win7 trojaner Gefunden Kann nicht löschen

diki · 04.05.2011, 16:51

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-03.08 - *** 04.05.2011  17:31:56.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4063.2716 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe..exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dijana\AppData\Local\Temp\2108.tmp
c:\windows\SysWow64\rnaph.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 15:37 . 2011-05-04 15:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-04 14:28 . 2011-05-04 14:28	--------	d-----w-	C:\_OTL
2011-05-03 06:00 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EABC69C0-3D1F-44AA-9FFC-74769AE7FD37}\mpengine.dll
2011-04-27 19:51 . 2011-04-27 19:51	--------	d-----w-	c:\program files\iPod
2011-04-27 19:51 . 2011-04-27 19:52	--------	d-----w-	c:\program files\iTunes
2011-04-27 19:51 . 2011-04-27 19:52	--------	d-----w-	c:\program files (x86)\iTunes
2011-04-27 19:49 . 2011-04-27 19:49	--------	d-----w-	c:\program files\Bonjour
2011-04-27 18:48 . 2011-04-27 22:22	--------	d-----w-	c:\users\***\desi april
2011-04-27 05:54 . 2011-02-25 06:19	2871808	----a-w-	c:\windows\explorer.exe
2011-04-27 05:54 . 2011-02-25 05:30	2616320	----a-w-	c:\windows\SysWow64\explorer.exe
2011-04-27 05:54 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-27 05:54 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-04-27 05:54 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2011-04-27 05:54 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2011-04-27 05:54 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2011-04-27 05:53 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2011-04-27 05:53 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-04-27 05:53 . 2011-03-11 06:41	1659776	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-04-27 05:53 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-04-27 05:53 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-04-27 05:53 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-04-27 05:53 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-04-27 05:53 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2011-04-27 05:53 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-04-27 05:53 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2011-04-23 19:31 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-04-23 19:31 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-04-23 19:19 . 2011-04-23 19:19	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2011-04-23 19:18 . 2011-04-23 19:18	--------	d-----w-	c:\windows\system32\wbem\en-US
2011-04-23 18:46 . 2011-04-23 18:46	--------	d-----w-	c:\windows\system32\SPReview
2011-04-23 18:45 . 2011-04-23 18:45	--------	d-----w-	c:\windows\system32\EventProviders
2011-04-23 18:42 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2011-04-23 18:42 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-04-23 18:40 . 2010-11-20 13:27	2543616	----a-w-	c:\windows\system32\wpdshext.dll
2011-04-23 18:39 . 2010-11-20 13:33	155008	----a-w-	c:\windows\system32\drivers\mpio.sys
2011-04-23 18:38 . 2010-11-20 12:21	189952	----a-w-	c:\windows\SysWow64\wdscore.dll
2011-04-23 18:38 . 2010-11-20 12:17	209920	----a-w-	c:\windows\SysWow64\PkgMgr.exe
2011-04-23 18:38 . 2010-11-20 12:18	323072	----a-w-	c:\windows\SysWow64\drvstore.dll
2011-04-23 18:38 . 2010-11-20 12:18	257024	----a-w-	c:\windows\SysWow64\dpx.dll
2011-04-23 18:38 . 2010-11-20 12:21	363008	----a-w-	c:\windows\SysWow64\wbemcomn.dll
2011-04-23 18:38 . 2010-11-20 12:19	606208	----a-w-	c:\windows\SysWow64\wbem\fastprox.dll
2011-04-23 18:35 . 2010-11-20 13:27	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2011-04-23 18:35 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2011-04-23 18:35 . 2010-11-20 13:27	1225216	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2011-04-23 18:35 . 2010-11-20 13:27	933376	----a-w-	c:\windows\system32\SmiEngine.dll
2011-04-23 18:35 . 2010-11-20 13:25	199168	----a-w-	c:\windows\system32\PkgMgr.exe
2011-04-23 18:34 . 2010-11-20 13:26	422912	----a-w-	c:\windows\system32\drvstore.dll
2011-04-23 18:34 . 2010-11-20 13:26	399872	----a-w-	c:\windows\system32\dpx.dll
2011-04-18 17:44 . 2011-04-27 19:53	--------	d-----w-	c:\program files (x86)\Safari
2011-04-15 04:49 . 2011-03-03 06:24	183296	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-14 01:39 . 2011-04-14 01:39	103864	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-04-05 15:03 . 2011-04-05 15:04	--------	d-----w-	c:\users\***\DBank
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 18:54 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-04-23 18:54 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-03-04 06:19 . 2011-04-27 05:54	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 05:54	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 06:08	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 06:08	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 06:08	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 06:08	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 06:08	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-23 17:55	3908192	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-11-23 17:55	3908192	----a-w-	c:\program files (x86)\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\tbuTor.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2005-09-03 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"UIExec"="c:\program files (x86)\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Mobile Partner Manager\AssistantServices.exe [2010-01-13 247296]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 07:55]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 07:55]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981794883-686314569-2938007531-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 07:55]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981794883-686314569-2938007531-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 07:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: {D81A06B9-5405-4784-88CB-33525D854158} = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-04  17:40:22
ComboFix-quarantined-files.txt  2011-05-04 15:40
.
Vor Suchlauf: 14 Verzeichnis(se), 367.091.191.808 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 366.732.394.496 Bytes frei
.
- - End Of File - - 43F6B744AD5B60304A4B691257B3D93B

--- --- ---

win7 trojaner Gefunden Kann nicht löschen

Plagegeister aller Art und deren Bekämpfung: win7 trojaner Gefunden Kann nicht löschen

win7 trojaner Gefunden Kann nicht löschen

Ähnliche Themen: win7 trojaner Gefunden Kann nicht löschen