Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Finde jeden Tag 120 Trojaner. Was tun? (https://www.trojaner-board.de/67839-finde-tag-120-trojaner-tun.html)

Nicnac120 03.01.2009 14:49
Finde jeden Tag 120 Trojaner. Was tun?
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,
ich habe mich hier angemeldet weil mein PC in letzter Zeit nicht mehr so ganz sicher ist, und im wahrsten Sinne des Wortes "abspackt".
Ich habe Windows XP Professional und Kaspersky 2009.
Fast jedes mal, wenn ich meinen PC starte kommt diese Fehlermeldung:
http://www.trojaner-board.de/attachm...1&d=1230990393


Wenn ich dann auf "OK" klicke macht der nochmal so eine kleine Suche von 1min, bei der er immer min 120 Trojaner findet, diese löscht er und rebootet. Nach dem Neustart kommt diese Fehlermeldung:
http://www.trojaner-board.de/attachm...1&d=1230990434

Hoffe ihr könnt mir helfen.
Danke

Sunny 03.01.2009 15:45


Malwarebytes' Anti-Malware
  • Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:
http://saved.im/ndc5njj4d2lr/entfernen.png
(nach dem scannen auf den Button klicken und Funde löschen lassen!)



ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix


Erstellung eines Hijacklog

Nicnac120 03.01.2009 20:30
Erstmal vielen Dank für die schnelle Hilfe.

Hier der Malwarebyte-Bericht:

Malwarebytes' Anti-Malware 1.31
Datenbank Version: 1602
Windows 5.1.2600 Service Pack 3

03.01.2009 19:33:26
mbam-log-2009-01-03 (19-33-26).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|I:\|)
Durchsuchte Objekte: 204380
Laufzeit: 1 hour(s), 32 minute(s), 53 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 29

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\qjvrjnnp.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qjvrjnnp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{235b90d6-cb93-40a6-8f1a-af422ada9637} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati7qfxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati7qfxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati7qfxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati7qfxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{235b90d6-cb93-40a6-8f1a-af422ada9637} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\qjvrjnnp.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP281\A0076546.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP281\A0076569.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP282\A0076708.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP282\A0076736.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP302\A0080954.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP304\A0081349.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP305\A0081396.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP305\A0082393.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP305\A0082398.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0082445.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0082458.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0084476.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0084504.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0086547.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0086559.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0086643.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0086655.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0088671.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4F19218F-B86F-41DF-8155-7DC56323EAF3}\RP306\A0090752.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati7qfxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\drb3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ofk8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqk3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Dialer) -> Delete on reboot.
C:\Dokumente und Einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

Nicnac120 03.01.2009 20:41
Der Combo-Fix-Bericht is zu groß ich mach ihn als Anhang.
Hier der hijackthis_Bericht:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:32, on 03.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VocStart.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225115489699&h=e85913793ae60abb091ecd9eb63c7815/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/000~1.PC-/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7490 bytes

Nicnac120 03.01.2009 20:43
Anhang zu groß:heulen:.
Naja dann teil ich den ComboFix eben auf:
ComboFix 09-01-02.01 - 000 2009-01-03 20:01:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.3007.2511 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\start.bat
c:\windows\system32\TDSSpaxt.dat

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_RESTORE
-------\Service_tdssserv.sys


((((((((((((((((((((((( Dateien erstellt von 2008-12-03 bis 2009-01-03 ))))))))))))))))))))))))))))))
.

2009-01-03 19:52 . 2009-01-03 19:52 <DIR> d-------- c:\programme\CCleaner
2009-01-03 16:28 . 2009-01-03 16:28 <DIR> d-------- c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Malwarebytes
2009-01-03 16:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 16:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 16:19 . 2009-01-03 16:24 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2009-01-03 16:19 . 2009-01-03 16:19 <DIR> d-------- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2009-01-03 14:44 . 2009-01-03 14:46 <DIR> d-------- c:\programme\IrfanView
2008-12-31 00:02 . 2008-12-31 00:02 <DIR> d-------- C:\CrashReport
2008-12-30 15:08 . 2006-02-28 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-29 22:55 . 2008-12-29 22:55 <DIR> d-------- c:\windows\system32\bits
2008-12-29 22:42 . 2008-04-14 07:21 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2008-12-29 22:41 . 2008-04-13 22:04 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2008-12-29 22:39 . 2006-12-29 00:31 19,569 --a------ c:\windows\003251_.tmp
2008-12-29 22:35 . 2008-12-29 22:35 <DIR> d-------- c:\programme\Guitar Pro 5
2008-12-28 20:53 . 2008-12-28 20:53 <DIR> d-------- c:\windows\system32\xlive
2008-12-28 20:53 . 2008-12-31 00:06 <DIR> d-------- c:\programme\Microsoft Games for Windows - LIVE
2008-12-22 13:02 . 2009-01-02 18:39 <DIR> d-------- c:\programme\MobMapUpdater
2008-12-19 22:56 . 2008-12-19 22:57 <DIR> d-------- c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\MobMapUpdater
2008-12-17 18:06 . 2008-12-18 17:57 <DIR> d-------- c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\VocTeach
2008-12-17 18:05 . 2008-12-18 18:46 <DIR> d-------- c:\programme\VocTeach
2008-12-10 16:33 . 2008-12-10 16:35 <DIR> d-------- c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Dev-Cpp
2008-12-10 16:31 . 2008-12-10 16:31 <DIR> d-------- C:\Dev-Cpp
2008-12-09 19:03 . 2008-12-09 19:03 504 --a------ c:\windows\system32\%LocalXml%
2008-12-05 22:37 . 2008-12-05 22:37 <DIR> d-------- C:\Logs
2008-12-04 21:53 . 2008-12-04 21:57 <DIR> d-------- C:\PacSteamT
2008-12-04 18:14 . 2008-12-04 18:14 18,448 --a------ c:\windows\system32can4d
2008-12-04 18:09 . 2008-12-04 18:09 <DIR> d-------- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\ScanSoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 19:07 32,768 ----a-w c:\windows\system32\drivers\ati7qfxx.sys
2009-01-03 18:55 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy
2009-01-03 18:38 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab
2009-01-03 18:36 909,344 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-03 18:36 7,332 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-03 18:36 5,483,552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-03 18:36 47,064 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-03 16:58 --------- d-----w c:\programme\Steam
2008-12-31 15:14 --------- d-----w c:\programme\TuneUp Utilities 2007
2008-12-24 11:49 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-22 11:56 --------- d-----w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\GetRight
2008-12-13 22:07 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-07 00:46 --------- d-----w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Hamachi
2008-12-05 17:13 --------- d-----w c:\programme\DivX
2008-12-04 17:09 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\SSScanWizard
2008-12-04 17:09 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\SSScanAppDataDir
2008-12-04 17:01 --------- d-----w c:\programme\Teamspeak2_RC2
2008-12-02 13:42 --------- d-----w c:\programme\Spybot - Search & Destroy
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-11-26 21:26 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-26 21:26 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-26 18:18 --------- d-----w c:\programme\Kaspersky Lab
2008-11-26 18:03 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2008-11-24 16:31 --------- d-----w c:\programme\Xfire
2008-11-23 19:11 --------- d-----w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Xfire
2008-11-21 20:03 --------- d-----w c:\programme\Crawler
2008-11-21 19:32 --------- d-----w c:\programme\Reference Assemblies
2008-11-21 19:32 --------- d-----w c:\programme\MSBuild
2008-11-15 23:25 --------- d-----w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\InstallShield Installation Information
2008-11-15 23:19 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-11-15 23:18 --------- d-----w c:\programme\AGEIA Technologies
2008-11-15 23:06 --------- d-----w c:\programme\D-Tools
2008-11-15 18:46 --------- d-----w c:\programme\Anti-Blaxx
2008-11-14 16:17 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\DriverScanner
2008-11-14 16:17 --------- d-----w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Uniblue
2008-11-14 16:16 --------- d-----w c:\programme\ActvMap 4.7
2008-11-14 15:56 --------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ATI
2008-11-13 20:46 --------- d-----w c:\programme\Gemeinsame Dateien\InstallShield
2008-11-11 17:26 --------- d-----w c:\programme\Avira
2008-11-11 16:14 0 ----a-w c:\windows\system32\drivers\bf993ba8.sys
2008-11-10 19:43 --------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ICQ
2008-11-10 15:56 22,328 ----a-w c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\PnkBstrK.sys
2008-11-04 16:26 --------- d-----w c:\programme\Simsoft
2006-06-23 06:48 32,768 -c--a-r c:\windows\inf\UpdateUSB.exe
2008-05-31 00:08 7,047 --sha-w c:\windows\system32\win23GI\klog.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\programme\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATICustomerCare"="c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DAEMON Tools-1033"="c:\programme\D-Tools\daemon.exe" [2004-08-22 81920]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users.WINDOWS\Startmen\Programme\Autostart\
VocStart.lnk - c:\windows\Installer\{FFB28673-8D85-46EB-BE19-5F745D43BC5A}\_E73EE5F4710A7AF9805BE2.exe [2008-12-17 10134]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\dokume~1\ALLUSE~1.WIN\ANWEND~1\SPYWAR~1\sp_rsdel.exe "\??\c:\dokume~1\ALLUSE~1.WIN\ANWEND~1\SPYWAR~1\sp_rsdel.dat\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7qfxx.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\programme\steam\steam.exe" -silent
"ICQ"="c:\programme\ICQ6\ICQ.exe" silent
"RGSC"=d:\games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Anti-Blaxx Manager"=c:\programme\Anti-Blaxx\Anti-Blaxx.exe
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"PSPAP"=c:\programme\Thrustmaster\FunAccess\PSPAP.exe min
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"JMB36X Configure"=c:\windows\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Steam\\SteamApps\\loises120\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Programme\\Valve\\hl.exe"=
"c:\\Programme\\Xfire\\xfire.exe"=
"c:\\Programme\\RouterControl\\RouterControl.exe"=
"c:\\Programme\\Zattoo\\zattood.exe"=
"c:\\Programme\\Zattoo\\Zattoo.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\The All-Seeing Eye\\eye.exe"=
"c:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"d:\\Games\\Die Schlacht um Mittelerde II\\game.dat"=
"d:\\Games\\Call of Duty 4\\Setup\\Data\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Games\\Metin2_Germany\\Metin.exe"=
"d:\\Games\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Games\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Games\\Metin2_Germany\\metin2.bin"=
"c:\\Programme\\Steam\\steamapps\\nicnac111\\counter-strike source\\hl2.exe"=
"d:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

R0 ati7qfxx;ati7qfxx;c:\windows\system32\drivers\ati7qfxx.sys [2008-11-10 32768]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 SaiH0BE8;SaiH0BE8;c:\windows\system32\drivers\SaiH0BE8.sys [2008-10-17 136192]
R3 SaiL0BE8;SaiL0BE8;c:\windows\system32\drivers\SaiL0BE8.sys [2008-10-17 15616]
R3 SaiU0BE8;SaiU0BE8;c:\windows\system32\drivers\SaiU0BE8.sys [2008-10-17 28544]
S1 bf993ba8;bf993ba8;c:\windows\system32\drivers\bf993ba8.sys [2008-11-10 0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a89699c-33e0-11dd-88cb-001d6079e88d}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a49d7d2-1e02-11dd-88ab-001d6079e88d}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a77f5f35-130f-11dd-8890-001d6079e88d}]
\Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - g:\directx\dxsetup.exe
.
Inhalt des "geplante Tasks" Ordners

2009-01-02 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 04:08]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-qjvrjnnp - (no file)
Notify-urqRKDwu - urqRKDwu.dll


.
------- Zusätzlicher Suchlauf -------
.
IE: Crawler Search - tbr:iemenu
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programme\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Mozilla\Firefox\Profiles\a6z0gizd.default\
FF - component: c:\dokumente und einstellungen\000.PC-6F1E023E33F9\Anwendungsdaten\Mozilla\Firefox\Profiles\a6z0gizd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programme\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\programme\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\programme\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\programme\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

Nicnac120 03.01.2009 20:44
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 20:07:24
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*NULL*o*NULL*m*NULL*m*NULL*a*NULL*n*NULL*d*NULL* *NULL*&*NULL* *NULL*C*NULL*o*NULL*n*NULL*q*NULL*u*NULL*e*NULL*r*NULL* *NULL*3*NULL* *NULL*T*NULL*i*NULL*b*NULL*e*NULL*r*NULL*i*NULL*u*NULL*m*NULL* *NULL*W*NULL*a*NULL*r*NULL*s*NULL*"!]
"Order"=hex:08,00,00,00,02,00,00,00,54,04,00,00,01,00,00,00,06,00,00,00,76,00,\
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,31,\
00,00,00,00,00,99,38,47,af,10,00,4b,55,4e,44,45,4e,7e,31,00,00,30,00,03,00,\
04,00,ef,be,99,38,47,af,be,38,ec,ba,14,00,00,00,4b,00,75,00,6e,00,64,00,65,\
00,6e,00,64,00,69,00,65,00,6e,00,73,00,74,00,00,00,18,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,cc,00,00,00,01,00,00,00,be,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ac,00,32,00,b5,02,00,00,99,38,\
47,af,20,00,43,4f,4d,4d,41,4e,7e,33,2e,4c,4e,4b,00,00,82,00,03,00,04,00,ef,\
be,99,38,47,af,be,38,16,a0,14,00,00,00,43,00,6f,00,6d,00,6d,00,61,00,6e,00,\
64,00,20,00,26,00,20,00,43,00,6f,00,6e,00,71,00,75,00,65,00,72,00,20,00,33,\
00,20,00,54,00,69,00,62,00,65,00,72,00,69,00,75,00,6d,00,20,00,57,00,61,00,\
72,00,73,00,22,21,20,00,64,00,65,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,69,00,65,00,72,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,be,00,00,00,02,\
00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,00,32,00,c3,02,\
00,00,99,38,47,af,20,00,43,4f,4d,4d,41,4e,7e,32,2e,4c,4e,4b,00,00,74,00,03,\
00,04,00,ef,be,99,38,47,af,be,38,16,a0,14,00,00,00,43,00,6f,00,6d,00,6d,00,\
61,00,6e,00,64,00,20,00,26,00,20,00,43,00,6f,00,6e,00,71,00,75,00,65,00,72,\
00,20,00,33,00,20,00,54,00,69,00,62,00,65,00,72,00,69,00,75,00,6d,00,20,00,\
57,00,61,00,72,00,73,00,22,21,20,00,73,00,70,00,69,00,65,00,6c,00,65,00,6e,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,c0,00,00,00,03,00,00,00,b2,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,a0,00,32,00,9b,03,00,00,99,38,47,af,20,00,43,4f,\
4d,4d,41,4e,7e,31,2e,4c,4e,4b,00,00,76,00,03,00,04,00,ef,be,99,38,47,af,be,\
38,16,a0,14,00,00,00,43,00,6f,00,6d,00,6d,00,61,00,6e,00,64,00,20,00,26,00,\
20,00,43,00,6f,00,6e,00,71,00,75,00,65,00,72,00,20,00,33,00,20,00,54,00,69,\
00,62,00,65,00,72,00,69,00,75,00,6d,00,20,00,57,00,61,00,72,00,73,00,22,21,\
20,00,5a,00,65,00,6e,00,74,00,72,00,61,00,6c,00,65,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
00,00,c4,00,00,00,04,00,00,00,b6,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
00,a4,00,32,00,41,02,00,00,99,38,fd,b2,20,00,53,50,49,45,4c,45,7e,31,2e,4c,\
4e,4b,00,00,7a,00,03,00,04,00,ef,be,99,38,fd,b2,be,38,16,a0,14,00,00,00,53,\
00,70,00,69,00,65,00,6c,00,65,00,67,00,65,00,69,00,65,00,72,00,2e,00,64,00,\
65,00,20,00,43,00,26,00,43,00,20,00,33,00,20,00,4d,00,61,00,70,00,50,00,61,\
00,63,00,6b,00,20,00,34,00,20,00,44,00,65,00,69,00,6e,00,73,00,74,00,61,00,\
6c,00,6c,00,69,00,65,00,72,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,c4,00,\
00,00,05,00,00,00,b6,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a4,00,32,\
00,41,02,00,00,99,38,05,b3,20,00,53,50,49,45,4c,45,7e,32,2e,4c,4e,4b,00,00,\
7a,00,03,00,04,00,ef,be,99,38,05,b3,be,38,16,a0,14,00,00,00,53,00,70,00,69,\
00,65,00,6c,00,65,00,67,00,65,00,69,00,65,00,72,00,2e,00,64,00,65,00,20,00,\
43,00,26,00,43,00,20,00,33,00,20,00,4d,00,61,00,70,00,50,00,61,00,63,00,6b,\
00,20,00,37,00,20,00,44,00,65,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
69,00,65,00,72,00,65,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-436374069-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:61,4e,18,72,c1,62,52,1d,02,6c,45,79,c6,f0,b0,a3,3a,47,50,13,41,a3,30,\
08,23,42,27,52,cd,f4,49,9b,48,e1,c9,2a,47,86,38,94,c4,33,79,34,0d,d7,06,b5,\
22,ed,a4,99,d3,12,93,00,6f,62,63,9f,22,86,62,03,52,1d,0f,f2,09,be,e9,d9,41,\
6e,35,2d,c1,8b,5e,88,f9,b4,ff,96,92,b4,61,7b,6d,ef,01,d7,f8,f4,51,fe,03,c7,\
47,c3,73,a8,a7,5c,84,6c,91,b6,a7,12,30,29,5f,e9,e0,bb,46,aa,b6,71,32,f0,e2,\
a2,6b,03,02,e3,7a,e0,f8,bf,ab,ff,41,20,fc,1d,e7,2b,08,04,14,d2,b1,c0,12,a6,\
6f,a1,7c,2f,fe,10,4f,36,5b,31,38,9d,6f,52,08,c0,4e,66,b0,c4,7f,55,3d,7f,90,\
7a,de,f5,fe,5a,7f,15,8a,ff,16,da,54,cd,8a,45,0c,0c,d5,79,ff,de,47,d6,b5,b5,\
b4,16,41,a0,10,24,ed,85,9c,b6,c3,da,0e,3b,77,14,67,98,e0,b0,7f,9c,37,d4,82,\
6c,90,8d,47,93,57,bd,d8,69,af,db,98,86,b6,d2,4f,7b,c7,62,e5,b5,c8,ba,f7,a6,\
16,fc,68,eb,fc,45,4e,fb,97,01,f6,e0,6e,db,da,03,25,f0,18,34,c9,f4,80,6e,78,\
65,88,8f,dc,22,12,a2,f3,2d,dd,fe,e9,b7,84,88,87,4a,89,59,fd,65,7a,47,38,75,\
ea,67,46,e6,bc,c4,36,b6,ac,d4,5c,e8,6d,fe,1f,10,1f,78,df,ed,18,7c,17,d6,4f,\
5e,35,10,0e,61,bf,60,13,eb,5a,28,2f,ae,89,f0,eb,56,7c,77,bb,3e,d5,36,42,67,\
02,c0,46,2e,19,c4,24,10,89,51,08,89,5a,12,be,72,db,9b,f3,69,aa,25,19,38,1f,\
f9,0a,f4,40,21,eb,fc,cf,93,53,34,74,2e,ad,61,2b,01,0f,68,cd,79,f0,fb,b0,75,\
3e,2f,49,4f,c3,ee,7e,cf,44,ef,a5,94,8d,1b,93,0f,70,ff,4b,51,0d,54,30,28,35,\
51,8e,38,a1,ed,48,e3,7b,ba,53,03,d8,fc,65,7b,b1,bc,b7,d6,6b,ea,fd,5b,72,94,\
a7,4d,11,68,d3,10,51,aa,37,34,1a,f5,ae,e5,be,8a,93,83,97,ad,d9,40,d3,c2,ed,\
02,fd,f7,cc,70,f2,e0,fc,30,1b,c5,ef,c8,53,e8,97,53,b2,55,74,4b,3c,99,c3,dd,\
fc,78,28,b7,07,aa,b1,93,4b,f3,6a,c5,a9,24,d8,c8,91,f0,94,95,22,55,15,f5,bf,\
23,fa,25,88,bf,c3,c1,65,24,41,e3,db,aa,e4,3d,06,1a,f0,56,ec,72,a5,78,54,9f,\
ba,55,cb,91,e9,25,5d,87,64,ee,eb,df,11,ad,91,70,7a,cc,15,c2,56,7e,2c,f8,e2,\
14,b4,24,d4,c4,9c,31,cb,6a,8a,9e,77,a6,b9,45,a4,b2,08,2d,d1,5d,f4,da,dc,87,\
4c,8a,2f,33,6d,e3,33,ea,f0,dd,82,29,5b,81,32,9f,3c,da,29,ae,9b,bf,e2,08,96,\
d7,f6,60,fd,22,06,dc,62,23,d9,d2,75,dc,c1,bf,7b,1e,05,0f,97,e5,4c,05,08,10,\
75,13,3c,6a,90,47,3b,2e,0a,66,e2,3e,cf,8e,ac,9e,0f,e6,36,e5,d7,cc,93,26,59,\
55,f9,58,ab,e0,ea,d7,dd,ef,26,bb,98,05,61,c0,36,d5,05,51,c8,a4,b1,0b,28,4e,\
34,90,e6,ff,bd,53,19,3e,4f,ff,fa,21,2f,9c,1d,8e,bc,1c,5f,39,34,bd,84,2e,95,\
89,8b,15,77,ed,18,46,e8,90,57,85,08,46,6b,63,20,8d,8a,b3,fe,46,5c,d8,3a,52,\
7e,06,a4,74,06,eb,6e,bf,ae,b7,db,c2,6b,77,37,c9,cb,d0,9e,67,2e,b6,fa,c7,ba,\
c2,75,43,60,50,fa,2c,d6,93,f7,f2,8e,dd,ac,e3,74,3d,62,3e,6b,b1,ce,19,a0,91,\
50,f8,1a,5f,35,00,f6,71,7d,8d,c1,48,0e,c0,87,b0,58,21,c1,59,02,e9,21,be,7d,\
2f,ec,45,1f,71,59,aa,7d,60,34,20,94,ce,66,bc,41,57,05,48,dc,17,25,0e,37,a0,\
0d,8c,ed,88,cd,97,83,04,12,a2,9f,37,d9,22,d0,d7,e7,24,db,aa,02,3a,1d,a7,02,\
e1,ca,de,d0,9c,c1,b3,08,76,ad,60,77,38,3a,98,bc,fc,a8,64,a1,30,ba,a6,67,cd,\
c2,8d,42,ef,48,ae,cc,ab,62,bf,ae,52,2d,40,cc,c8,db,e7,ab,a0,7a,c4,04,34,7f,\
97,10,15,1e,f4,92,8a,c3,5e,f0,ff,b8,02,d2,b7,ac,6b,e1,a3,bf,99,f3,06,4d,97,\
2f,cf,3e,6f,00,80,3b,23,06,81,53,4f,80,e3,1a,e5,21,9b,08,46,2a,91,82,70,6e,\
76,1d,82,f8,57,0e,f4,f5,db,7f,08,15,cc,79,b3,65,06,4d,46,a0,1c,d8,01,e7,b8,\
74,a4,95,de,8d,33,95,5a,a4,ee,d2,bf,2d,c7,2b,e3,66,49,97,e9,d4,f3,49,a0,b7,\
06,22,9e,b1,3e,a7,31,52,1b,3b,8b,d5,0d,52,3c,2e,b9,fd,11,37,8a,0d,64,20,35,\
82,b8,dd,17,3b,e2,b4,63,4c,a0,9b,a6,46,a3,aa,60,ab,82,39,d4,1e,43,db,c3,96,\
6d,12,6b,60,26,00,39,1f,e2,41,68,ee,ce,5e,2c,bd,52,c7,b7,29,be,55,b4,81,7e,\
94,b5,e9,2b,0f,95,d0,9b,81,25,2c,1d,ce,88,29,9b,81,14,18,82,79,19,76,b4,3f,\
4f,09,f1,0e,be,cb,bf,ce,8d,9d,2b,6b,75,f1,2d,39,75,d9,23,10,13,40,15,8f,c5,\
f3,67,0b,cf,dc,e4,1f,68,b1,c7,49,0e,f8,c3,07,2d,23,80,2f,96,d9,a6,c4,93,83,\
32,a5,2a,6c,e0,51,6a,bf,94,87,6d,8c,4f,2f,70,80,bf,f3,6a,04,60,82,b4,30,8d,\
c9,a9,14,b1,c8,5b,b4,ea,04,f8,02,9a,07,66,f2,4d,99,31,07,e6,f9,41,90,ea,ad,\
45,2f,31,51,89,63,df,0c,7e,01,cd,f1,bc,82,55,c6,b2,d3,2d,15,05,8c,92,ac,42,\
00,22,0f,03,8a,36,a4,f0,89,1f,e6,23,77,cb,df,47,f4,92,7f,58,ad,98,8b,f3,89,\
a8,16,43,0b,d1,7b,83,dc,17,42,ad,c1,a4,55,2b,4f,a5,74,f7,86,3c,47,8d,a0,9b,\
c9,19,58,af,70,b7,04,2f,4e,fa,b6,a1,02,aa,42,79,c8,5d,7c,6b,c4,74,89,c7,db,\
2e,04,f9,57,ba,ca,57,44,1a,84,fd,bb,de,9e,97,8c,06,f3,83,c4,45,45,ce,c3,39,\
08,47,12,93,b3,47,8c,5f,a1,7b,ec,d4,8b,57,fe,b5,a9,c6,3d,24,59,49,ce,29,74,\
41,14,84,c2,d5,1f,a7,bb,c6,cb,97,fc,49,46,04,eb,db,df,cf,94,f2,02,54,53,d3,\
27,e4,48,a9,9c,83,50,29,57,c7,98,dc,f9,aa,c3,5f,50,1c,cc,99,58,8e,da,fb,d4,\
18,c0,06,01,17,bf,e9,0f,50,56,d0,fa,e1,ce,d7,2d,24,24,ef,b4,6d,bf,6f,78,bc,\
f6,0b,7e,54,71,77,d0,6c,4f,6e,af,cf,e5,02,5e,8c,0e,31,e8,8a,4c,cf,c4,28,80,\
42,f5,9f,d3,5c,3f,ec,b9,ec,5e,bb,c0,55,c8,a1,e3,b1,03,31,15,64,11,1a,db,ef,\
1d,b2,e1,ea,07,77,5c,66,28,14,c4,5e,8b,c4,d2,90,5a,11,e6,04,d3,e4,43,f6,11,\
32,fa,75,31,91,da,67,80,85,1b,16,bc,d7,8f,d2,5f,60,ef,1f,ad,86,30,2f,d1,f0,\
9b,fe,a1,ee,bd,f6,f6,74,db,87,3c,d6,ee,58,a8,e2,26,a9,c6,b4,1d,29,ca,25,c1,\
3c,bf,27,e7,44,d7,18,ef,96,52,aa,0c,92,e7,83,d6,9e,e8,e9,14,38,88,f1,77,08,\
d3,65,40,0e,04,be,13,01,a7,c4,ea,51,d2,e7,bf,51,9f,dc,4b,97,ff,07,06,95,8f,\
08,07,eb,b7,d5,44,b4,c3,a6,ad,b9,d3,61,ab,e8,c6,94,c0,8d,f0,6a,59,d2,8f,ec,\
5c,80,ec,da,4c,bd,ad,71,e5,23,8d,de,a7,9c,dc,c7,72,0d,15,83,8c,9d,6b,dc,11,\
69,3e,45,44,75,d4,ca,f2,6c,0c,25,8d,f6,4a,a4,1b,94,aa,b6,71,c3,cf,e5,89,93,\
5e,b6,1d,08,32,42,00,93,f5,79,28,53,41,67,5b,c4,6e,71,0f,c1,77,cb,3a,93,c7,\
69,6e,ac,00,eb,87,3b,b1,29,79,cb,48,22,e7,56,ef,a3,9f,3d,74,d0,64,0a,c5,7e,\
4d,a2,73,4d,73,43,4f,db,44,0b,96,12,b8,8e,70,ac,2f,a5,d1,47,c2,50,fd,15,3a,\
9d,56,4e,eb,b9,3f,ed,36,6f,ed,15,fb,5c,f3,37,75,fe,c3,df,da,d2,61,e6,ce,54,\
f9,c4,ed,4f,37,ac,18,ae,b6,f2,aa,63,14,d7,78,f7,fe,3c,1e,f2,7b,7b,ab,43,be,\
28,3c,87,b0,10,c3,b9,1a,2e,33,ed,72,0e,50,11,d5,e0,ca,0f,5f,79,a3,87,0e,59,\
93,0d,4c,e0,4f,24,3b,ac,fd,cf,a0,b9,1b,3b,17,9c,a7,2b,01,08,ee,f9,92,f8,9f,\
f8,6b,ec,3c,b2,e5,52,66,ab,c9,75,16,ec,55,48,55,3a,1d,f1,06,59,01,05,1c,88,\
71,53,69,d0,b7,24,f2,db,dd,94,27,42,e5,39,d7,3f,f8,03,20,cd,f3,d9,b4,f5,25,\
9a,08,45,de,10,47,b3,4e,34,7e,0c,69,f5,d3,6c,e7,01,48,21,be,35,b6,a4,2c,11,\
23,ed,90,88,26,d4,e1,fe,08,6c,68,39,d9,8e,5b,24,ba,71,e5,bf,c5,01,39,e2,11,\
f1,10,f1,80,51,6c,d4,cf,90,20,9a,81,66,54,56,a7,27,cf,35,63,d1,a7,0c,86,bd,\
7b,6b,ba,1e,2e,fd,44,4a,a2,3a,f1,e7,af,7e,90,9d,86,f5,34,5c,e7,4d,fd,c5,fb,\
35,b5,6a,6c,3b,e3,e3,e5,ea,82,16,18,29,8b,5a,bf,27,11,94,60,f4,fa,62,5e,b8,\
4c,63,a9,0d,d2,da,4e,d3,82,c9,74,05,10,4d,a9,1d,bf,99,9e,56,e9,5b,82,74,a8,\
58,0f,26,ef,c2,13,aa,a5,31,27,fe,1a,41,d7,f1,fc,18,10,9c,6f,1e,52,87,ca,be,\
f3,4f,18,85,6b,ec,1f,4b,50,9c,6d,9e,9b,4d,c2,08,4a,e2,6d,e8,b7,fb,44,3e,ca,\
4c,3e,e6,aa,07,ee,ff,1e,01,c0,59,df,8a,a4,c4,55,44,10,0e,be,bb,20,62,48,5e,\
b1,f5,d9,26,b1,ed,e9,2e,b1,d5
"??"=hex:0c,0e,e2,8c,10,2d,4c,3a,80,b3,79,b4,4a,e6,6a,8a

[HKEY_USERS\S-1-5-21-436374069-484763869-839522115-1003\Software\SecuROM\License information*NULL*]
"datasecu"=hex:06,f5,15,6a,a2,b0,93,40,6a,97,49,7e,3b,00,4f,86,50,40,78,dd,db,\
1f,1e,0b,9a,66,3e,09,8c,66,6d,e0,cf,17,ed,ac,83,59,03,c8,3a,8c,bb,ab,ad,40,\
67,76,be,dd,39,dd,e2,26,cb,fe,fc,2e,9a,c0,b4,c0,86,3f,42,9a,c2,c0,de,02,36,\
75,a1,79,dc,67,4d,26,4a,2a,22,e4,b3,88,56,e5,76,90,75,3b,76,86,89,cd,1a,d2,\
13,dc,98,bd,9d,a0,3e,ab,db,07,e5,ee,2a,e1,6d,18,ab,7b,06,b0,87,cf,35,2c,21,\
e0,68,d6,5c,61,4f,cb,40,7e,d3,1c,64,3c,ba,e1,1b,69,8f,e7,74,9d,29,a8,a6,da,\
d8,c7,52,b1,b0,e2,53,a4,29,65,5e,1b,b0,ea,fb,b9,b2,b8,72,4e,31,c4,fd,14,fb,\
e6,ea,50,a5,a1,ca,14,04,32,81,ca,1a,32,00,47,ee,21,b4,e6,97,f5,d6,d1,e6,99,\
f4,bb,60,41,6f,b2,0e,02,a6,3d,43,35,1b,04,39,b9,b2,3b,de,9b,87,2a,31,b2,73,\
a4,87,cb,fb,6f,d6,bf,3e,1e,89,7e,8d,a0,da,ac,5e,d4,bf,af,ef,e6,41,c0,ca,27,\
fb,cc,07,a6,a7,e2,c8,f0,11,8b,52,c7,46,dc,1e,2d,bd,53,10,6b,71,25,12,60,4a,\
57,56,43,3c,cb,4b,2e,c6,e7,e5,a3,15,ee,b7,8e,4f,e1,40,5f,32,12,a9,cc,41,d7,\
02,cc,1a,68,1e,7d,5b,61,3e,79,bb,62,5e,1f,22,0d,a9,60,d2,3b,21,a9,0f,70,79,\
1f,a6,00,87,17,46,b9,3e,a9,b1,0d,72,bb,5e,6b,5b,40,60,40,f3,37,0f,9b,31,c6,\
a0,c2,81,5d,ef,1d,45,29,74,47,a6,72,d3,ce,8a,53,ad,02,19,18,2e,66,9e,c7,d1,\
b7,8b,96,1f,36,1f,43,62,ab,fd,82,84,27,38,27,b6,db,77,10,d4,b3,97,c9,ce,71,\
e3,66,ad,17,9f,68,52,1a,d3,85,ec,ae,6e,97,55,1a,55,d0,13,68,ee,8d,f2,96,71,\
ec,84,12,fc,a9,a9,20,d2,ba,c4,09,59,42,c9,11,d7,c9,5e,e6,f4,6a,da,50,f4,c7,\
45,06,18,72,b1,f4,61,76,bd,d2,79,3f,f2,ec,4f,76,d8,e4,a8,01,44,1e,d7,7e,b6,\
a5,a6,b0,42,9f,ea,f9,8d,b5,34,bb,ef,c2,c7,96,ec,2a,57,ce,23,e8,a9,41,96,7c,\
28,f3,e2,b4,24,95,01,39,10,36,6e,dc,70,a0,d1,b9,01,51,57,59,99,7a,67,5c,63,\
aa,5e,13,7b,25,98,d9,1b,52,ad,97,fb,2c,ec,af,74,d1,72,6b,81,ce,10,62,1d,b2,\
7e,b8,7b,8d,eb,df,14,39,d3,6c,b3,82,5a,48,fb,42,37,26,67,36,95,55,7e,87,8a,\
33,da,ec,f6,e1,a1,bd,56,c4,49,e2,d6,6d,05,d5,2f,b3,a0,6f,80,0b,21,44,cc,56,\
a2,7a,4a,25,f4,00,ad,0a,93,dc,83,7a,27,2d,b4,e6,9d,3e,ab,07,4f,ca,00,3c,b1,\
0f,d1,7c,90,2a,72,5a,34,4f,81,60,7d,ca,42,bd,ca,cc,e3,79,73,6c,2a,ff,a8,7d,\
13,2f,03,5e,63,47,92,cf,58,d1,4c,a0,9c,23,ce,74,20,c4,6d,e1,b2,3c,b6,84,02,\
de,70,49,f4,dd,1d,15,f5,52,55,05,6b,33,b5,f6,12,c1,e9,f7,47,50,a6,69,f3,81,\
16,7e,9a,47,24,53,e2,fc,dc,15,08,b3,b9,aa,0e,e0,55,dc,e1,d9,4a,b5,68,18,03,\
64,0f,65,35,89,b6,1a,bd,b6,e2,4d,71,9e,1d,ec,cf,5a,31,98,4e,8b,f4,d2,63,21,\
78,26,fc,3e,bf,93,9a,6c,a7,a2,72,ae,90,d5,7e,90,99,74,50,d1,71,22,86,38,eb,\
5f,65,15,f7,38,67,61,db,ae,8d,15,b9,29,4b,56,ea,78,18,82,5e,79,e1,a4,e5,8c,\
6a,09,df,60,8d,a7,ff,14,37,05,13,00,8a,43,ea,ea,7b,91,92,5d,df,05,da,83,11,\
61,70,24,b3,c9,46,ac,39,ae,8f,25,f4,5b,39,42,9d,d8,94,f7,39,88,ea,4f,e8,39,\
50,f3,d1,8a,c0,20,e7,20,01,11,45,09,62,03,53,86,bb,91,71,3e,3c,2a,01,7a,7a,\
ed,4a,c1,d4,29,a8,00,f1,a0,ec,3b,4e,9d,55,bc,f4,9f,1d,17,5a,2b,58,ca,cf,12,\
34,61,aa,34,2f,a9,9d,c5,c3,07,de,be,28,f3,1d,84,9c,4a,57,fe,9f,6d,64,75,ed,\
cd,1a,d3,ba,04,c3,68,ae,3f,c6,a9,aa,59,0c,48,4d,4b,3f,0f,20,b2,22,78,3e,f0,\
c8,0d,53,47,25,13,26,c9,b8,1a,15,55,ab,79,20,f3,8a,72,a4,85,74,4e,b2,74,cc,\
49,6d,ec,60,4a,b3,79,c4,e0,b5,c7,44,f9,95,a2,71,63,6f,5e,6a,4e,36,9c,dc,f2,\
8b,ff,0a,9c,e7,38,cc,53,d6,17,f2,11,75,74,f9,96,97,5e,97,15,f8,32,d6,bb,aa,\
86,25,33,8f,6e,02,3b,21,3d,08,e4,97,73,83,04,38,66,e6,67,e9,11,ce,ad,1f,a2,\
eb,f7,3b,64,04,e4,d5,7c,fb,1a,64,f1,a3,ad,b1,5c,88,e5,75,3d,53,0a,af,28,aa,\
2b,49,de,5a,94,5f,0f,c4,10,a6,32,02,52,8c,15,55,f5,28,b3,02,5c,a5,60,17,75,\
76,5b,c9,56,eb,71,b4,33,0b,d6,3d,01,1e,01,42,72,b7,97,a5,bc,74,45,c5,06,24,\
00,e3,fd,0e,21,a8,8a,a4,7b,2f,67,8a,20,2d,89,2e,8e,7f,9a,71,6b,a7,3f,fe,57,\
38,e8,ab,56,36,11,66,29,ea,81,9b,e9,0b,db,af,e0,70,5d,ac,79,9a,51,ea,24,c3,\
65,be,47,ef,8c,3d,cb,0d,f2,f8,89,b7,cc,fe,d4,fe,bf,54,fe,de,14,6f,d4,d6,bb,\
0d,fc,a5,5e,f3,f2,34,e5,0f,ea,e0,e3,d2,03,e7,42,23,b1,f6,6f,5f,c2,3e,1b,2f,\
96,78,65,64,29,55,49,67,f3,5f,e7,4f,94,96,96,54,56,65,9e,5f,94,f5,0f,46,31,\
b9,26,7e,6a,f9,1d,50,f0,0a,63,6a,23,ca,9d,f3,45,df,aa,a7,ba,2c,1f,19,6e,18,\
74,72,8b,6a,06,0d,41,7c,ec,8d,a0,4c,f5,8d,66,3c,0c,d1,34,d1,79,b3,45,8f,d9,\
34,14,aa,13,54,f7,d8,7b,aa,bd,01,14,ac,04,05,75,ca,1e,70,4b,46,62,37,18,ff,\
5c,c7,34,ed,e0,aa,df,0f,e5,6d,62,46,18,09,0d,3d,41,33,39,0b,86,8f,7f,44,be,\
e4,8c,30,cf,0b,33,61,d5,0c,79,84,7f,1c,68,a0,69,4c,fb,0e,8b,1d,79,2c,16,dc,\
c4,e0,d2,1e,53,ab,3d,e2,48,f9,d8,c8,ca,83,c4,7f,d7,f6,23,e3,7e,ff,12,eb,01,\
86,2d,0f,fc,99,ab,81,8a,88,8c,55,f2,3c,2e,c1,d1,72,8a,64,20,af,9a,90,15,12,\
b1,88,f2,e9,02,9f,b4,38,f1,e4,31,c3,02,e8,99,c3,66,9b,f1,63,cc,55,42,35,dc,\
4f,9d,77,ab,9b,06,7b,7a,92,44,9d,9a,92,fd,4f,76,94,3f,2c,ff,7d,63,a5,63,82,\
c9,b8,61,52,20,5d,40,5b,3e,9b,8a,ec,90,cc,64,e0,87,09,1c,9d,f7,2b,88,94,06,\
b6,2c,d6,e5,10,9e,6b,f9,4f,b0,c1,fa,db,ec,2b,6c,5e,a8,80,24,a1,e6,36,6e,f2,\
f4,8d,2f,2f,9d,cb,6b,29,92,03,58,38,20,13,58,b0,5d,f2,6b,d9,a3,5c,84,e6,84,\
b6,7d,3b,c2,57,45,1f,eb,13,7c,cc,0d,e1,3b,90,e8,23,4b,dd,f2,f1,bb,8b,44,63,\
eb,44,c0,b2,7d,04,1b,e6,a5,e3,10,26,07,8e,34,c1,94,8b,6a,15,8c,ef,dc,bd,79,\
2a,6d,3d,dd,2b,bd,37,7e,98,5f,11,8f,1f,22,f8,37,3f,8b,99,c9,1f,6c,6e,8f,59,\
99,b2,d7,f9,b3,94,07,3b,b8,15,19,89,24,90,24,75,bc,27,a7,72,5b,9c,9e,77,a1,\
ba,46,47,d1,d9,7b,17,48,61,30,83,a0,10,ba,30,55,84,cc,1b,ad,f5,09,6b,de,39,\
71,c8,65,57,13,d8,81,1a,2d,d6,99,5e,4a,43,3c,8d,bc,c2,fd,b6,69,cb,eb,cc,fe,\
d0,13,ea,20,ed,7b,46,9c,4d,d5,a4,66,8b,48,ff,ed,19,50,65,89,be,39,c1,95,67,\
2f,5c,7d,b6,da,b0,fe,73,f6,2f,b6,a3,6d,ee,b1,62,bd,34,72,13,a5,44,fa,ee,9d,\
13,85,97,38,b3,45,60,2e,e7,ef,8f,df,37,f7,70,ad,d6,10,ea,1c,fc,80,a1,14,17,\
61,94,fb,42,6b,f6,46,b3,f4,8d,51,7e,f2,0d,f6,30,3c,15,0d,82,e5,b6,34,c9,86,\
4f,90,bd,f5,a3,f6,5f,a1,f6,ef,17,ae,c3,11,92,61,97,52,2e,ea,c3,3c,46,7a,d9,\
28,cb,0d,0c,60,e2,54,ff,30,e5,f3,24,7b,20,e1,f8,1b,47,4f,29,20,5e,0e,52,67,\
1e,ab,75,8a,96,cf,d6,e0,53,f0,57,1f,62,aa,f5,50,96,cf,be,3e,45,a4,af,5f,52,\
a4,53,5b,5d,9a,82,f5,da,49,a6,3f,d4,a4,36,ed,b9,19,c5,1a,53,c2,ce,8c,99,00,\
78,aa,2f,25,85,99,69,cd,9a,bf,8f,29,3b,ef,06,22,8b,03,8b,20,a6,3f,20,34,f7,\
70,7b,3f,a1,cd,4e,fe,cc,ab,34,05,56,44,27,88,e5,a6,d3,7f,98,c9,01,16,fd,dd,\
0f,c6,e5,ec,af,f2,a5,bf,77,5a,8a,4e,89,fe,d8,01,98,99,87,1a,fd,2c,cd,23,5a,\
8c,55,89,5c,23,6f,e1,fa,6f,1a,26,43,7a,64,a0,cc,4b,91,d8,33,0a,ce,96,67,44,\
f5,6a,9f,e1,da,45,8b,e2,97,c4,03,d9,46,1f,bc,bd,00,d1,31,60,1f,d9,b7,c5,63,\
96,2b,6b,ae,22,cb,ca,31,3a,8c,26,e1,46,7b,6a,87,f0,50,4c,8d,e2,ee,e8,80,bf,\
7b,3c,1d,85,44,a8,b0,9f,54,83,53,17,ad,f9,2f,d4,41,73,5d,2e,de,5e,14,6e,e3,\
3e,6d,af,6a,a0,9c,32,a4,33,47,d1,48,18,3f,90,d7,2a,1f,32,a4,11,8d,e6,8b,02,\
1b,69,ba,de,04,4d,0b,c4,0c,40,98,ba,cb,2e,4f,de,45,fe,78,13,57,66,90,29,90,\
ff,5d,98,e9,24,a3,11,57,09,85,f5,f5,4e,6c,9d,30,6f,cf,83,c8,52,e4,41,de,f0,\
24,ed,e1,5a,bd,4b,cc,ba,7d,69,bc,65,5e,b5,30,3c,fd,60,12,49,0d,fb,fd,55,79,\
7c,c6,0d,0c,e4,85,b1,c4,97,d3,74,ae,8f,d1,7c,34,d8,f9,ea,ef,48,71,ee,70,e3,\
43,9a,d7,12,da,d1,f8,5a,3c,58,05,da,9c,b6,7f,35,93,c4,b2,93,63,dc,74,75,fe,\
2e,42,e0,5b,de,5d,e4,a2,90,aa,d3,c9,5b,02,8f,bb,c4,cb,ba,94,dd,65,0a,cc,05,\
b3,34,9b,33,77,26,5e,35,35,93,45,05,4a,46,7a,d0,d6,2e,04,cd,d2,6e,22,7e,4f,\
f4,5c,ad,20,2d,a3,43,d7,8d,7d,e5,f0,a5,8d,82,31,c0,97,a3,6a,97,59,b1,19,9d,\
a6,cf,cf,e1,59,63,3a,9e,59,9e,be,8c,e3,7a,43,a6,02,de,50,ec,57,1a,dd,79,66,\
45,77,9f,5c,84,b2,ad,e5,96,d8,a5,93,f9,3b,b9,44,77,67,76,36,27,3a,72,f2,b9,\
d8,5b,91,68,0c,38,1d,59,f9,43,86,34,e7,11,28,55,15,b7,39,17,02,a4,30,ae,71,\
62,16,fe,7a,ec,3a,7c,31,b4,aa,f1,11,86,70,8c,37,09,1e,68,e5,52,fd,26,ee,1b,\
09,87,2b,ae,b7,84,49,c5,1f,c7,b9,c4,71,24,92,32,ed,45,d2,41,fa,bd,19,e2,e2,\
4a,fa,9d,e7,f9,ca,2d,57,54,22,61,58,33,29,da,68,4a,21,ab,c7,8a,bf,06,c1,c3,\
bc,60,9b,1a,a5,20,62,a3,79,0a,ba,34,3f,6a,fa,e7,e3,ba,45,13,79,2f,88,48,82,\
80,0c,8f,71,75,ed,ee,d1,9e,10,c7,54,86,c6,7d,69,15,69,7d,1d,97,85,70,ae,39,\
46,b5,91,ba,f9,e0,ad,56,17,84,1b,4e,4d,07,4e,e3,49,cb,c9,92,f5,00,4e,90,d7,\
5f,24,fc,97,f9,39,c4,19,b2,45,2c,a1,29,8e,46,b2,a7,f2,f2,6b,61,55,fd,76,bc,\
ec,aa,d9,13,d1,17,33,c3,2c,03,50,fd,00,cf,d5,4e,38,29,b0,49,fa,e3,c5,d2,4e,\
79,7c,47,e9,0b,b7,c0,5e,d8,19,3d,78,b1,b9,d0,0f,1d,a4,43,fe,96,b9,47,9c,d1,\
74,39,10,cd,3f,8a,88,64,1e,55,4e,c6,23,b3,a1,9e,73,e6,60,17,e7,da,28,dd,c9,\
09,26,f6,a1,6c,e1,81,9c,55,b6,c5,1b,47,37,a8,4d,a0,06,77,3f,1b,db,21,10,90,\
2f,37,10,30,d2,25,69,44,1f,c5,44,f4,a3,1d,3c,40,18,5f,8a,74,0d,0e,49,bd,bf,\
50,c0,d8,b3,08,e2,69,a2,8a,f9,15,dd,6e,3f,79,16,25,cb,54,93,04,58,e2,fc,d3,\
cf,53,95,86,23,16,aa,b8,2d,c5,e5,9d,cf,e3,b2,b7,dd,f6,08,c5,5f,d8,7d,62,6b,\
24,9b,78,1a,bd,2c,b3,e6,1b,15,3e,74,43,bf,13,50,fc,1c,fb,c2,ed,e5,f8,5d,61,\
a0,c3,29,d9,8b,33,88,27,c3,a2,f9,ce,04,79,a0,d2,2e,d0,c7,a3,c4,b8,d3,31,13,\
15,30,45,f7,68,c8,15,1d,e6,fc,78,04,72,b9,2d,3c,ff,46,ca,e3,57,27,4a,61,b3,\
57,f2,16,05,6d,eb,12,39,98,19,2d,3e,3b,30,aa,e4,32,e8,5f,9f,0a,05,21,fa,13,\
0b,40,4a,b6,62,32,37,28,8d,be,09,3f,b2,e7,c0,c0,5f,db,90,0e,3f,fd,d6,59,63,\
b1,e1,aa,ca,1d,51,71,e5,1e,f7,57,a3,81,97,37,39,17,aa,22,9e,28,bd,6c,a6,c3,\
d6,21,73,6e,cc,f9,14,db,cb,f6,eb,8c,1e,fc,9d,f0,21,93,d6,7b,99,ec,04,90,9d,\
13,6e,7e,9e,4a,f9,5f,fb,5d,91,6e,c6,f7,44,e5,62,eb,f5,ff,5d,b4,f2,e2,36,ef,\
2c,a9,93,e0,17,fd,41,90,ef,23,cd,b6,51,9d,cb,09,ca,d8,09,14,0e,af,72,6a,f7,\
e8,e5,f2,d2,19,a0,6d,7f,0f,e2,10,53,c2,6b,b3,59,0c,3c,90,1e,13,49,9c,0c,26,\
1a,30,8f,64,7c,92,e8,65,e6,0b,da,e0,91,17,0d,df,df,56,1c,26,8b,0e,5e,2e,94,\
a8,df,42,0f,a3,37,6d,f8,c4,d2,f9,ce,c2,1d,e4,89,fb,f2,3e,ac,6d,4d,cb,1c,16,\
99,78,08,f7,26,cd,b2,80,02,c9,ac,38,d4,b3,70,b4,8b,fd,df,4e,79,69,c8,d2,13,\
f4,6e,11,71,88,69,3d,39,34,f3,fe,03,a8,57,a8,1c,ed,1a,60,31,96,98,03,d2,ac,\
64,53,d7,b7,1f,33,b2,a6,fc,a1,30,cc,94,5d,10,a4,29,ca,2e,46,b7,6b,d8,47,ef,\
6a,30,e9,f8,5e,80,fe,61,60,c6,ca,59,09,aa,b8,46,d1,05,8a,55,a8,b3,38,94,37,\
31,3b,78,6c,6e,fa,98,8a,ea,f8,81,87,0d,ba,bf,83,bc,6a,fb,a3,7a,cf,de,85,21,\
ff,1a,83,45,7b,1a,46,bf,40,00,e2,20,ed,65,e1,4c,fb,d0,3a,24,06,41,63,ef,72,\
b0,ce,02,35,0d,dd,6b,6a,e2,83,9f,27,87,18,05,6f,40,49,c4,cc,60,e2,9f,15,76,\
8d,fc,52,e5,7a,97,51,e9,ad,0f,6e,89,d4,cd,8a,10,56,32,bb,08,b0,27,6f,78,98,\
3e,25,9f,98,4b,b0,ce,83,0b,29,a7,c6,a9,ab,44,b6,d9,f3,85,c6,5d,cd,11,4b,87,\
44,68,fa,b6,0b,2d,9c,33,a7,47,17,8d,84,44,df,32,1c,5f,64,61,de,28,7b,10,94,\
58,7a,9e,bc,53,fa,3c,d0,4d,59,0f,63,ec,35,e2,53,e1,81,17,b3,5e,31,4c,0e,0b,\
ea,81,4d,4d,80,c4,14,22,00,41,8f,75,b0,5b,cc,2c,24,d1,69,67,b5,a0,a3,72,46,\
0e,77,6e,ed,d4,a0,0d,76,45,15,6e,d0,4d,70,61,4b,b2,d2,a1,37,35,79,93,62,ae,\
95,ba,52,5e,33,bf,fb,68,3e,ae,6c,b8,3e,b1,7e,2c,c8,e5,dd,39,8e,f2,aa,8a,c0,\
47,1c,df,35,6b,24,57,5c,85,67,7e,90,19,b1,50,cf,c2,67,2d,c8,d5,de,ff,5c,9d,\
b7,58,44,ec,b7,46,5f,d1,90,b3,a8,eb,7f,23,aa,64,4f,23,b8,61,58,98,f7,4d,a4,\
9c,1c,5f,6a,52,43,11,8a,40,95,8e,bf,af,29,a2,32,75,49,d0,c4,9b,f9,aa,e1,0a,\
83,69,88,84,44,b7,81,ef,55,ce,d3,4b,13,ca,fe,94,c8,0b,4f,a8,11,48,d9,3c,28,\
43,12,29,83,d5,f5,b5,e7,ed,57,c7,eb,c2,c8,e0,c3,84,86,a8,a2,40,53,66,61,cf,\
32,89,e1,e8,70,36,be,5f,6a,03,90,53,7a,03,90,53
"rkeysecu"=hex:40,74,ba,b2,1f,cd,0e,dd,71,9e,88,eb,0f,ad,e2,82
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-01-03 20:10:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-01-03 19:10:49

Vor Suchlauf: 30 Verzeichnis(se), 24.980.004.864 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 24,887,103,488 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

524 --- E O F --- 2008-12-30 16:08:44

Nicnac120 09.01.2009 13:50
So danke für die Hilfe,
das Problem war bis heute behoben, aber jetzt kommt die Fehlermeldung schon wieder.
Soll ich die Programme nochmal durchlaufen lassen, oder einfach mal meinen ganzen PC neu formatieren?
Gruß Nicnac120

gagsman 09.01.2009 21:56
hi!
da hat sich das rootkit ziemlich tief in dein system eingebaut.ich würde dir zum neuaufsetzen raten.hatte nämlich ebenfalls den "spaß" mit nem rootkit und das war wirklich ätzend!hier gibts auch ne super anleitung zum richtigen neuaufsetzen:
Anleitung: Neuaufsetzen des Systems + Absicherung
hatte danach auch keine probleme mehr.läuft alles wieder super bei mir!

schönes we!

Nicnac120 10.01.2009 15:09
Ok danke werd ich mal vesuchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:56 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129