| |
| |||||||
Log-Analyse und Auswertung: Fund JAVA/Dldr.Lamar.GAWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.10.2012, 20:51
| #1 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Fund JAVA/Dldr.Lamar.GA Für die Analyse brauchen wir immer Adminrechte! Ist richtig so! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.10.2012, 02:04
| #2 |
 | Fund JAVA/Dldr.Lamar.GA Hier das CF-Log.
__________________Code:
ATTFilter ComboFix 12-10-13.04 - Joel 14.10.2012 2:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2950 [GMT 2:00]
ausgeführt von:: c:\users\Joel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20101219.txt
c:\cflog\CrashLog_20101227.txt
c:\cflog\CrashLog_20110111.txt
c:\cflog\CrashLog_20110115.txt
c:\cflog\CrashLog_20110128.txt
C:\install.exe
c:\programdata\xml1A35.tmp
c:\programdata\xml376C.tmp
c:\programdata\xml40ED.tmp
c:\programdata\xml5D2C.tmp
c:\programdata\xml5DC9.tmp
c:\programdata\xml986.tmp
c:\programdata\xmlA23.tmp
c:\programdata\xmlCD52.tmp
c:\programdata\xmlCED9.tmp
c:\programdata\xmlD013.tmp
c:\users\Joel\AppData\Local\Temp\{EBD49BF4-6C57-43E5-96A7-F5A7EF49770A}\fpb.tmp
c:\users\Joel\AppData\Roaming\mIRC\logs\status.log
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-14 bis 2012-10-14 ))))))))))))))))))))))))))))))
.
.
2012-10-14 00:59 . 2012-10-14 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 14:34 . 2012-10-14 00:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CD9FB43-C54A-4223-9ABB-0A62AAD71DF4}\offreg.dll
2012-10-13 09:15 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CD9FB43-C54A-4223-9ABB-0A62AAD71DF4}\mpengine.dll
2012-10-11 14:57 . 2012-10-13 21:06 -------- d-----w- c:\users\UpdatusUser
2012-10-11 14:57 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-11 14:57 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-11 14:57 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-11 14:57 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-11 14:57 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-11 14:57 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-11 14:56 . 2012-10-02 22:21 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-11 14:56 . 2012-10-02 22:21 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-11 14:56 . 2012-10-11 14:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-10 04:54 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 04:54 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 04:54 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 04:54 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-07 21:54 . 2012-10-07 21:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-07 21:53 . 2012-10-07 21:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-07 21:53 . 2012-10-07 21:53 -------- d-----w- c:\program files (x86)\Java
2012-10-07 08:31 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-07 08:31 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-07 08:31 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-10-07 08:31 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-10-07 08:31 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-10-07 08:31 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-10-07 08:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-07 08:30 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-07 08:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-07 08:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-10-07 08:30 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-02 14:40 . 2012-10-02 14:40 -------- d-----w- c:\users\Joel\AppData\Local\SIX_Projects
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-25 18:36 . 2012-09-25 18:36 -------- d-----w- c:\users\Joel\AppData\Roaming\Kalydo
2012-09-24 19:45 . 2012-07-29 11:59 96768 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-24 19:45 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-09-24 19:45 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-09-24 19:45 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-09-24 19:45 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-09-24 19:45 . 2012-09-24 19:45 -------- d-----w- c:\program files (x86)\PDFCreator
2012-09-24 19:45 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-09-20 14:07 . 2012-10-02 14:40 -------- d-----w- c:\users\Joel\AppData\Roaming\six-updater
2012-09-20 14:07 . 2012-09-20 14:07 -------- d-----w- c:\users\Joel\AppData\Roaming\six-zsync
2012-09-20 14:00 . 2012-09-20 14:00 -------- d-----w- c:\program files (x86)\SIX Projects
2012-09-20 14:00 . 2012-09-20 14:02 -------- d-----w- c:\users\Joel\AppData\Local\Downloaded Installations
2012-09-20 13:42 . 2012-10-13 14:12 -------- d-----w- c:\users\Joel\AppData\Local\ArmA 2 OA
2012-09-20 12:53 . 2012-09-20 12:53 -------- d-----w- c:\users\Joel\AppData\Local\ArmA 2
2012-09-15 15:10 . 2012-09-15 15:10 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 18:59 . 2012-04-08 10:27 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 18:59 . 2011-05-15 21:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:59 . 2011-02-24 20:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-07 21:53 . 2012-06-23 14:53 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-07 21:53 . 2011-02-27 10:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 15:04 . 2012-05-11 16:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-12 14:47 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:47 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:47 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 04:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-17 19:26 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LogMeIn Hamachi Ui"="e:\hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-12-31 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-30 79360]
R3 dump_wmimmc;dump_wmimmc;e:\pangya\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\sisoftware sandra lite 2010.sp3\RpcAgentSrv.exe [2009-08-10 93848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-30 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R3 X6va003;X6va003;c:\users\Joel\AppData\Local\Temp\0035990.tmp [x]
R3 X6va005;X6va005;c:\users\Joel\AppData\Local\Temp\005202E.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-03-30 1295416]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-03-30 681016]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:59]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 13:29]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 13:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 217.237.151.97
FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-BattlEye - e:\arma 2expansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - e:\arma 2battleye\UnInstallBE.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-Jagged Alliance 2: Unfinished Business - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Joel\AppData\Local\Temp\0035990.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Joel\AppData\Local\Temp\005202E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-537142579-2558697306-3944272275-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4741B570-9318-A734-1275-69DAF294508B}*]
"halhhlbbfinidioa"=hex:6b,61,68,68,67,68,63,6c,6a,6c,67,6d,6e,70,61,67,6c,6a,
65,64,6c,61,00,c0
"gaefalneopofkg"=hex:61,63,6b,68,6e,64,70,6b,67,70,6e,6f,70,6c,67,6d,6c,67,62,
6f,6f,6e,68,6c,6e,6c,68,6c,6c,67,64,62,69,6b,61,6a,61,6f,61,68,6d,62,63,63,\
.
[HKEY_USERS\S-1-5-21-537142579-2558697306-3944272275-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:87,ab,87,fc,b1,1b,6c,49,0c,4c,23,5c,36,bd,8d,68,55,04,f3,23,7b,4b,6e,
b0,fd,f2,c1,7a,ef,8a,46,c4,5d,d5,de,7e,9f,3a,45,a5,2c,1b,99,10,4c,a3,98,ca,\
"??"=hex:be,ac,43,c6,18,85,46,5b,c0,94,3f,36,1c,f9,e7,fc
.
[HKEY_USERS\S-1-5-21-537142579-2558697306-3944272275-1001\Software\SecuROM\License information*]
"datasecu"=hex:90,fc,55,32,2d,db,8e,50,ae,50,0e,27,97,9c,16,e8,17,8d,27,e5,0c,
46,ff,85,14,84,f0,36,b2,71,9c,89,da,c5,05,64,72,e8,3b,3b,ef,82,e2,ed,21,42,\
"rkeysecu"=hex:86,27,37,23,38,dd,ee,ac,d1,ba,a9,cc,c2,34,8f,59
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-14 03:02:16
ComboFix-quarantined-files.txt 2012-10-14 01:02
.
Vor Suchlauf: 13 Verzeichnis(se), 57.217.417.216 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 57.088.352.256 Bytes frei
.
- - End Of File - - 9845C504A794338FB7B067008C7FAC9E
|
|
Hybrid-Darstellung
