TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..

Siva007 · 13.05.2011, 21:22

Habs gemacht
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-13.01 - Emre 13.05.2011  22:13:37.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2595 [GMT 2:00]
ausgeführt von:: c:\users\Emre\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Emre\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emre\AppData\Local\{FD12C48D-6A36-4FD6-81D0-B786618E19FC}
c:\users\Emre\AppData\Local\Nemex
c:\users\Emre\AppData\Local\Nemex\Mouse_Recorder_Pro.exe_Url_pobdqaozaav3q3vjalplb2pa1hgiq1bm\2.0.7.0\user.config
c:\users\Emre\AppData\Local\Nemex\MRPlay.exe_Url_rlifc2h3fjubeyocxyiufadbx1mbwezu\1.0.0.1\user.config
c:\windows\system32\acovcnt.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-13 bis 2011-05-13  ))))))))))))))))))))))))))))))
.
.
2011-05-13 20:18 . 2011-05-13 20:18	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-05-13 20:18 . 2011-05-13 20:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-13 20:04 . 2011-05-13 20:04	--------	d-----w-	c:\program files (x86)\Nemex
2011-05-13 17:16 . 2011-05-13 17:16	--------	d-----w-	C:\_OTL
2011-05-13 14:53 . 2011-05-13 14:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-05-13 14:53 . 2011-05-13 14:53	472808	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-13 11:36 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FABC73C5-1850-4C7C-AD2B-5B8F7E68BA9B}\mpengine.dll
2011-05-12 20:39 . 2011-05-12 20:39	--------	d-----w-	c:\users\Emre\AppData\Roaming\Mouse Recorder Pro
2011-05-12 18:50 . 2011-03-18 17:56	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-12 16:05 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-05-12 16:05 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2011-05-12 13:33 . 2011-05-12 13:33	--------	d-----w-	c:\users\Emre\AppData\Roaming\Malwarebytes
2011-05-12 13:33 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-12 13:33 . 2011-05-12 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-12 13:33 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-12 13:33 . 2011-05-12 13:46	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-11 11:28 . 2011-04-09 07:02	5562240	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-11 11:28 . 2011-04-09 06:02	3967872	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 11:28 . 2011-04-09 06:02	3912576	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 11:28 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-11 11:28 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-05-11 11:28 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-05-11 11:28 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-05-11 11:28 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-05-11 11:28 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-04-25 17:42 . 2011-04-29 00:14	--------	d-----w-	c:\users\Emre\AppData\Roaming\DivX
2011-04-25 17:41 . 2011-04-29 13:50	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-04-25 17:41 . 2011-04-29 13:50	--------	d-----w-	c:\program files\DivX
2011-04-25 17:41 . 2011-04-29 13:50	--------	d-----w-	c:\program files (x86)\DivX
2011-04-25 17:39 . 2011-04-29 13:50	--------	d-----w-	c:\programdata\DivX
2011-04-19 20:33 . 2011-05-07 15:38	--------	d-----w-	c:\users\Emre\AppData\Roaming\skypePM
2011-04-19 20:33 . 2011-05-07 15:48	--------	d-----w-	c:\programdata\Skype Extras
2011-04-19 20:32 . 2011-05-13 13:36	--------	d-----w-	c:\users\Emre\AppData\Roaming\Skype
2011-04-19 20:32 . 2011-05-13 13:38	--------	d-----r-	c:\program files (x86)\Skype
2011-04-19 20:31 . 2011-05-13 13:38	--------	d-----w-	c:\programdata\Skype
2011-04-17 17:15 . 2011-04-17 17:15	--------	d-----w-	c:\program files (x86)\MSECache
2011-04-15 12:06 . 2011-03-03 06:24	183296	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-15 12:05 . 2011-02-23 04:56	158208	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 12:05 . 2011-02-23 04:55	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 12:05 . 2011-02-23 04:55	128000	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 12:05 . 2011-02-23 04:55	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-15 12:05 . 2011-02-12 11:34	267776	----a-w-	c:\windows\system32\FXSCOVER.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 14:53 . 2011-03-25 22:23	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-04-02 23:00 . 2011-04-02 22:41	43520	----a-w-	c:\windows\SysWow64\CmdLineExt03.dll
2011-03-26 21:26 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-03-26 21:26 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-03-13 15:55 . 2010-06-24 19:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-26 20:33	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 20:33	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 15:15	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:15	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:15	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:15	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:15	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-13_18.55.36   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-18 15:03 . 2011-05-13 18:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 15:03 . 2011-05-13 20:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 15:03 . 2011-05-13 20:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-18 15:03 . 2011-05-13 18:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-31 102400]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 135664]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 00:40]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 00:40]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087054125-833381216-56703888-1001Core.job
- c:\users\Emre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 00:19]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087054125-833381216-56703888-1001UA.job
- c:\users\Emre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 00:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\hq5snwce.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-13  22:19:45
ComboFix-quarantined-files.txt  2011-05-13 20:19
ComboFix2.txt  2011-05-13 19:18
.
Vor Suchlauf: 13 Verzeichnis(se), 36.374.491.136 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 36.317.839.360 Bytes frei
.
- - End Of File - - A5928EEB56C25AF0D2A02DBEF553A5E6

--- --- ---

TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..

Log-Analyse und Auswertung: TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..

TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..

Ähnliche Themen: TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..