Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
AKM Virus

AKM Virus


Log-Analyse und Auswertung: AKM Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.05.2012, 22:14   #16
mikefx
 
AKM Virus - Standard

AKM Virus


Und hier das CF Log:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-14.03 - admin 14.05.2012  19:40:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4095.2442 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))
.
.
2012-05-14 11:57 . 2012-05-14 11:57	--------	d-----w-	C:\_OTL
2012-05-11 14:39 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 14:39 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-11 14:39 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 14:39 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 14:39 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 14:39 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:38 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-11 14:38 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 14:38 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 14:38 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 14:38 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 14:38 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 14:38 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-03 14:13 . 2012-05-03 14:13	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-03 14:13 . 2012-05-03 14:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 14:13 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-03 12:20 . 2012-05-03 12:20	--------	d-----w-	c:\program files (x86)\ESET
2012-05-03 12:03 . 2012-05-14 20:42	--------	d-----w-	c:\users\admin
2012-05-03 10:14 . 2012-05-03 10:15	--------	d-----w-	c:\users\Gast
2012-04-26 16:36 . 2012-04-26 16:36	--------	d-----w-	c:\program files (x86)\Dnote Software
2012-04-25 19:49 . 2012-04-25 19:49	--------	d-----w-	c:\program files (x86)\MyTomTom 3
2012-04-25 18:01 . 2012-04-25 19:49	--------	d-----w-	c:\users\Papa\AppData\Local\TomTom
2012-04-25 18:01 . 2012-04-25 18:01	--------	d-----w-	c:\users\Papa\AppData\Roaming\TomTom
2012-04-25 18:01 . 2012-04-25 19:49	--------	d-----w-	c:\program files (x86)\TomTom International B.V
2012-04-25 18:01 . 2012-04-25 18:01	--------	d-----w-	c:\program files (x86)\TomTom HOME 2
2012-04-22 14:39 . 2012-04-30 17:20	--------	d-----w-	c:\users\Daniel\AppData\Roaming\.minecraft
2012-04-20 20:49 . 2012-04-20 20:49	--------	d-----w-	c:\windows\de
2012-04-20 20:45 . 2012-04-20 20:45	--------	d-----w-	c:\windows\da
2012-04-20 20:45 . 2012-04-20 20:45	--------	d-----w-	c:\windows\el
2012-04-20 20:45 . 2012-04-20 20:45	--------	d-----w-	c:\windows\en
2012-04-20 20:45 . 2012-04-20 20:45	--------	d-----w-	c:\windows\es
2012-04-20 20:45 . 2012-04-20 20:45	--------	d-----w-	c:\windows\fr
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\hu
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\it
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\nl
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\pl
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\sl
2012-04-20 20:44 . 2012-04-20 20:44	--------	d-----w-	c:\windows\tr
2012-04-20 20:35 . 2012-03-08 16:40	48488	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2012-04-20 20:32 . 2012-04-20 20:32	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\bb09d7571cd1f3402\MeshBetaRemover.exe
2012-04-20 20:32 . 2012-04-20 20:32	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ba6a5b251cd1f3401\DSETUP.dll
2012-04-20 20:32 . 2012-04-20 20:32	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ba6a5b251cd1f3401\DXSETUP.exe
2012-04-20 20:32 . 2012-04-20 20:32	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ba6a5b251cd1f3401\dsetup32.dll
2012-04-20 20:31 . 2012-04-20 20:31	--------	d-----w-	c:\program files (x86)\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 13:24 . 2011-10-16 09:29	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 13:24 . 2011-10-16 09:29	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 14:15 . 2012-04-13 14:30	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 14:15 . 2011-07-02 17:27	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:15 . 2012-04-13 15:15	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 14:57 . 2012-03-29 15:01	88	----a-w-	c:\users\Public\sdelevURL.tmp
2012-03-08 16:50 . 2012-03-08 16:50	49016	----a-w-	c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37	302448	----a-w-	c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-11 14:42	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 14:42	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 14:42	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 14:42	5120	----a-w-	c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 14:42	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 14:42	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 14:42	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 14:45	2311168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 14:44	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 14:44	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 14:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 14:45	1799168	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 14:44	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 14:44	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 14:45	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-14 16:39	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:39	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:39	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:39	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:01 . 2012-02-15 09:01	52736	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 09:01 . 2012-02-15 09:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21	1299248	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-09 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-09 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:15]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 08:07]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 08:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 195.3.96.67 195.3.96.68
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-14  23:04:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-14 21:04
.
Vor Suchlauf: 6 Verzeichnis(se), 1.391.855.976.448 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.397.041.537.024 Bytes frei
.
- - End Of File - - 01EC6B5F78E62B226CDD898120963B02
--- --- ---
 

Themen zu AKM Virus
admin, akm virus, anderes, anti, benutzerkonto, defogger, disable, erstelle, erstellen, gestartet, konnte, laufe, laufen, malwarebytes, virus, weiteren, welchem


« Verschlüsselungstrojaner TR/Roque.kdv.623395.1 | TR/Crypt.Gypikon.D.1 und Trojan.Agent.H nach Verschlüsselungstrojaner durch E-Mail »


Ähnliche Themen: AKM Virus


  1. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  2. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AKM Virus - Und hier das CF Log: [code] Combofix Logfile: Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-05-14.03 - admin 14.05.2012 19:40:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4095.2442 [GMT 2:00] ausgeführt - AKM Virus...
Archiv
Du betrachtest: AKM Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132