OTL - Logfiles Malware

Dominik16 · 22.04.2011, 18:50

Hier ist das Logfile von ComboFix:

Code:

ATTFilter

ComboFix 11-04-21.06 - Tobbi 22.04.2011  19:30:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3061.1998 [GMT 2:00]
ausgeführt von:: c:\users\Tobbi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dateicommander\DateiCommander.exe
c:\programdata\hpeA0A2.dll
c:\users\Tobbi\AppData\Roaming\Adobe\plugs
c:\users\Tobbi\AppData\Roaming\Adobe\shed
c:\users\Tobbi\AppData\Roaming\Local
c:\windows\system32\sshnas21.dll
c:\windows\system32\temp.009
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-22 bis 2011-04-22  ))))))))))))))))))))))))))))))
.
.
2011-04-22 17:20 . 2011-04-22 17:20	--------	d-----w-	c:\program files\CCleaner
2011-04-22 09:48 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5E2E23A-5FA8-497A-ABE3-B7719AC8146A}\mpengine.dll
2011-04-17 18:07 . 2011-04-17 18:07	--------	d-----w-	c:\users\Tobbi\AppData\Roaming\Avira
2011-04-17 18:05 . 2011-01-10 12:23	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-04-17 18:05 . 2011-04-17 18:05	--------	d-----w-	c:\programdata\Avira
2011-04-17 18:05 . 2011-04-17 18:05	--------	d-----w-	c:\program files\Avira
2011-04-17 13:03 . 2011-04-17 13:03	--------	d-----w-	c:\users\Tobbi\AppData\Roaming\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-17 13:03	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-18 16:54	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-04-17 10:42 . 2011-04-17 10:42	110080	----a-w-	c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-04-17 10:42 . 2011-04-17 10:42	110080	----a-w-	c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-04-17 10:42 . 2011-04-17 10:42	--------	d-----w-	C:\sh4ldr
2011-04-17 10:42 . 2011-04-17 10:42	--------	d-----w-	c:\program files\Enigma Software Group
2011-04-17 08:07 . 2011-04-17 18:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-16 11:43 . 2011-04-16 11:43	--------	d-----w-	c:\windows\Sun
2011-04-16 11:19 . 2011-04-16 11:19	--------	d-----w-	c:\users\Tobbi\AppData\Roaming\Malwarebytes
2011-04-16 11:19 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 11:19 . 2011-04-16 11:19	--------	d--h--w-	c:\programdata\Malwarebytes
2011-04-16 11:18 . 2011-04-16 11:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-16 11:18 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-16 10:51 . 2011-04-16 10:59	--------	d-----w-	C:\_OTL
2011-04-15 11:34 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-06 11:29 . 2011-04-06 11:29	--------	d-----w-	c:\program files\iPod
2011-04-06 11:26 . 2011-04-06 11:26	--------	d-----w-	c:\program files\Safari
2011-03-26 09:30 . 2011-03-26 09:30	--------	d-----w-	c:\program files\Free-Private-Gaming
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-23 11:20	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 11:20	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 11:20	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 16:11 . 2009-10-03 11:43	222080	------w-	c:\windows\system32\MpSigStub.exe
2007-11-20 11:24 . 2007-11-20 11:24	2293848	----a-w-	c:\program files\FLV PlayerFCSetup.exe
2007-11-20 11:23 . 2007-11-20 11:22	3928264	----a-w-	c:\program files\FLV PlayerRCATSetup.exe
2007-11-20 11:21 . 2007-11-20 11:21	411248	----a-w-	c:\program files\FLV PlayerRCSetup.exe
2003-10-05 23:12 . 2010-01-05 15:33	2874232	----a-w-	c:\program files\ROTK.exe
2011-03-18 17:56 . 2011-04-20 19:24	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-04-18 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-04-18 16:02	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-06-07 13:59	198960	----a-w-	c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tobbi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ-Tools.de Launcher.lnk]
path=c:\users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ-Tools.de Launcher.lnk
backup=c:\windows\pss\ICQ-Tools.de Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 15:17	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	------w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25	1230704	------w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 07:00	200704	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
2008-10-23 17:27	300336	----a-w-	c:\program files\HiYo\Bin\HiYo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33	421160	------w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08	963976	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2010-05-01 15:26	106496	----a-w-	c:\users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFServerEngine]
2009-07-24 16:09	392288	----a-w-	c:\program files\PDF Suite\PDFServerEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05	15026056	------w-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07	827392	----a-w-	c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24	2423752	------w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-02-24 13:53	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 14:51	202256	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-02-05 1931776]
R4 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-03-30 306296]
R4 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-03-30 162936]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-02 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2009-11-29 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = 
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PC SpeedScan Pro - c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-click.EXE 2.0 Free - c:\progra~1\clickEXE\UNWISE.EXE
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE
AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~2\UNWISE.EXE
AddRemove-Hex Workshop v4.20 - c:\gta sa mods\hw41unin.isu
AddRemove-Movies - c:\progra~1\JanSoft\Movies\UNWISE.EXE
AddRemove-softonic-de3 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE
AddRemove-the Renegade mod tools - c:\progra~1\RENEGA~1\UNWISE.EXE
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WindowBlinds - c:\progra~1\Stardock\OBJECT~2\WINDOW~1\UNWISE.EXE
AddRemove-Xpage Internet Studio 6 Special Edition - c:\program files\Xpage Internet Studio 6 Special Edition\Uninstall_Xpage Internet Studio 6 Special Edition\Uninstall Xpage Internet Studio 6 Special Edition.exe
AddRemove-{3F290582-3F4E-4B96-009C-E0BABAA40C42} - c:\program files\EA GAMES\Die Schlacht um Mittelerde(tm)\EAUninstall.exe
AddRemove-{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-22 19:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,d7,3e,15,
   fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,
   17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
   81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
   34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{261F6A8B-7AAF-4BF5-8552-6610F4D67819}"=hex:51,66,7a,6c,4c,1d,38,12,e5,69,0c,
   22,9d,34,9b,0e,fa,44,25,50,f1,88,3c,0d
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
   37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
   8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"=hex:51,66,7a,6c,4c,1d,38,12,8d,a0,16,
   c8,f1,2a,9c,0f,c0,d7,ec,4d,63,e8,d4,71
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
   90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}"=hex:51,66,7a,6c,4c,1d,38,12,ef,85,ed,
   76,c8,45,75,02,e4,3c,f0,3e,d3,d3,94,8a
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
   b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{1AD61D5B-58A3-4592-9B34-DC84688FF805}"=hex:51,66,7a,6c,4c,1d,38,12,35,1e,c5,
   1e,91,16,fc,00,e4,22,9f,c4,6d,d1,bc,11
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
   24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9CB65201-89C4-402C-BA80-02D8C59F9B1D}"=hex:51,66,7a,6c,4c,1d,38,12,6f,51,a5,
   98,f6,c7,42,05,c5,96,41,98,c0,c1,df,09
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
   f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FE063DB1-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,df,3e,15,
   fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,20,4e,da,33,00,cc,01
.
[HKEY_USERS\S-1-5-21-580093863-836433992-2563045413-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,3f,86,5f,65,66,5d,e4,29,c9,7d,1e,29,ce,81,04,19,b3,3d,cd,47,82,ed,
   4f,b6,7c,c8,b4,f5,56,ab,e5,59,36,9c,56,2d,a9,b2,e2,89,d1,25,ca,49,62,a6,91,\
"??"=hex:c6,07,ca,9a,d0,69,60,e7,00,d8,57,75,3b,b1,69,a6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-22  19:41:52
ComboFix-quarantined-files.txt  2011-04-22 17:41
.
Vor Suchlauf: 5 Verzeichnis(se), 42.204.274.688 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 42.103.754.752 Bytes frei
.
- - End Of File - - 222EB1DC18EEC405B0138566E96F47BD

OTL - Logfiles Malware

Log-Analyse und Auswertung: OTL - Logfiles Malware

OTL - Logfiles Malware

Ähnliche Themen: OTL - Logfiles Malware