\windows\system32\drivers\RzSynapse.sys
2011-03-29 09:04 . 2010-08-26 08:32 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 06:19 . 2011-04-13 18:09 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-13 18:09 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-13 18:09 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 18:09 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-13 18:09 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 18:09 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 09:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 09:26 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 18:09 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 18:09 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 18:09 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 18:09 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-25_16.08.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 08:59 . 2011-05-26 08:11 52002 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-25 15:48 32044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-26 13:08 32044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-01 08:12 . 2011-05-26 13:08 19648 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3772366644-752120911-2093830767-1001_UserData.bin
+ 2010-07-01 08:07 . 2011-05-26 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 08:07 . 2011-05-25 15:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-05-26 06:33 83416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-07-01 08:07 . 2011-05-25 15:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-01 08:07 . 2011-05-26 14:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-01 08:07 . 2011-05-26 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-01 08:07 . 2011-05-25 15:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-01 08:11 . 2011-05-26 14:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 08:11 . 2011-05-25 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 08:11 . 2011-05-25 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-01 08:11 . 2011-05-26 14:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-26 14:42 . 2011-05-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-25 15:46 . 2011-05-25 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-26 14:42 . 2011-05-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-25 15:46 . 2011-05-25 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-25 11:27 397580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-26 14:41 397580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-04-10 15:31 . 2007-04-10 15:31 930816 c:\windows\Installer\a9484.msi
- 2010-07-24 02:29 . 2011-05-25 10:23 2144616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-07-24 02:29 . 2011-05-26 14:41 2144616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-18 04:06 . 2011-05-26 14:41 9981928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772366644-752120911-2093830767-1001-8192.dat
- 2011-02-18 04:06 . 2011-05-25 11:27 9981928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772366644-752120911-2093830767-1001-8192.dat
- 2009-07-14 02:34 . 2011-05-25 15:59 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-26 06:47 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5141512]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-5-26 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-01 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 1403200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi10044c\CF22884.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362952]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/skins7/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\w2jj33h0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/multimedia/sendung/ts26426.html
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3772366644-752120911-2093830767-1001\Software\SecuROM\License information*]
"datasecu"=hex:cd,ad,53,ce,6e,bc,fd,59,a9,51,36,ab,6d,1f,ed,3b,80,77,9e,1c,82,
e9,5e,c3,ed,16,a0,af,86,11,66,c2,a0,e1,99,ba,13,e0,0b,d1,d3,e4,67,27,86,55,\
"rkeysecu"=hex:0e,8e,42,7c,fe,55,6d,b9,49,b1,de,19,57,3e,51,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-26 16:45:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-26 14:45
ComboFix2.txt 2011-05-25 16:10
.
Vor Suchlauf: 15 Verzeichnis(se), 57.208.623.104 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 56.556.724.224 Bytes frei
.
- - End Of File - - 2B3DB180221D0226451B2D18B812300C
|
|
26.05.2011, 19:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 20:22
| #13 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EX38-DS4
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 197):
0x03011000 \SystemRoot\system32\ntoskrnl.exe
0x035ED000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00CD6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1A000 \SystemRoot\system32\PSHED.dll
0x00D2E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EC1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F65000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F74000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\System32\drivers\partmgr.sys
0x00E48000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E5D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EB9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FEB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D8C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DAF000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DD9000 \SystemRoot\system32\DRIVERS\jraid.sys
0x01001000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01030000 \SystemRoot\system32\drivers\amdxata.sys
0x0103B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01087000 \SystemRoot\system32\drivers\fileinfo.sys
0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0109B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010F9000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01450000 \SystemRoot\system32\drivers\ndis.sys
0x01542000 \SystemRoot\system32\drivers\NETIO.SYS
0x015A2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01845000 \SystemRoot\system32\DRIVERS\timntr.sys
0x0192E000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0193E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01A30000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01B9C000 \SystemRoot\System32\Drivers\spldr.sys
0x01BA4000 \SystemRoot\system32\DRIVERS\snapman.sys
0x0198A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BE8000 \SystemRoot\System32\Drivers\mup.sys
0x01A00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019C4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A09000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0116C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01196000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x015E0000 \SystemRoot\System32\Drivers\Null.SYS
0x015E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x015F0000 \SystemRoot\System32\drivers\vga.sys
0x011C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01235000 \SystemRoot\System32\drivers\watchdog.sys
0x01245000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011EC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00CC0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02E1F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E3D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E4A000 \SystemRoot\system32\drivers\afd.sys
0x02ED4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F19000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F22000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F48000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F57000 \SystemRoot\system32\DRIVERS\serial.sys
0x02F74000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F8F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FA3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FF4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E0B000 \SystemRoot\System32\drivers\discache.sys
0x03CFE000 \SystemRoot\system32\drivers\csc.sys
0x03D81000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D9F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DB0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DD6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A24000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05100000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C46000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C8C000 \SystemRoot\system32\drivers\usbuhci.sys
0x03C99000 \SystemRoot\system32\drivers\USBPORT.SYS
0x03DEC000 \SystemRoot\system32\drivers\usbehci.sys
0x03E25000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E7C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03EBA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03EC6000 \SystemRoot\system32\DRIVERS\parport.sys
0x03EE3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03EF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03F3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03F46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03F75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03F90000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FB1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FCB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03FD6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FE5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03FF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05272000 \SystemRoot\system32\DRIVERS\ks.sys
0x052B5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x052C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05321000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05336000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x05359000 \SystemRoot\system32\drivers\portcls.sys
0x05396000 \SystemRoot\system32\drivers\drmk.sys
0x053B8000 \SystemRoot\system32\drivers\ksthunk.sys
0x07A7A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07CC1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07CDE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07CE0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07CEE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07D07000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07D10000 \SystemRoot\system32\drivers\usbaudio.sys
0x07D2B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07D38000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
0x07D5E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07D6C000 \SystemRoot\system32\DRIVERS\Alpham164.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x07D79000 \SystemRoot\System32\drivers\Dxapi.sys
0x07D85000 \SystemRoot\system32\DRIVERS\Alpham264.sys
0x07D8B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07D99000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07DA5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07DAE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07DC1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x07DCF000 \SystemRoot\system32\drivers\luafv.sys
0x07A00000 \SystemRoot\system32\drivers\WudfPf.sys
0x07A21000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05200000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07A36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07A49000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x040C4000 \SystemRoot\system32\drivers\HTTP.sys
0x0418C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x041AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x041C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0404E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x082D3000 \SystemRoot\system32\drivers\peauth.sys
0x08379000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08384000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x083B1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0882B000 \SystemRoot\System32\DRIVERS\srv.sys
0x088C0000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
0x08939000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08944000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x0894C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x771F0000 \Windows\System32\ntdll.dll
0x47B80000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll
0xFF490000 \Windows\System32\autochk.exe
0xFF480000 \Windows\System32\difxapi.dll
0xFF470000 \Windows\System32\lpk.dll
0xFF420000 \Windows\System32\Wldap32.dll
0xFF380000 \Windows\System32\comdlg32.dll
0x770D0000 \Windows\System32\kernel32.dll
0xFF120000 \Windows\System32\iertutil.dll
0x773C0000 \Windows\System32\normaliz.dll
0xFEFF0000 \Windows\System32\wininet.dll
0xFEE70000 \Windows\System32\urlmon.dll
0xFED40000 \Windows\System32\rpcrt4.dll
0xFEC30000 \Windows\System32\msctf.dll
0xFEB60000 \Windows\System32\usp10.dll
0xFEAC0000 \Windows\System32\clbcatq.dll
0xFEA20000 \Windows\System32\msvcrt.dll
0xFDC90000 \Windows\System32\shell32.dll
0xFDBB0000 \Windows\System32\oleaut32.dll
0xFDB90000 \Windows\System32\imagehlp.dll
0xFDB20000 \Windows\System32\gdi32.dll
0x773B0000 \Windows\System32\psapi.dll
0xFD940000 \Windows\System32\setupapi.dll
0xFD920000 \Windows\System32\sechost.dll
0xFD8F0000 \Windows\System32\imm32.dll
0xFD870000 \Windows\System32\shlwapi.dll
0x76FD0000 \Windows\System32\user32.dll
0xFD790000 \Windows\System32\advapi32.dll
0xFD580000 \Windows\System32\ole32.dll
0xFD530000 \Windows\System32\ws2_32.dll
0xFD520000 \Windows\System32\nsi.dll
0xFD4E0000 \Windows\System32\cfgmgr32.dll
0xFD470000 \Windows\System32\KernelBase.dll
0xFD300000 \Windows\System32\crypt32.dll
0xFD260000 \Windows\System32\comctl32.dll
0xFD220000 \Windows\System32\wintrust.dll
0xFD200000 \Windows\System32\devobj.dll
0xFD1F0000 \Windows\System32\msasn1.dll
0x76DD0000 \Windows\SysWOW64\normaliz.dll
Processes (total 45):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
632 csrss.exe
696 C:\Windows\System32\wininit.exe
716 csrss.exe
752 C:\Windows\System32\services.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
124 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
512 C:\Windows\System32\atiesrxx.exe
636 C:\Windows\System32\winlogon.exe
828 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\atieclxx.exe
1452 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
1768 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1808 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1848 C:\Windows\SysWOW64\svchost.exe
1888 C:\Windows\System32\svchost.exe
1956 C:\Windows\SysWOW64\PnkBstrA.exe
1352 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
1300 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
2696 C:\Windows\System32\svchost.exe
2828 C:\Windows\System32\taskhost.exe
2944 C:\Windows\System32\dwm.exe
2952 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
3024 C:\Windows\explorer.exe
2356 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2332 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2900 C:\Program Files\Microsoft Security Client\msseces.exe
3644 C:\Program Files\Windows Media Player\wmpnetwk.exe
3904 C:\Windows\System32\svchost.exe
1132 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
4988 C:\Windows\System32\audiodg.exe
5068 C:\Windows\explorer.exe
1384 C:\Users\Daniel\Desktop\MBRCheck.exe
5060 C:\Windows\System32\conhost.exe
1948 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`e5334600 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x000000a8`b9cf4c00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD753LJ, Rev: 1AA01110
Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
26.05.2011, 20:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) GMER ging nicht? Der MBR ist schon mal okay.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 21:03
| #15 |
| | Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) GMER ging beim dritten Versuch, hat aber nichts gefunden und so wurde bei mir auch nichts im Log angezeigt. Ich nehme an, dass das normal ist, oder? Warum darf ich bei den Scans die Maus nicht bewegen? Finde da keine logische Erklärung für .Gruß Daniel |
|
| Themen zu Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) |
| administrator, anhang, appdata, bereit, cache, computer, dateien, entfernen, entfernt, ergebnis, erkannt, folge, forum, installiert, java, klicke, logfiles, malware.packer.genx, malwarebytes, melden, programm, programme, proxy-server, schädling, security, software, temp, trojaner-board, verbindung |
Linear-Darstellung
