| |
| |||||||
Log-Analyse und Auswertung: GVU: Ihr Internet Service Provider blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.04.2013, 16:34
| #11 |
| |  GVU: Ihr Internet Service Provider blockiert AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.202 - Datei am 25/04/2013 um 17:31:53 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Matze - R2D2-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matze\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\R2D2\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Online\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2] : urls_to_restore_on_startup ="session": { "restore_on_startup": 4, [ "hxxp://search.babylon.com/[...]
Gelöscht [l.56] : homepage = "hxxp://search.babylon.com/?affID=110809&tt=bandext_3312_6&babsrc=HP_ss&mntrId=c6db06[...]
-\\ Opera v12.15.1748.0
Datei : C:\Users\R2D2\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Online\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Matze\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7874 octets] - [21/04/2013 18:34:54]
AdwCleaner[S1].txt - [335 octets] - [21/04/2013 18:36:14]
AdwCleaner[S2].txt - [7762 octets] - [21/04/2013 18:37:01]
AdwCleaner[S3].txt - [2265 octets] - [21/04/2013 19:38:12]
AdwCleaner[S4].txt - [2315 octets] - [25/04/2013 17:29:31]
AdwCleaner[S5].txt - [2007 octets] - [25/04/2013 17:31:53]
########## EOF - C:\AdwCleaner[S5].txt - [2067 octets] ##########
so bin wieder im Lande  Combofix Logfile: Code:
ATTFilter ComboFix 13-04-25.01 - Matze 25.04.2013 17:43:26.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2842 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Matze\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\aivbydnh.sys"
"c:\windows\system32\drivers\bojixhjo.sys"
"c:\windows\system32\drivers\fqtnznck.sys"
"c:\windows\system32\drivers\llehujzn.sys"
"c:\windows\system32\drivers\mkfaojnx.sys"
"c:\windows\system32\drivers\okfofsbb.sys"
"c:\windows\system32\drivers\oqeuajrt.sys"
"c:\windows\system32\drivers\ttcbygln.sys"
"c:\windows\system32\drivers\xqubudvm.sys"
"c:\windows\system32\drivers\zghgvttx.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aivbydnh
-------\Service_bojixhjo
-------\Service_fqtnznck
-------\Service_llehujzn
-------\Service_mkfaojnx
-------\Service_okfofsbb
-------\Service_oqeuajrt
-------\Service_ttcbygln
-------\Service_xqubudvm
-------\Service_zghgvttx
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-25 bis 2013-04-25 ))))))))))))))))))))))))))))))
.
.
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\R2D2\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\Online\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\Mcx1-R2D2-PC\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 15:50 . 2013-04-25 15:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-25 15:14 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D22F2ED-0558-4484-AFA4-BCC9D956390B}\mpengine.dll
2013-04-23 18:32 . 2013-04-23 18:30 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E12200-7010-4473-8E45-5CA5E542BA16}\gapaengine.dll
2013-04-23 18:30 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-23 18:25 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-16 19:01 . 2013-04-16 19:01 -------- d-----w- c:\users\Matze\AppData\Roaming\RealNetworks
2013-04-16 15:52 . 2013-04-25 15:52 -------- d-----w- c:\users\Matze\AppData\Local\temp
2013-04-10 08:37 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 08:37 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 08:37 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 08:37 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 08:37 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 08:37 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 08:37 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 20:12 . 2013-03-31 20:12 -------- d-----w- c:\users\Online\AppData\Local\Google
2013-03-31 15:25 . 2013-04-01 20:06 -------- d-----w- c:\users\Matze\AppData\Roaming\Skype
2013-03-31 15:25 . 2013-03-31 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-31 15:25 . 2013-03-31 15:25 -------- d-----r- c:\program files (x86)\Skype
2013-03-31 15:25 . 2013-03-31 15:53 -------- d-----w- c:\programdata\Skype
2013-03-31 15:14 . 2013-03-31 15:14 -------- d-----w- c:\users\Matze\AppData\Local\VS Revo Group
2013-03-31 15:14 . 2013-03-31 15:14 -------- d-----w- c:\programdata\VS Revo Group
2013-03-31 15:14 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-03-31 15:14 . 2013-03-31 15:14 -------- d-----w- c:\program files\VS Revo Group
2013-03-31 12:07 . 2013-03-31 12:07 -------- d-----w- c:\programdata\PDF Architect
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 09:33 . 2010-03-28 08:55 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-03-21 16:47 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 13:07 . 2012-05-13 18:45 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 13:07 . 2011-08-26 15:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 12:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 12:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 12:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:31 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-04 00:27 9422672 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-03-04 00:27 7964680 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-03-04 00:27 7569184 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-03-04 00:27 6267240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-03-04 00:27 2911008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-03-04 00:27 2726176 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-03-04 00:27 26947360 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-10 03:25 . 2013-03-04 00:27 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-10 03:25 . 2013-03-04 00:27 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-03-04 00:27 2350368 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-04 00:27 20534560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-03-04 00:27 1990944 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-04 00:27 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-04 00:27 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2013-03-04 00:27 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2013-03-04 00:27 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2013-03-04 00:27 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-10 03:25 . 2013-03-04 00:27 11040544 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2012-10-10 20:23 2854344 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23 15275744 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2012-10-10 20:22 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-10 01:04 . 2012-11-18 15:01 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-11-18 15:01 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-11-18 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-11-18 15:01 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-11-18 15:01 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2012-11-18 15:01 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-23 295072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Online\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 affhdd.sys;affhdd.sys;c:\windows\system32\affhdd.sys [2008-04-05 6656]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 08:29 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 13:07]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:05]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Unlocker - c:\program files (x86)\Unlocker\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item1]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item2]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item3]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Toolbar]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr_Toolbar]
@Denied: (2) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-25 17:57:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-25 15:56
ComboFix2.txt 2013-04-16 15:52
.
Vor Suchlauf: 21 Verzeichnis(se), 338.992.795.648 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 340.446.769.152 Bytes frei
.
- - End Of File - - 2406A155CB719E2FF267A665924BDE6F
|
| Themen zu GVU: Ihr Internet Service Provider blockiert |
| administrator, adobe, blockiert, browser, browser manager, combofix, defender, downloader, explorer, flash player, helper, internet, internet explorer, internet service provider blockiert, nvidia, problem, programm, realtek, scan, security, software, svchost, system, temp, trojaner, updates, usb, windows |
Baum-Darstellung