"Bundestrojaner"

cosinus · 30.05.2012, 21:32

Zitat:

ich hoffe es ist dadurch kein irreparabler schaden entstanden ...

Ja das hoffen wir mal
Wo ist das Log von CF?

feldba · 01.06.2012, 08:47

Zitat:

Zitat von cosinus

Ja das hoffen wir mal
Wo ist das Log von CF?

Code:

ATTFilter

ComboFix 12-05-22.02 - Hofer 23.05.2012  10:33:03.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7600.0.1252.43.1031.18.3959.3292 [GMT 2:00]
ausgeführt von:: I:\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hofer\AppData\Roaming\Adobe\plugs
c:\users\Hofer\AppData\Roaming\Adobe\plugs\mmc126.exe
c:\users\Hofer\AppData\Roaming\Adobe\plugs\mmc60.exe
c:\users\Hofer\AppData\Roaming\Adobe\shed
c:\users\Hofer\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-23 bis 2012-05-23  ))))))))))))))))))))))))))))))
.
.
2012-05-22 10:50 . 2012-05-22 10:50	--------	d-----w-	c:\users\Hofer\AppData\Roaming\fifa
2012-05-22 10:50 . 2012-05-22 10:50	--------	d-----w-	c:\programdata\Local Settings
2012-05-11 07:13 . 2012-03-03 06:29	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 07:13 . 2012-03-03 06:29	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-11 07:13 . 2012-03-03 06:29	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-11 07:13 . 2012-03-03 05:40	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-11 07:13 . 2012-03-03 05:40	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 07:13 . 2012-03-03 06:29	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-11 07:13 . 2012-03-03 06:29	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-11 07:13 . 2012-03-03 05:40	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-05-11 07:13 . 2012-03-03 05:40	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-11 07:13 . 2012-03-03 05:40	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-05-11 07:12 . 2012-04-02 05:34	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 07:12 . 2012-04-02 03:01	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 07:12 . 2012-04-02 04:46	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 07:12 . 2012-04-02 04:46	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 07:12 . 2012-03-17 07:55	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-11 07:12 . 2012-03-30 11:09	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 07:12 . 2012-04-02 05:26	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 07:12 . 2012-04-02 05:24	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:12 . 2012-04-02 05:24	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 07:12 . 2012-04-02 05:24	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 07:12 . 2012-04-02 04:40	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 08:02 . 2012-03-08 08:02	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-03-08 08:02 . 2012-03-08 08:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-03-08 08:02 . 2012-03-08 08:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-03-08 08:02 . 2012-03-08 08:02	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02	222208	----a-w-	c:\windows\system32\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02	12288	----a-w-	c:\windows\system32\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02	114176	----a-w-	c:\windows\system32\admparse.dll
2012-03-08 08:02 . 2012-03-08 08:02	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02	448512	----a-w-	c:\windows\system32\html.iec
2012-03-08 08:02 . 2012-03-08 08:02	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02	160256	----a-w-	c:\windows\system32\wextract.exe
2012-03-01 06:54 . 2012-04-11 15:42	22896	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-11 15:42	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-11 15:42	80896	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-11 15:42	5120	----a-w-	c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-11 15:42	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-11 15:42	158720	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-11 15:42	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 15:44	2311168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 15:44	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 15:44	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 15:44	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 15:44	1799168	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 15:44	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 15:44	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 15:44	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SignIn"="c:\program files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2009-11-24 1734512]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"63488"="c:\progra~3\LOCALS~1\Temp\msotmoqvc.exe" [2009-07-14 76288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
password-taxi.lnk - c:\program files (x86)\password-taxi\pt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-23 2175328]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 VIP-Registrierung;VIP-Registrierung;c:\vipreg\VIPRServ.exe [2007-06-15 40960]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 428384]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{352CB4CF-D402-46F0-9F5A-F99369D1DAF3}: NameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-23  10:38:48
ComboFix-quarantined-files.txt  2012-05-23 08:38
.
Vor Suchlauf: 13 Verzeichnis(se), 557.879.799.808 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 558.668.029.952 Bytes frei
.
- - End Of File - - 0DB0831166C117682669A4889BBAAD1B

als ich heute zum rechner gekommen bin war plötzlich ein txt file offen - auch von combofix - hab ich aber nicht nochmal ausgeführt bzw. um die uhrzeit war niemand am rechner.

fremdes CF-Log entfernt //cosinus

"Bundestrojaner"

Plagegeister aller Art und deren Bekämpfung: "Bundestrojaner"

"Bundestrojaner"

"Bundestrojaner"

Ähnliche Themen: "Bundestrojaner"