Topic Torch

player66 · 10.11.2013, 14:57

Ok ist recht schnell durchgelaufen!

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-11-07.01 - Administrator 10.11.2013  14:35:04.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.246 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-10 bis 2013-11-10  ))))))))))))))))))))))))))))))
.
.
2013-11-06 19:04 . 2013-11-06 19:04	--------	d-----w-	C:\FRST
2013-11-03 13:05 . 2013-11-03 13:05	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 12:13 . 2013-11-03 12:48	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 12:12 . 2013-11-03 12:12	105176	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-03 12:12 . 2013-11-03 12:12	47064	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-10-19 17:12 . 2013-11-03 11:21	--------	d-----w-	c:\programme\Mozilla Thunderbird
2013-10-19 13:38 . 2013-07-03 02:12	25088	-c----w-	c:\windows\system32\dllcache\hidparse.sys
2013-10-19 13:37 . 2013-08-29 00:56	26240	-c----w-	c:\windows\system32\dllcache\usbser.sys
2013-10-19 13:37 . 2013-07-17 00:58	46848	-c----w-	c:\windows\system32\dllcache\irbus.sys
2013-10-19 13:37 . 2013-07-17 00:58	60160	-c----w-	c:\windows\system32\dllcache\usbaudio.sys
2013-10-19 13:37 . 2013-07-17 00:58	123008	-c----w-	c:\windows\system32\dllcache\usbvideo.sys
2013-10-19 13:35 . 2013-08-09 00:55	144128	-c----w-	c:\windows\system32\dllcache\usbport.sys
2013-10-19 13:35 . 2013-08-09 00:55	32384	-c----w-	c:\windows\system32\dllcache\usbccgp.sys
2013-10-19 13:35 . 2009-03-18 11:02	30336	-c----w-	c:\windows\system32\dllcache\usbehci.sys
2013-10-19 11:33 . 2013-10-19 11:33	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2013-10-19 11:33 . 2013-10-19 11:32	145408	----a-w-	c:\windows\system32\javacpl.cpl
2013-10-19 11:33 . 2013-10-19 11:32	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-19 11:32 . 2013-10-19 11:32	--------	d-----w-	c:\programme\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-24 17:12 . 2012-03-31 08:52	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-24 17:12 . 2011-12-04 13:45	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 11:25 . 2012-07-25 13:53	24672	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-10-19 11:25 . 2012-05-25 18:38	24160	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-10-19 11:25 . 2012-06-19 16:28	135776	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-09-23 18:23 . 2005-06-17 22:25	920064	----a-w-	c:\windows\system32\wininet.dll
2013-09-23 18:23 . 2002-08-29 01:43	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-09-23 18:23 . 2002-08-29 01:43	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-09-23 18:23 . 2001-08-18 11:00	18944	----a-w-	c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-12-19 19:52	385024	----a-w-	c:\windows\system32\html.iec
2013-08-29 07:01 . 2008-11-14 16:55	1878784	----a-w-	c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2010-01-19 16:58	26240	----a-w-	c:\windows\system32\drivers\usbser.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-19 356128]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
forteManager.lnk - c:\programme\LG Soft India\forteManager\bin\Monitor.exe -startup [2012-12-29 1683456]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoNetworkConnections"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-05-20 02:37	450560	----a-w-	c:\programme\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37	1263952	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 07:46	976784	----a-w-	c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41	196608	----a-w-	c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 05:07	69632	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50	532040	----a-w-	c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16	254336	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\acrobatreader\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\MirandaFusion\\miranda32.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programme\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"d:\\Extras\\TORRENT\\BitTorrent.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R1 atitray;atitray;c:\programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.07.2008 19:45 17952]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25.04.2012 07:03 67960]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [08.06.2012 11:38 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [13.08.2012 16:49 145040]
R2 DevoloNetworkService;devolo Network Service;c:\programme\devolo\dlan\devolonetsvc.exe [19.07.2010 19:57 2231616]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [13.04.2013 12:27 418376]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10.06.2010 13:32 35840]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [15.10.2004 16:24 17072]
R2 WHSConnector;Windows Home Server-Connectordienst;c:\programme\Windows Home Server\WHSConnector.exe [10.01.2011 13:43 376688]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [27.06.2012 14:09 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [25.05.2012 19:38 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [25.07.2012 14:53 24672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.11.2011 18:24 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.05.2010 14:26 27632]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.11.2011 18:24 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys --> c:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programme\EVEREST\kerneld.wnt [30.04.2004 23:00 3584]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.10.2009 18:07 13224]
S3 LGDDCDevice;LGDDCDevice;c:\programme\LG Soft India\forteManager\bin\I2CDriver.sys [29.12.2012 15:13 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programme\LG Soft India\forteManager\bin\PII2CDriver.sys [29.12.2012 15:13 18432]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05.03.2008 17:27 26656]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [11.10.2004 22:32 61440]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.10.2009 18:07 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.10.2009 18:07 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.10.2009 18:07 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.10.2009 18:07 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.10.2009 18:07 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.10.2009 18:07 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.10.2009 18:07 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [17.10.2009 18:07 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [17.10.2009 18:07 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [17.10.2009 18:07 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [17.10.2009 18:07 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [17.10.2009 18:07 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [17.10.2009 18:07 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [17.10.2009 18:07 109736]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys --> c:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pg7lng4q.Beast-neu\
FF - ExtSQL: !HIDDEN! 2009-11-12 18:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
MSConfigStartUp-Adobe ARM - c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-CitrixReceiver - c:\dokumente und einstellungen\All Users\Startmenü\Programme\Citrix\Receiver Updater.lnk
MSConfigStartUp-ConnectionCenter - c:\programme\Citrix\ICA Client\redirector.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-10 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programme\EVEREST\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,4b,e3,93,51,4f,27,42,a0,a3,40,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
   00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,d7,17,88,a4,fa,15,4c,df,1b,45,e5,fb,97,26,c5,66,1d,67,4d,c7,58,a5,
   7f,c7,98,f9,63,49,61,97,9d,12,42,ea,c2,70,c9,65,59,7e,a5,b5,b4,c1,b8,0e,74,\
"??"=hex:55,10,30,0b,37,2f,bf,d6,b2,68,54,98,20,3f,af,29
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:4e,e6,97,20,53,8e,6e,49,f4,4b,80,98,98,ce,e7,44,f0,f2,af,c7,bd,
   07,05,7e,f2,0e,a2,c5,b6,65,2a,2c,19,73,45,ea,92,88,b6,ee,7e,3b,97,f8,17,36,\
"rkeysecu"=hex:e7,db,25,85,9d,d9,0c,6b,59,a2,fd,fb,c5,47,90,f8
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2013-11-10  14:45:43
ComboFix-quarantined-files.txt  2013-11-10 13:45
ComboFix2.txt  2011-11-29 18:41
.
Vor Suchlauf: 749.891.584 Bytes frei
Nach Suchlauf: 1.251.729.408 Bytes frei
.
- - End Of File - - 3A99DCE694CAB5DDE3421ADEF0157436

--- --- ---
72B8CE41AF0DE751C946802B3ED844B4

Topic Torch

Plagegeister aller Art und deren Bekämpfung: Topic Torch

Topic Torch

Ähnliche Themen: Topic Torch