Raketenmann | 11.05.2009 18:35 | Combofix-log, Teil 2 Code:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programme\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09403AD0-6556-52FE-11A6-DDDF9124206B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegmfdgghdhgnbbeo"=hex:6a,61,69,6c,62,6a,62,62,65,6d,6a,62,6a,6a,66,69,66,61,
6a,63,00,e4
"haofcdadikcbddhg"=hex:6a,61,69,6c,62,6a,62,62,65,6d,6a,62,6a,6a,66,69,66,61,
6a,63,00,00
[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,9d,3b,77,09,fe,9c,42,ba,19,50,f6,dd,75,14,87,21,c0,d6,e7,13,50,fd,
1e,c4,c2,1e,ee,bc,fe,9f,ab,75,01,97,d1,80,ec,54,f9,2c,1a,21,dc,a2,84,f8,9f,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-1275210071-117609710-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:41,c3,77,1e,54,94,c4,e0,f1,ba,ba,42,b4,9d,e1,fa,31,0f,7e,9a,1b,
e9,cc,2d,fc,11,d5,1a,73,0c,54,b9,2c,1f,78,21,75,ed,75,76,c3,17,32,0f,02,5f,\
"rkeysecu"=hex:44,1a,f8,aa,64,b5,78,7b,3e,81,40,de,27,d5,5d,79
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09403AD0-6556-52FE-11A6-DDDF9124206B}\InProcServer32*]
"jakgepnlcodiambnmhhi"=hex:6a,61,69,6c,62,6a,62,62,65,6d,6a,62,6a,6a,66,69,66,
61,6a,63,00,00
"iakgkpdkdnmopkmbfm"=hex:6a,61,69,6c,62,6a,62,62,65,6d,6a,62,6a,6a,66,69,66,61,
6a,63,00,00
"cbkgfobllmlkichedgogmeeipaameojobcmfnk"=hex:63,62,6c,6c,66,6a,6e,63,6c,67,65,
6c,67,62,66,66,67,6c,6f,70,65,6e,6e,61,6e,68,6f,6a,6f,6c,62,67,6c,70,63,63,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3782D402-1413-2B4D-D5B93EB7648B29D4}\{9536055C-1E13-65AB-BABDBD84391B7DD3}\{70487E18-04C4-4686-6F59FE851A688CA9}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC36979A-271C-CB21-250CD586E00814A2}\{8EF4E408-9A98-28EF-CDFA1ACBF6ED5141}\{501B0FF8-8336-4915-6C99805756A8837E}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3380)
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\MSVCP71.dll
c:\programme\TortoiseSVN\bin\tortoisesvn.dll
c:\programme\TortoiseSVN\bin\libdb43.dll
c:\programme\TortoiseSVN\bin\intl3_svn.dll
c:\programme\TortoiseCVS\TrtseShl.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
f:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\DirectX Extensions\DXDebugService.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-10 3:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-10 01:55
Vor Suchlauf: 4.771.880.960 Bytes frei
Nach Suchlauf: 4.926.279.680 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
382 --- E O F --- 2009-04-19 18:45 |