Trojaner-Board - Aus Sicherheitsgründen wurde Ihr System blockiert (50 Euro Virus / Trojaner etc)

So, hier das logfile. Direkt nach Combofix fertig war waren die Netzwerksetting falsch. Als DNS wurde 8.8.8.8 und 8.8.4.4 eingetragen. Das sind / waren mal die oeffentlichen Googlke DNS, wenn ich mich richtig erinnere. Das musste ich ändern. Die IP war fest vergeben, nach Combofix war es DHCP. Musste ich auch wieder ändern.
Das ist mir so als erstes aufgefallen.

Combofix Logfile:
Code:
ComboFix 12-02-08.01 - Boss 08.02.2012  16:04:19.1.2 - x64

Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.4094.1921 [GMT 1:00]

ausgeführt von:: c:\users\Boss\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andreas\AppData\Local\._Revolution_

c:\users\Andreas\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-08 bis 2012-02-08  ))))))))))))))))))))))))))))))

.

.

2012-02-08 13:05 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF7B0AA3-D1D6-4D7E-AEC2-F7CE8C41E106}\mpengine.dll

2012-02-08 12:49 . 2012-02-08 12:49        --------        d-----w-        C:\_OTL

2012-02-08 12:43 . 2012-02-08 12:45        --------        d-----w-        c:\users\Boss\AppData\Local\Google

2012-02-07 11:34 . 2012-02-07 11:34        --------        d-----w-        c:\users\Andreas\AppData\Roaming\Malwarebytes

2012-02-07 10:53 . 2012-02-07 10:53        --------        d-----w-        c:\program files (x86)\ESET

2012-02-07 10:53 . 2012-02-07 10:53        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-07 10:53 . 2012-02-07 10:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-07 10:53 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-06 15:14 . 2012-02-06 15:15        --------        d-----w-        c:\users\Virus

2012-02-05 15:21 . 2012-02-06 13:34        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-02-05 14:14 . 2012-02-05 14:16        --------        d-----w-        c:\users\Boss\AppData\Roaming\DeepBurner

2012-02-05 13:36 . 2012-02-05 13:36        --------        d-----w-        c:\users\Boss\AppData\Local\Deployment

2012-02-05 13:34 . 2012-02-05 13:34        --------        d-----w-        c:\users\Boss\AppData\Roaming\Logitech

2012-02-05 13:33 . 2012-02-05 13:33        --------        d-----w-        c:\users\Boss\AppData\Local\Salling_Software_AB

2012-02-05 13:33 . 2012-02-05 13:33        --------        d-----w-        c:\users\Boss\AppData\Roaming\Apple Computer

2012-01-23 17:01 . 2012-01-23 17:01        --------        d-----w-        c:\users\Andreas\AppData\Roaming\BigHugeEngine

2012-01-22 22:43 . 2012-01-22 22:43        --------        d-----w-        c:\users\Andreas\AppData\Roaming\Origin

2012-01-22 22:43 . 2012-01-22 22:43        --------        d-----w-        c:\users\Andreas\AppData\Local\Origin

2012-01-22 22:43 . 2012-01-23 17:01        --------        d-----w-        c:\programdata\Origin

2012-01-12 10:26 . 2011-11-16 16:42        347136        ----a-w-        c:\windows\system32\schannel.dll

2012-01-12 10:26 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\SysWow64\schannel.dll

2012-01-12 10:26 . 2011-11-17 06:53        515968        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-12 10:26 . 2011-11-16 16:43        442368        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-12 10:26 . 2011-11-16 16:41        1689600        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-12 10:26 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\SysWow64\winhttp.dll

2012-01-12 10:26 . 2011-11-16 16:42        94720        ----a-w-        c:\windows\system32\secur32.dll

2012-01-12 10:26 . 2011-11-16 16:24        77312        ----a-w-        c:\windows\SysWow64\secur32.dll

2012-01-12 10:26 . 2011-11-16 14:34        11264        ----a-w-        c:\windows\system32\lsass.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2010-04-30 12:53        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-07 16:08 . 2011-06-03 10:36        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-06 05:15 . 2010-11-21 01:08        8602168        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-23 13:57 . 2011-12-15 08:50        2764800        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-09-27 1261568]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-3 113664]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-7 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 30360922

*Deregistered* - 30360922

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 16:01]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 16:01]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1000Core.job

- c:\users\Boss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 15:53]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1000UA.job

- c:\users\Boss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 15:53]

.

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1001Core.job

- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 21:27]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1001UA.job

- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 21:27]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1005Core.job

- c:\users\Virus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 15:53]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296755919-1659602251-94568991-1005UA.job

- c:\users\Virus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 15:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: Interfaces\{EA225B3F-D7B3-44A3-9371-D4387BB0076E}: NameServer = 8.8.8.8,8.8.4.4

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\yf0p6cos.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-NetLimiter 2 Pro - c:\program files\NetLimiter 2 Pro\nl2uninst.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2296755919-1659602251-94568991-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:30,17,f8,8b,e5,29,6b,ed,c0,a1,27,96,d6,08,15,78,e1,5d,5f,bb,04,03,26,

   72,8d,89,b4,9e,cf,e1,b7,eb,52,cd,18,dd,2a,0d,8c,a1,33,c5,b9,67,6b,18,b8,d3,\

"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="9761477594B4B538C980B76EBD9318C7D61410E4A1CCA8A72EA621A7884861D61A0774AA6D2720ECA393FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CBA7FD869164D67948EDD5E5BE2F6E6672414BA4821C95F34590F2318584C606BF51FB3CD23E48DE82F171E401CD558B2E0289326CBEC94FC65C9FBDBE9C05E704EB38B277068508452EA221E825593E023DBFB919EAFAF558702B00D274DB8E3C72607E3B1B547D36AA7905230ADBC583E541F28DFDE6147BCD6030C938BC861AF301A44474D8D25B13F339C0068553A7A5E3C4B06AF2F62F98E45FA6577B707C52E4ECCC31513C656C6E7818474B2A490E7272241B9F439A78D6140067085F8419F40C46ED69A8F7BF8A1CB82A47DC0B283C517F1765EE1A062D20A16BC0460C92BA239423F3E56B5346608F02FB0B580E89457AE476E76B63B2A456604D966FB99B9F8F06167798F795186FCADA0B193F2A254BFEEF917ACED0BA47D52033D69D65F1A5C3058D887ED8E5C861F6EE6752013462394AAE53AF02FA096184C17977480F29B87A2D70F5D63E4A366150BA6939DA68AC380880D5FE0F3A02A5AABFE271F21FBA2AD610CB4A3BB1BC95FD698938C32DAEB4A2BC2FA029D3D40A3B68DC7CE84FBA4B7E05805BAC06AF1F089B20CBFEC2E60AF7C722786604477727823533A40CE92CE474306279B41EF3CE2CF0BAA1CD2592AAD216BF645BE50E43494EA9EBDDCD3D7098D907A3406B40C2A40C354C949F00675CCF3ED146B2E6F30ABD24DA7C0B8899E6EA25AB750957BA8460ED845C6A6E71064909EDFBC5A57BB26752AEE4A71EF850F5E82166BCF7A2B1963651F355F433B4DB44AF85A8139A133DDB049FC936A3E8D8A4007597FD08362E240AD3360E2395DF84BF61EB2813AF83D6CAC11972E4C7B8EF6824E289409C2D03E0D9057E3D162980D3695E3735A11E9FE5571DBC1B8DFF91CC5B22FB4124D914B18D3D1394E1D758F5585EB285D875B9E44BEA10190347EBA5122E0EF80873366743644A67EBF9068B6620988A4DC2F13BECA0E1C656673EE6A6E695CB2ED622485A506C8B472923E82D7DAD29308A63B4A9D2C174AD8CF6D1B1D5C610FEEF1AA77C2D08A47D1C94E2343E41B1170A407357266C8D8E1B37B3064AF3E006ED9353763C6AF116EA26848B88F470973B4FC0E3A8F5E2E4ADF733AB1BE01F14235147612E94C704BB3F1E57E2913EA638235AA175E5669513BC28E25461059B5C1A9AD8BA14CC7E03461B08D600CAA025F5EA1E069052FA84F6EC7946A24288863ED14C1396B009A7E4525964A96408C3F37CF243112A9F5C889410730C9D9EB20EAA9D960BD01D9943B03F95F67A62DBB98561F94F885547B401CB983E16C0AA3C0B0AC2A"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-02-08  16:13:57

ComboFix-quarantined-files.txt  2012-02-08 15:13

.

Vor Suchlauf: 9.646.088.192 Bytes frei

Nach Suchlauf: 9.284.431.872 Bytes frei

.

- - End Of File - - 1D30333242B7F00DCE9AAFC360608BC7
--- --- ---